k3s doesn't work with unified cgroups and the docker runtime #111835
Comments
euank
changed the title
|
I've updated the title to be more specific, since my actual errors are coming from using k3s with I see that the unified cgroup PR did disable unified cgroups in the k3s module, so that probably should work before adding in the docker runtime. |
|
Please let me know, if this is related: The full error is very long, I've uploaded it here: https://gist.github.com/pinpox/4058c540a42d47f456c2e87d5ac3f856 |
|
Thanks for looking into this. |
|
Just tried the workaround mentioned above: Setting |
|
We have observed that unified cgroups also breaks Kubernetes-in-Docker for node images prior to 1.19. The observed behavior is that the kubelet fails to start, with the message: Also able to work around with |
|
For k3s, the v1.20.4+k3s1 release includes unified cgroups support. It fixes my use of k3s, though I also had to set a flag in the nixos module ( I've opened up a PR to bump the package (#114215), and I'll make a separate PR to fix the nixos module to pass that arg. It sounds like there's other work to be done for other ways of running kubernetes on nixos too, but I think we should open separate issues for those to avoid conflating too many issues at once. |
Notably, this includes support for unified cgroups in k3s, which is especially convenient given nixos has moved to them. Fixes (at least partly) NixOS#111835
|
This would be the fix: #111590 |
|
see #118801 |
|
This PR should also help: k3s-io/k3s#3242 |
|
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/how-to-setup-kubernetes-k3d-on-nixos/13574/1 |
Setting `cgroup-driver=systemd` was originally necessary to match with docker, else the kubelet would not start (NixOS#111835) However, since then, docker support has been dropped from k3s (NixOS#177790). As such, this option is much less necessary. More importantly, it now seems to be actively causing issues. Due to an upstream k3s bug, it's resulting in the kubelet and containerd having different cgroup drivers, which seems to result in some difficult to debug failure modes. See NixOS#181790 (comment) for a description of this problem. Removing this flag entirely seems reasonable to me, and it results in k3s working again on my machine.
|
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/declarative-rootless-k3s/49839/1 |
Describe the bug
nixpkgs has moved to unified cgroups (woo 🎉) as of recently (#73800).
Unfortunately, k3s fails to start correctly with unified cgroups without k3s-io/k3s#2844, which isn't included in a release yet.
Until that lands in a release and nixpkgs is updated, it can be worked around by setting
systemd.enableUnifiedCgroupHierarchy = false;I intend to work on fixing this; I'll drop any notes along the way in this issue.
The text was updated successfully, but these errors were encountered: