Failed to find subsystem mount for required subsystem: pids

[jt55401]

Expected Behaviour

kubernetes master node starts and kubectl get pods shows Ready status.

Current Behaviour

kubernetes master node starts, and kubectl get pods shows NotReady status

kubectl describe nodes shows this error in the event log: Failed to update Node Allocatable Limits ["kubepods"]: failed to set supported cgroup subsystems for cgroup [kubepods]: Failed to find subsystem mount for required subsystem: pids

Possible Solution

not sure - disable whatever requires this cgroup? is it something new in 1.14? or enable that cgroup in rasberian lite somewhere? (I'm not cgroup expert, so I don't know how to even start)

Steps to Reproduce (for bugs)

(follow the guide in this repo, I get these results at the "Check everything worked:" step of the guide)

Context

Can't schedule pods / nodes not ready.

Your Environment

• Docker version docker version (e.g. Docker 17.0.05 ): Docker version 18.09.0, build 4d60db4

• What version of Kubernetes are you using? kubectl version: Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:53:57Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/arm"} Server Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.0", GitCommit:"641856db18352033a0d96dbc99153fa3b27298e5", GitTreeState:"clean", BuildDate:"2019-03-25T15:45:25Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/arm"}

• Operating System and version (e.g. Linux, Windows, MacOS): 2018-11-13-raspbian-stretch-lite.img 4.14.79-v7+

• What ARM or Raspberry Pi board are you using? Rasberry Pi 3 B+

[shenshouer]

I met the same issue on k8s v1.14.1

[hgontijo]

Based on the error message, it looks to me a side effect of Pid limiting, which includes Pod Pids Limit and Node Pids Limit features introduced on v1.14.0, that requires the pids cgroup.

The pids cgroups is not mounted on Raspbian:

$ cat /proc/cgroups
#subsys_name    hierarchy   num_cgroups enabled
cpuset  8   21  1
cpu 4   86  1
cpuacct 4   86  1
blkio   3   86  1
memory  7   116 1
devices 2   86  1
freezer 6   21  1
net_cls 5   21  1

I tried adding cgroup_enable=pids to /boot/cmdline.txt however it does not mount pids cgroup. In fact, the kernel configuration file shows that this cgroup is not enabled:

$ uname -ar; zgrep "PIDS" /proc/config.gz
Linux kube-master 4.14.79-v7+ #1159 SMP Sun Nov 4 17:50:20 GMT 2018 armv7l GNU/Linux
# CONFIG_CGROUP_PIDS is not set

For now, I see two options:

• Use Kubernetes 1.13.x or lower version, or
• Recompile Raspbian enabling CONFIG_CGROUP_PIDS

@alexellis, any inputs on that?

[bamedro]

Recompiling Raspbian kernel with CONFIG_CGROUP_PIDS enabled fixed this issue for me (I was running k8s v1.14.1)

[balboah]

I hit this problem as well, can confirm downgrading to 1.13.5 is working fine.

[schachfeld]

I have the same Error. Unfortunatly downgrading does not do the trick for me :(

[hgontijo]

PIDs cgroup will be available on the next rpi release: https://github.com/raspberrypi/linux/pull/2968#issuecomment-492552354.

[bamedro]

Thanks hgontijo to push for it :)

[MichaelSchneeberger]

Is there a good guide/tutorial on how to recompiling Raspbian kernel with CONFIG_CGROUP_PIDS enabled?

[MichaelSchneeberger]

Recompiling Raspbian kernel also worked for me. Here is the guide I followed: Kernel building. Add CONFIG_CGROUP_PIDS=y to "arch/arm/configs/bcmrpi_defconfig" (Raspbian source code).

[Mike-Dunton]

should a rpi-update fix this yet? Not sure how to tell when the firmware for rpi-4.19.y will be released.

[Dionysusio]

I met the same issue on k8s v1.14.1

me too, k8s v1.14.2

[staffhorn]

@Mike-Dunton I was able to rpi-update to 4.19.46-v7+ today, and confirm the PIDS fix is in place. kubeadm 1.14.3 installs and inits fine.

[davidcollom]

I was able to get my cluster upgraded to 1.15.0 this afternoon by switching the cgroup-driver to systemd.

This does have the issue: Jun 23 20:06:45 rpi-kube-master-01 kubelet[329]: W0623 20:06:45.625225 329 qos_container_manager_linux.go:139] [ContainerManager] Failed to reserve QoS requests: failed to set supported cgroup subsystems for cgroup [kubepods burstable]: Failed to find subsystem mount for required subsystem: pids however kubelet continues to run.

I don't use any burstable pods on my cluster, but until 4.19.46-v7+ becomes stable it may be a work around.

[DoGab]

I had the same issue. Did a dist-upgrade from stretch to buster and now kubernetes version v1.15.0 works. Buster has kernel version 4.19.50-v7+ and includes the PIDS Cgroup. However there is a warning when running kubelet describe node master that says kubelet is posting ready status. WARNING: CPU hardcapping unsupported. I'm not sure if this bothers kubernetes but since it's running fine i guess not.

Note: After upgrading in place i had to disable swap again.

[davidcollom]

I've managed to upgrade my raspbian to buster, but it wasn't error free, the following issues where hit:

iptables in nf_tables mode - kube-proxy only works in legacy mode https://github.com/kubernetes/kubernetes/issues/71305#issuecomment-479558920

swap would be enabled after each boot: sudo systemctl disable dphys-swapfile followed by a reboot, fixed this.

I noticed a substantial amount of errors being reported from docker reporting that cgroupsfs/net_prio being missing (even though it existed and mounted) - upgrading docker-ce to 18.09.0 resolved these - in addition - I had to install docker from stretch repo as busters is known to be broken: https://github.com/docker/for-linux/issues/709

[DoGab]

@davidcollom Thank you for those hints. Didn't notice that iptables wasn't working correctly but fixed it now with the command from your link.

[alexellis]

Given the issues we are finding with kubeadm on ARMHF, I am thinking about offering an alternate set of instructions to use k3s as per: https://blog.alexellis.io/test-drive-k3s-on-raspberry-pi/

What do you think?

[davidcollom]

I'm not sure how k3s would solve the issue at hand? Most of these are issues with either kube-proxy (iptables) and low level cgroups being available from the kernel, which were related to raspbian releases.

I've been running my kubeadm cluster for a few months now, and the only issues I find are during upgrades (OS and kubernetes).

The cluster in it's self is stable for day to day operations and requires little/no picking up.

That being said, I have wondered about moving over to k3s as my etcd instance no longer fits along side the control plane and I have a dedicated RPi for etcd.

My cluster consists of 3x amd64, 2x pine64(arm64), 2x RPi "masters" and 7x RPi workers/slaves.

[alexellis]

My current recommendation is to use k3s, it uses far fewer resources and works on ARM very well, no timing issues.

https://blog.alexellis.io/test-drive-k3s-on-raspberry-pi/

Please try it and let us know if it resolves those issues.

[codebykyle]

@Mike-Dunton I was able to rpi-update to 4.19.46-v7+ today, and confirm the PIDS fix is in place. kubeadm 1.14.3 installs and inits fine.

$ sudo rpi-update solved this and made the pids cgroup available, thank you.

[alexellis]

Thanks for the comments.

I'm closing / archiving this issue now as it seems to have gone off topic.

My recommendation is that all RPi users try k3s which is GA, compliant and better tested for RPi than kubeadm.

https://blog.alexellis.io/raspberry-pi-homelab-with-k3sup/

[alexellis]

PRs are still welcome for the kubeadm guide, just make sure they are tested and have specifics such as versions of Raspbian used and any other steps you ran.