|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: "Kubernetes 1.34: Autoconfiguration for Node Cgroup Driver Goes GA" |
| 4 | +date: 2025-0X-XX |
| 5 | +draft: true |
| 6 | +slug: cri-cgroup-driver-lookup-now-GA |
| 7 | +author: Peter Hunt (Red Hat), Sergey Kanzhelev (Google) |
| 8 | +--- |
| 9 | + |
| 10 | +Historically, configuring the correct cgroup driver has been a pain point for users running new |
| 11 | +Kubernetes clusters. On Linux systems, there are two different cgroup drivers: |
| 12 | +`cgroupfs` and `systemd`. In the past, both the [kubelet](/docs/reference/command-line-tools-reference/kubelet/) |
| 13 | +and CRI implementation (like CRI-O or containerd) needed to be configured to use |
| 14 | +the same cgroup driver, or else the kubelet would misbehave without any explicit |
| 15 | +error message. This was a source of headaches for many cluster admins. Now, we've |
| 16 | +(almost) arrived at the end of that headache. |
| 17 | + |
| 18 | +## Automated cgroup driver detection |
| 19 | + |
| 20 | +In v1.28.0, the SIG Node community introduced the feature gate |
| 21 | +`KubeletCgroupDriverFromCRI`, which instructs the kubelet to ask the CRI |
| 22 | +implementation which cgroup driver to use. You can read more [here](/blog/2024/08/21/cri-cgroup-driver-lookup-now-beta/). |
| 23 | +After many releases of waiting for each CRI implementation to have major versions released |
| 24 | +and packaged in major operating systems, this feature has gone GA as of Kubernetes 1.34.0. |
| 25 | + |
| 26 | +In addition to setting the feature gate, a cluster admin needs to ensure their |
| 27 | +CRI implementation is new enough: |
| 28 | + |
| 29 | +- containerd: Support was added in v2.0.0 |
| 30 | +- CRI-O: Support was added in v1.28.0 |
| 31 | + |
| 32 | +## Announcement: Kubernetes is deprecating containerd v1.y support |
| 33 | + |
| 34 | +While CRI-O releases versions that match Kubernetes versions, and thus CRI-O |
| 35 | +versions without this behavior are no longer supported, containerd maintains its |
| 36 | +own release cycle. containerd support for this feature is only in v2.0 and |
| 37 | +later, but Kubernetes 1.34 still supports containerd 1.7 and other LTS releases |
| 38 | +of containerd. |
| 39 | + |
| 40 | +The Kubernetes SIG Node community has formally agreed upon a final support |
| 41 | +timeline for containerd v1.y. The last Kubernetes release to offer this support |
| 42 | +will be the last released version of v1.35, and support will be dropped in |
| 43 | +v1.36.0. To assist administrators in managing this future transition, |
| 44 | +a new detection mechanism is available. You are able to monitor |
| 45 | +the `kubelet_cri_losing_support` metric to determine if any nodes in your cluster |
| 46 | +are using a containerd version that will soon be outdated. The presence of |
| 47 | +this metric with a version label of `1.36.0` will indicate that the node's containerd |
| 48 | +runtime is not new enough for the upcoming requirements. Consequently, an |
| 49 | +administrator will need to upgrade containerd to v2.0 or a later version before, |
| 50 | +or at the same time as, upgrading the kubelet to v1.36.0. |
0 commit comments