crio/containerd/kubernetes: enable systemd cgroup driver

[mythi]

Per k8s setup docs it's encouraged to have kubelet/CRIs to use systemd as the cgroupd driver when systemd is used.

/cc @kad @mcastelino @CraigSterrett @dklyle

[ahkok]

Can you do the initial local "touch" testing? Rebuild systemd with the configure changes, make repoadd, then use our tooling to create an image and boot it locally to assure that at least it boots normally?

[mythi]

@ahkok this issue is another cgroups related finding that I noticed but independent from the cgroup-v2 topic.

[mcastelino]

LGTM

[mythi]

containerd is trickier. I believe this is needed

--- vendor/github.com/containerd/cri/pkg/config/config.go.old   2019-09-26 16:02:33.147075178 +0300
+++ vendor/github.com/containerd/cri/pkg/config/config.go       2019-09-26 16:01:24.411290489 +0300
@@ -197,7 +197,7 @@
                },
                SandboxImage:            "k8s.gcr.io/pause:3.1",
                StatsCollectPeriod:      10,
-               SystemdCgroup:           false,
+               SystemdCgroup:           true,
                MaxContainerLogLineSize: 16 * 1024,
                Registry: Registry{
                        Mirrors: map[string]Mirror{

[mythi]

containerd 1.3.0 config.toml needs

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
            SystemdCgroup = true

[mythi]

containerd still defaults to cgroupfs.

[egernst]

AFAIU, containerd should auto-detect in 1.3.0.

@mythi I think Kata has issues with systemd based cgroups. Are there any issues with keeping cgroupfs for the short term while we work through https://github.com/kata-containers/runtime/issues/2182 ?

[mythi]

@egernst kubeadm.yaml and crio.conf in Clear Linux are already set to use systemd (cloud-native-setup defaults to crio). Only containerd ships without config.

I've not realized containerd can auto-detect. In pre 1.3.0, the setting was global and then got deprecated (and broken) in 1.3.0 in favor of runtime options specific setting.