add systemd as cgroup driver

[akhilerm]

The containerd test jobs are now using cos-stable image now; which has cgroupv2 enabled by default. Therefore we need to add systemd as cgroup driver for all the tests which makes use of cos-stable.

Ref : #27912 (comment)

Signed-off-by: Akhil Mohan makhil@vmware.com

[k8s-ci-robot]

Hi @akhilerm. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[akhilerm]

@endocrimes @adisky Can you take a look at this PR. Its related to setting cgroup driver to systemd, for all jobs for which image has been updated to cos-stable.

[SergeyKanzhelev]

add systemd as cgroup driver for all containerd jobs that make use of cos-stable image.

Can you please add more details on the motivation for this change.

[SergeyKanzhelev]

/assign @bobbypage

[bobbypage]

This assumes that all the jobs with preset-e2e-containerd should use systemd cgroup driver, I don't think this is accuarete.

For example the job below ci-containerd-e2e-ubuntu-gce uses the preset preset-e2e-containerd, but it's running on ubuntu-2004-lts which does not enable cgroupv2, so we shouldn't switch to use systemd cgroup driver.

[bobbypage]

We should not need this -- for cluster e2e tests, the GCE node bootstrap scripts already configure --cgroup-driver=systemd on cgroupv2 OS images (see https://github.com/kubernetes/kubernetes/blob/master/cluster/gce/gci/configure-helper.sh#L1630-L1633). So we only need to configure node e2e tests, not cluster e2e tests.

[akhilerm]

Should we have a separate label preset for those jobs then?

Just thinking out loud. . We can have a new preset for tests that use cos image and preset-e2e-containerd will be as is without any changes. Will it impact any other tests? Or that would be a huge change to do.

[bobbypage]

Should we have a separate label preset for those jobs then?

That's one option, we don't have too many cluster e2e tests in config/jobs/kubernetes/sig-node/containerd.yaml, so I think we can just also just update each them or setup a present and annotate with preset, up to you.

The important part is we only update the ones for systemd cgroup driver on the tests which are using cgroupv2 images.

[akhilerm]

Except these 4 jobs, other have either systemd driver set or is using an older cos image

• ci-cos-containerd-node-e2e
• ci-cos-containerd-node-e2e-features
• ci-kubernetes-node-kubelet-lock-contention
• ci-kubernetes-node-kubelet-credential-provider

The above jobs have multiple images (ubuntu and cos stable) specified in the image config. So I am not sure how to update the --cgroup-driver value for these jobs.

[bobbypage]

I think the general rule we can follow is:

• If the job is pointing to an image config file that is using something older than COS M97 (or != cos-stable), then let's keep it as is for now
• Otherwise, for jobs pointing to image config file with cos-stable, let's also update it to ubuntu 22.04 and also update cgroup driver to systemd.

[SergeyKanzhelev]

/ok-to-test

[SergeyKanzhelev]

changing previous release jobs sounds wrong. Let's have a separate copy of image config file for those locked on non cgroupv2 images

[akhilerm]

I made the change to the release jobs since the referring image file had changed.
But it seems like the jobs itself on those branches are not failing after the update to cos-stable. So I think this change wont be needed.

Also a bit confused that, ideally if the image is using cos-stable, and we are not setting cgroup driver to systemd (on both kubelet as well as containerd), it shouldnt be working correctly right?

cc: @bobbypage

[akhilerm]

/cc @bobbypage @SergeyKanzhelev

[bobbypage]

/lgtm

[bobbypage]

Thanks for the updates!

[bobbypage]

/assign @dims

[dims]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: akhilerm, dims

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• config/jobs/kubernetes/sig-node/OWNERS [dims]
• jobs/e2e_node/OWNERS [dims]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@akhilerm: Updated the job-config configmap in namespace default at cluster test-infra-trusted using the following files:

• key containerd.yaml using file config/jobs/kubernetes/sig-node/containerd.yaml
• key sig-node-presubmit.yaml using file config/jobs/kubernetes/sig-node/sig-node-presubmit.yaml

In response to this:

The containerd test jobs are now using cos-stable image now; which has cgroupv2 enabled by default. Therefore we need to add systemd as cgroup driver for all the tests which makes use of cos-stable.

Ref : #27912 (comment)

Signed-off-by: Akhil Mohan makhil@vmware.com

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[liggitt]

it looks like https://testgrid.k8s.io/sig-node-containerd#pull-node-e2e went red right around when these two PRs merged:

• add systemd as cgroup driver #27943
• fix tests in sig-node related to CRIv1 update  #28071