From 93050862687b8bad46da4865a7f017d4c3ea7980 Mon Sep 17 00:00:00 2001 From: Peter Hunt Date: Wed, 18 Dec 2024 12:49:59 -0500 Subject: [PATCH] crio: drop crun subcgroup historically crun has run with a subcgroup to allow it to own the cgroup configuration of a container this is more idiomatic with systemd's single owner rule. The problem is the subcgroup means there is an extra cgroup for cadvisor to read metrics for, so moving to crun by default actually increases cpu usage. Dropping the subcgroup (with a new cri-o knob and this annotation) fixes this regression. Signed-off-by: Peter Hunt --- .../master/01-master-container-runtime/_base/files/crio.yaml | 1 + .../worker/01-worker-container-runtime/_base/files/crio.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/templates/master/01-master-container-runtime/_base/files/crio.yaml b/templates/master/01-master-container-runtime/_base/files/crio.yaml index 0bc99e9808..dd38e302d1 100644 --- a/templates/master/01-master-container-runtime/_base/files/crio.yaml +++ b/templates/master/01-master-container-runtime/_base/files/crio.yaml @@ -50,6 +50,7 @@ contents: ] # Based on https://github.com/containers/crun/blob/27d7dd3a0/README.md?plain=1#L48 container_min_memory = "512KiB" + default_annotations = {"run.oci.systemd.subgroup" = ""} [crio.runtime.workloads.openshift-builder] activation_annotation = "io.openshift.builder" diff --git a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml index 59a560e191..b8019ad1dd 100644 --- a/templates/worker/01-worker-container-runtime/_base/files/crio.yaml +++ b/templates/worker/01-worker-container-runtime/_base/files/crio.yaml @@ -50,6 +50,7 @@ contents: ] # Based on https://github.com/containers/crun/blob/27d7dd3a0/README.md?plain=1#L48 container_min_memory = "512KiB" + default_annotations = {"run.oci.systemd.subgroup" = ""} [crio.runtime.workloads.openshift-builder] activation_annotation = "io.openshift.builder"