|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: "Kubernetes 1.31: Moving cgroup v1 Support into Maintenance Mode" |
| 4 | +date: 2024-08-14 |
| 5 | +slug: kubernetes-1-31-moving-cgroup-v1-support-maintenance-mode |
| 6 | +author: Harshal Patil |
| 7 | +--- |
| 8 | + |
| 9 | +As Kubernetes continues to evolve and adapt to the changing landscape of |
| 10 | +container orchestration, the community has decided to move cgroup v1 support |
| 11 | +into [maintenance mode](#what-does-maintenance-mode-mean) in v1.31. |
| 12 | +This shift aligns with the broader industry's move towards cgroup v2, offering |
| 13 | +improved functionalities: including scalability and a more consistent interface. |
| 14 | +Before we dive into the consequences for Kubernetes, let's take a step back to |
| 15 | +understand what cgroups are and their significance in Linux. |
| 16 | + |
| 17 | +## Understanding cgroups |
| 18 | + |
| 19 | +[Control groups](https://man7.org/linux/man-pages/man7/cgroups.7.html), or |
| 20 | +cgroups, are a Linux kernel feature that allows the allocation, prioritization, |
| 21 | +denial, and management of system resources (such as CPU, memory, disk I/O, |
| 22 | +and network bandwidth) among processes. This functionality is crucial for |
| 23 | +maintaining system performance and ensuring that no single process can |
| 24 | +monopolize system resources, which is especially important in multi-tenant |
| 25 | +environments. |
| 26 | + |
| 27 | +There are two versions of cgroups: |
| 28 | +[v1](https://docs.kernel.org/admin-guide/cgroup-v1/index.html) and |
| 29 | +[v2](https://docs.kernel.org/admin-guide/cgroup-v2.html). While cgroup v1 |
| 30 | +provided sufficient capabilities for resource management, it had limitations |
| 31 | +that led to the development of cgroup v2. Cgroup v2 offers a more unified and |
| 32 | +consistent interface, on top of better resource control features. |
| 33 | + |
| 34 | +## Cgroups in Kubernetes |
| 35 | + |
| 36 | +For Linux nodes, Kubernetes relies heavily on cgroups to manage and isolate the |
| 37 | +resources consumed by containers running in pods. Each container in Kubernetes |
| 38 | +is placed in its own cgroup, which allows Kubernetes to enforce resource limits, |
| 39 | +monitor usage, and ensure fair resource distribution among all containers. |
| 40 | + |
| 41 | +### How Kubernetes uses cgroups |
| 42 | + |
| 43 | +**Resource Allocation** |
| 44 | +: Ensures that containers do not exceed their allocated CPU and memory limits. |
| 45 | + |
| 46 | +**Isolation** |
| 47 | +: Isolates containers from each other to prevent resource contention. |
| 48 | + |
| 49 | +**Monitoring** |
| 50 | +: Tracks resource usage for each container to provide insights and metrics. |
| 51 | + |
| 52 | +## Transitioning to Cgroup v2 |
| 53 | + |
| 54 | +The Linux community has been focusing on cgroup v2 for new features and |
| 55 | +improvements. Major Linux distributions and projects like |
| 56 | +[systemd](https://systemd.io/) are |
| 57 | +[transitioning](https://github.com/systemd/systemd/issues/30852) towards cgroup v2. |
| 58 | +Using cgroup v2 provides several benefits over cgroupv1, such as Unified Hierarchy, |
| 59 | +Improved Interface, Better Resource Control, |
| 60 | +[cgroup aware OOM killer](https://github.com/kubernetes/kubernetes/pull/117793), |
| 61 | +[rootless support](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless/README.md#cgroup) etc. |
| 62 | + |
| 63 | +Given these advantages, Kubernetes is also making the move to embrace cgroup |
| 64 | +v2 more fully. However, this transition needs to be handled carefully to avoid |
| 65 | +disrupting existing workloads and to provide a smooth migration path for users. |
| 66 | + |
| 67 | +## Moving cgroup v1 support into maintenance mode |
| 68 | + |
| 69 | +### What does maintenance mode mean? |
| 70 | + |
| 71 | +When cgroup v1 is placed into maintenance mode in Kubernetes, it means that: |
| 72 | + |
| 73 | +1. **Feature Freeze**: No new features will be added to cgroup v1 support. |
| 74 | +2. **Security Fixes**: Critical security fixes will still be provided. |
| 75 | +3. **Best-Effort Bug Fixes**: Major bugs may be fixed if feasible, but some |
| 76 | +issues might remain unresolved. |
| 77 | + |
| 78 | +### Why move to maintenance mode? |
| 79 | + |
| 80 | +The move to maintenance mode is driven by the need to stay in line with the |
| 81 | +broader ecosystem and to encourage the adoption of cgroup v2, which offers |
| 82 | +better performance, security, and usability. By transitioning cgroup v1 to |
| 83 | +maintenance mode, Kubernetes can focus on enhancing support for cgroup v2 |
| 84 | +and ensure it meets the needs of modern workloads. It's important to note |
| 85 | +that maintenance mode does not mean deprecation; cgroup v1 will continue to |
| 86 | +receive critical security fixes and major bug fixes as needed. |
| 87 | + |
| 88 | +## What this means for cluster administrators |
| 89 | + |
| 90 | +Users currently relying on cgroup v1 are highly encouraged to plan for the |
| 91 | +transition to cgroup v2. This transition involves: |
| 92 | + |
| 93 | +1. **Upgrading Systems**: Ensuring that the underlying operating systems and |
| 94 | +container runtimes support cgroup v2. |
| 95 | +2. **Testing Workloads**: Verifying that workloads and applications function |
| 96 | +correctly with cgroup v2. |
| 97 | + |
| 98 | +## Further reading |
| 99 | + |
| 100 | +- [Linux cgroups](https://man7.org/linux/man-pages/man7/cgroups.7.html) |
| 101 | +- [Cgroup v2 in Kubernetes](/docs/concepts/architecture/cgroups/) |
| 102 | +- [Kubernetes 1.25: cgroup v2 graduates to GA](/blog/2022/08/31/cgroupv2-ga-1-25/) |
0 commit comments