fix(bootstrap): support cgroup v1 hosts by disabling kubelet failCgroupV1 check#360
Merged
fix(bootstrap): support cgroup v1 hosts by disabling kubelet failCgroupV1 check#360
Conversation
…upV1 check Kubernetes 1.35 (k3s v1.35.x) rejects cgroup v1 by default via the failCgroupV1 kubelet config option. This breaks gateway startup on distros that still use cgroup v1 (e.g. Rocky Linux 8, CentOS 7/8). Detect cgroup v1 at container startup by checking for the absence of /sys/fs/cgroup/cgroup.controllers and pass --kubelet-arg=fail-cgroupv1=false so kubelet warns instead of exiting.
johntmyers
approved these changes
Mar 16, 2026
pimlock
approved these changes
Mar 16, 2026
pimlock
reviewed
Mar 16, 2026
| # so kubelet warns instead of refusing to start. This flag can be removed once | ||
| # cgroup v1 support is no longer needed. | ||
| EXTRA_KUBELET_ARGS="" | ||
| if [ ! -f /sys/fs/cgroup/cgroup.controllers ]; then |
Collaborator
There was a problem hiding this comment.
FYI in docs this is how they document checking the version:
stat -fc %T /sys/fs/cgroup/
For cgroup v2, the output is cgroup2fs.
For cgroup v1, the output is tmpfs.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix gateway startup failure on Linux hosts that use cgroup v1 (e.g. Rocky Linux 8, CentOS 7/8, Ubuntu 18.04). Kubernetes 1.35 (bundled in k3s v1.35.2) rejects cgroup v1 by default, causing kubelet to exit immediately with
kubelet is configured to not run on a host using cgroup v1.Related Issue
Reported by a user running Rocky Linux 8 with Docker 29.3.0. The prior fix in #329 (commit a458ca6) addressed a different cgroup issue (private cgroupns on Docker Desktop preventing access to cgroup v2 controllers) and did not resolve the cgroup v1 rejection.
Changes
/sys/fs/cgroup/cgroup.controllers(which only exists on cgroup v2 unified hierarchy)--kubelet-arg=fail-cgroupv1=falseto k3s so kubelet logs a deprecation warning instead of refusing to startcgroupns_mode: host, so/sys/fs/cgroupreflects the host's cgroup filesystemTesting
mise run pre-commitpassesChecklist