Merge pull request #134298 from kannon92/kep-5573-cgroupv1-unsupported

[KEP-5573] Set failCgroupV1 to true

pkg/generated/openapi/zz_generated.openapi.go

@@ -71931,7 +71931,7 @@ func schema_k8sio_kubelet_config_v1beta1_KubeletConfiguration(ref common.Referen
 					},
 					"failCgroupV1": {
 						SchemaProps: spec.SchemaProps{
-							Description: "FailCgroupV1 prevents the kubelet from starting on hosts that use cgroup v1. By default, this is set to 'false', meaning the kubelet is allowed to start on cgroup v1 hosts unless this option is explicitly enabled. Default: false",
+							Description: "FailCgroupV1 prevents the kubelet from starting on hosts that use cgroup v1. By default, this is set to 'true', meaning the kubelet will not start on cgroup v1 hosts unless this option is explicitly disabled. Default: true",
 							Type:        []string{"boolean"},
 							Format:      "",
 						},

pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/after/v1beta1.yaml

@@ -38,7 +38,7 @@ enforceNodeAllocatable:
 eventBurst: 100
 eventRecordQPS: 50
 evictionPressureTransitionPeriod: 5m0s
-failCgroupV1: false
+failCgroupV1: true
 failSwapOn: true
 fileCheckFrequency: 20s
 hairpinMode: promiscuous-bridge

pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/roundtrip/default/v1beta1.yaml

@@ -38,7 +38,7 @@ enforceNodeAllocatable:
 eventBurst: 10
 eventRecordQPS: 5
 evictionPressureTransitionPeriod: 5m0s
-failCgroupV1: false
+failCgroupV1: true
 failSwapOn: true
 fileCheckFrequency: 20s
 hairpinMode: promiscuous-bridge

pkg/kubelet/apis/config/v1beta1/defaults.go

@@ -290,7 +290,7 @@ func SetDefaults_KubeletConfiguration(obj *kubeletconfigv1beta1.KubeletConfigura
 		obj.SeccompDefault = ptr.To(false)
 	}
 	if obj.FailCgroupV1 == nil {
-		obj.FailCgroupV1 = ptr.To(false)
+		obj.FailCgroupV1 = ptr.To(true)
 	}
 	if obj.MemoryThrottlingFactor == nil {
 		obj.MemoryThrottlingFactor = ptr.To(DefaultMemoryThrottlingFactor)

pkg/kubelet/apis/config/v1beta1/defaults_test.go

@@ -126,7 +126,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				EnableProfilingHandler:        ptr.To(true),
 				EnableDebugFlagsHandler:       ptr.To(true),
 				SeccompDefault:                ptr.To(false),
-				FailCgroupV1:                  ptr.To(false),
+				FailCgroupV1:                  ptr.To(true),
 				MemoryThrottlingFactor:        ptr.To(DefaultMemoryThrottlingFactor),
 				RegisterNode:                  ptr.To(true),
 				LocalStorageCapacityIsolation: ptr.To(true),
@@ -261,7 +261,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				EnableProfilingHandler:          ptr.To(false),
 				EnableDebugFlagsHandler:         ptr.To(false),
 				SeccompDefault:                  ptr.To(false),
-				FailCgroupV1:                    ptr.To(false),
+				FailCgroupV1:                    ptr.To(true),
 				MemoryThrottlingFactor:          ptr.To[float64](0),
 				RegisterNode:                    ptr.To(false),
 				LocalStorageCapacityIsolation:   ptr.To(false),
@@ -366,7 +366,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				EnableProfilingHandler:        ptr.To(false),
 				EnableDebugFlagsHandler:       ptr.To(false),
 				SeccompDefault:                ptr.To(false),
-				FailCgroupV1:                  ptr.To(false),
+				FailCgroupV1:                  ptr.To(true),
 				MemoryThrottlingFactor:        ptr.To[float64](0),
 				RegisterNode:                  ptr.To(false),
 				LocalStorageCapacityIsolation: ptr.To(false),
@@ -779,7 +779,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				EnableProfilingHandler:        ptr.To(true),
 				EnableDebugFlagsHandler:       ptr.To(true),
 				SeccompDefault:                ptr.To(false),
-				FailCgroupV1:                  ptr.To(false),
+				FailCgroupV1:                  ptr.To(true),
 				MemoryThrottlingFactor:        ptr.To(DefaultMemoryThrottlingFactor),
 				RegisterNode:                  ptr.To(true),
 				LocalStorageCapacityIsolation: ptr.To(true),
@@ -875,7 +875,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				EnableProfilingHandler:        ptr.To(true),
 				EnableDebugFlagsHandler:       ptr.To(true),
 				SeccompDefault:                ptr.To(false),
-				FailCgroupV1:                  ptr.To(false),
+				FailCgroupV1:                  ptr.To(true),
 				MemoryThrottlingFactor:        ptr.To(DefaultMemoryThrottlingFactor),
 				RegisterNode:                  ptr.To(true),
 				LocalStorageCapacityIsolation: ptr.To(true),
@@ -971,7 +971,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				EnableProfilingHandler:        ptr.To(true),
 				EnableDebugFlagsHandler:       ptr.To(true),
 				SeccompDefault:                ptr.To(false),
-				FailCgroupV1:                  ptr.To(false),
+				FailCgroupV1:                  ptr.To(true),
 				MemoryThrottlingFactor:        ptr.To(DefaultMemoryThrottlingFactor),
 				RegisterNode:                  ptr.To(true),
 				LocalStorageCapacityIsolation: ptr.To(true),
@@ -1067,7 +1067,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				EnableProfilingHandler:        ptr.To(true),
 				EnableDebugFlagsHandler:       ptr.To(true),
 				SeccompDefault:                ptr.To(false),
-				FailCgroupV1:                  ptr.To(false),
+				FailCgroupV1:                  ptr.To(true),
 				MemoryThrottlingFactor:        ptr.To(DefaultMemoryThrottlingFactor),
 				RegisterNode:                  ptr.To(true),
 				LocalStorageCapacityIsolation: ptr.To(true),

pkg/kubelet/apis/config/validation/validation_linux.go

@@ -34,7 +34,7 @@ const userNsUnitLength = 65536
 func validateKubeletOSConfiguration(kc *kubeletconfig.KubeletConfiguration) error {
 	isCgroup1 := !libcontainercgroups.IsCgroup2UnifiedMode()
 	if kc.FailCgroupV1 && isCgroup1 {
-		return fmt.Errorf("kubelet is configured to not run on a host using cgroup v1. cgroup v1 support is in maintenance mode")
+		return fmt.Errorf("kubelet is configured to not run on a host using cgroup v1. cgroup v1 support is unsupported and will be removed in a future release")
 	}
 
 	if isCgroup1 && kc.SingleProcessOOMKill != nil && !ptr.Deref(kc.SingleProcessOOMKill, true) {

pkg/kubelet/cm/container_manager.go

@@ -49,7 +49,7 @@ import (
 
 const (
 	// Warning message for the users still using cgroup v1
-	CgroupV1MaintenanceModeWarning = "cgroup v1 support is in maintenance mode, please migrate to cgroup v2"
+	CgroupV1DeprecatedWarning = "cgroup v1 detected. cgroup v1 support is deprecated and will be removed in a future release. Please migrate to cgroup v2. More information at https://git.k8s.io/enhancements/keps/sig-node/5573-remove-cgroup-v1"
 
 	// Warning message for the users using cgroup v2 on kernel doesn't support root `cpu.stat`.
 	// `cpu.stat` was added to root cgroup in kernel 5.8.

pkg/kubelet/kubelet_linux.go

@@ -36,8 +36,8 @@ func (kl *Kubelet) cgroupVersionCheck() error {
 	metrics.CgroupVersion.Set(float64(cgroupVersion))
 	switch cgroupVersion {
 	case 1:
-		kl.recorder.Eventf(kl.nodeRef, v1.EventTypeWarning, events.CgroupV1, cm.CgroupV1MaintenanceModeWarning)
-		return errors.New(cm.CgroupV1MaintenanceModeWarning)
+		kl.recorder.Eventf(kl.nodeRef, v1.EventTypeWarning, events.CgroupV1, cm.CgroupV1DeprecatedWarning)
+		return errors.New(cm.CgroupV1DeprecatedWarning)
 	case 2:
 		cpustat := filepath.Join(util.CgroupRoot, "cpu.stat")
 		if _, err := os.Stat(cpustat); os.IsNotExist(err) {

staging/src/k8s.io/kubelet/config/v1beta1/types.go

@@ -915,10 +915,10 @@ type KubeletConfiguration struct {
 	ImageServiceEndpoint string `json:"imageServiceEndpoint,omitempty"`
 
 	// FailCgroupV1 prevents the kubelet from starting on hosts
-	// that use cgroup v1. By default, this is set to 'false', meaning
-	// the kubelet is allowed to start on cgroup v1 hosts unless this
-	// option is explicitly enabled.
-	// Default: false
+	// that use cgroup v1. By default, this is set to 'true', meaning
+	// the kubelet will not start on cgroup v1 hosts unless this
+	// option is explicitly disabled.
+	// Default: true
 	// +optional
 	FailCgroupV1 *bool `json:"failCgroupV1,omitempty"`