-
Notifications
You must be signed in to change notification settings - Fork 14.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Blog post about cgroup v1 support moving to maintenance mode / KEP-4569
Signed-off-by: Harshal Patil <harpatil@redhat.com>
- Loading branch information
Showing
1 changed file
with
95 additions
and
0 deletions.
There are no files selected for viewing
95 changes: 95 additions & 0 deletions
95
.../_posts/2024-08-15-moving-cgroup-v1-support-maintenance-mode-kubernetes-1-31.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| --- | ||
| layout: blog | ||
| title: "Moving cgroup v1 Support into Maintenance Mode in Kubernetes 1.31" | ||
| date: 2024-08-15 | ||
| slug: moving-cgroup-v1-support-maintenance-mode-kubernetes-1-31 | ||
| author: Harshal Patil | ||
| --- | ||
|
|
||
| As Kubernetes continues to evolve and adapt to the changing landscape of | ||
| container orchestration, the community has decided to move cgroup v1 support | ||
| into maintenance mode in v1.31. This shift aligns with the broader industry's | ||
| move towards cgroup v2, offering improved functionality, scalability, and | ||
| a more consistent interface. But before we delve into what this means for | ||
| Kubernetes, let's take a step back and understand what cgroups are and their | ||
| significance in Linux and Kubernetes. | ||
|
|
||
| ## Understanding cgroups | ||
|
|
||
| [Control groups](https://man7.org/linux/man-pages/man7/cgroups.7.html), or | ||
| cgroups, are a Linux kernel feature that allows the allocation, prioritization, | ||
| denial, and management of system resources (such as CPU, memory, disk I/O, | ||
| and network bandwidth) among processes. This functionality is crucial for | ||
| maintaining system performance and ensuring that no single process can | ||
| monopolize system resources, which is especially important in multi-tenant | ||
| environments. | ||
|
|
||
| There are two versions of cgroups: | ||
| [v1](https://docs.kernel.org/admin-guide/cgroup-v1/index.html) and | ||
| [v2](https://docs.kernel.org/admin-guide/cgroup-v2.html). While cgroup v1 | ||
| provided sufficient capabilities for resource management, it had limitations | ||
| that led to the development of cgroup v2. Cgroup v2 offers a more unified | ||
| and consistent interface and better resource control features. | ||
|
|
||
| ## Cgroups in Kubernetes Kubernetes, a leading container orchestration | ||
|
|
||
| platform, relies heavily on cgroups to manage and isolate the resources | ||
| consumed by containers running in pods. Each container in Kubernetes is | ||
| placed in its own cgroup, which allows Kubernetes to enforce resource limits, | ||
| monitor usage, and ensure fair resource distribution among all containers. | ||
|
|
||
| ### How Kubernetes Uses cgroups: | ||
|
|
||
| * **Resource Allocation**: Ensures that containers do not exceed their | ||
| allocated CPU and memory limits. | ||
| * **Isolation**: Isolates containers from each other to prevent resource | ||
| contention. | ||
| * **Monitoring**: Tracks resource usage for each container to provide | ||
| insights and metrics. | ||
|
|
||
| ## Transitioning to Cgroup v2 | ||
|
|
||
| The Linux community has been focusing on cgroup v2 for new features and | ||
| improvements. Major Linux distributions and projects like systemd are | ||
| transitioning towards cgroup v2, which provides several benefits over cgroup | ||
| v1, such as Unified Hierarchy, Improved Interface, Better Resource Control etc. | ||
|
|
||
| Given these advantages, Kubernetes is also making the move to embrace cgroup | ||
| v2 more fully. However, this transition needs to be handled carefully to avoid | ||
| disrupting existing workloads and to provide a smooth migration path for users. | ||
|
|
||
| ## Moving cgroup v1 Support into Maintenance Mode | ||
|
|
||
| ### What Does Maintenance Mode Mean? | ||
|
|
||
| When cgroup v1 is placed into maintenance mode in Kubernetes, it means that: | ||
|
|
||
| 1. **Feature Freeze**: No new features will be added to cgroup v1 support. | ||
| 2. **Security Fixes**: Critical security fixes will still be provided. | ||
| 3. **Best-Effort Bug Fixes**: Major bugs may be fixed if feasible, but some | ||
| issues might remain unresolved. | ||
|
|
||
| ### Why Move to Maintenance Mode? | ||
|
|
||
| The move to maintenance mode is driven by the need to stay in line with the | ||
| broader ecosystem and to encourage the adoption of cgroup v2, which offers | ||
| better performance, security, and usability. By transitioning cgroup v1 to | ||
| maintenance mode, Kubernetes can focus on enhancing support for cgroup v2 | ||
| and ensure it meets the needs of modern workloads. It's important to note | ||
| that maintenance mode does not mean deprecation; cgroup v1 will continue to | ||
| receive critical security fixes and major bug fixes as needed. | ||
|
|
||
| ## Impact on Users | ||
|
|
||
| Users currently relying on cgroup v1 are highly encouraged to plan for the | ||
| transition to cgroup v2. This transition involves: | ||
|
|
||
| 1. **Upgrading Systems**: Ensuring that the underlying operating systems and | ||
| container runtimes support cgroup v2. | ||
| 2. **Testing Workloads**: Verifying that workloads and applications function | ||
| correctly with cgroup v2. | ||
|
|
||
| ## Further reading | ||
|
|
||
| - [Cgroup v2 in | ||
| Kubernetes](https://kubernetes.io/docs/concepts/architecture/cgroups/) |