Delegate cgroup exists to systemd and libcontainer

When systemd cgroup driver is used, systemd is responsible for ensuring the correct controllers are propagated. If we try to propagate a controller controlled by systemd, it can remove it for us, creating a mess.
kubernetes · May 24, 2021 · d4c3d55 · d4c3d55
1 parent c5bd36e
commit d4c3d55
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/pkg/kubelet/cm/cgroup_manager_linux.go b/pkg/kubelet/cm/cgroup_manager_linux.go
@@ -257,6 +257,13 @@ func (m *cgroupManagerImpl) Exists(name CgroupName) bool {
 		if err != nil {
 			return false
 		}
+
+		// In case of systemd, it is responsible for ensuring the correct
+		// controllers are enabled.
+		if m.adapter.cgroupManagerType == libcontainerSystemd {
+			return true
+		}
+
 		difference := neededControllers.Difference(enabledControllers)
 		if difference.Len() > 0 {
 			klog.V(4).InfoS("The cgroup has some missing controllers", "cgroupName", name, "controllers", difference)
@@ -268,6 +275,13 @@ func (m *cgroupManagerImpl) Exists(name CgroupName) bool {
 	// Get map of all cgroup paths on the system for the particular cgroup
 	cgroupPaths := m.buildCgroupPaths(name)
 
+	// In case of systemd, it is responsible for ensuring the correct
+	// controllers are enabled. Only verify that directory on systemd
+	// mount exists
+	if m.adapter.cgroupManagerType == libcontainerSystemd {
+		return libcontainercgroups.PathExists(cgroupPaths["systemd"])
+	}
+
 	// the presence of alternative control groups not known to runc confuses
 	// the kubelet existence checks.
 	// ideally, we would have a mechanism in runc to support Exists() logic