cgroups not working inside LXC containers

J

jbssm

Member
May 14, 2021
18
0
6
40
I am trying to get a kubernetes node to run on a LXC container (tried with Ubuntu and Alpine so far), but I can't get it to work due to a problem with the cgroups.

I am trying with a privileged LXC container, and I already configured lxc to that container at /etc/pve/lxc/200.conf with:
Code: 
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:
lxc.mount.auto: "proc:rw sys:rw"

Yet, I keep getting these errors:

Code: 
WARN[2021-07-21T08:19:04.440391811Z] Failed to find cpuset cgroup, you may need to add "cgroup_enable=cpuset" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi)
ERRO[2021-07-21T08:19:04.440400021Z] Failed to find memory cgroup, you may need to add "cgroup_memory=1 cgroup_enable=memory" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi)
FATA[2021-07-21T08:19:04.440416511Z] failed to find memory cgroup, you may need to add "cgroup_memory=1 cgroup_enable=memory" to your linux cmdline (/boot/cmdline.txt on a Raspberry Pi
 
jbssm said:
I am trying to get a kubernetes node to run on a LXC container (tried with Ubuntu and Alpine so far), but I can't get it to work due to a problem with the cgroups.
Click to expand...
I'd suggest to run kubernetes in a Qemu VM instead of a container - it's much less of a hassle (and I doubt that the performance loss outweighs that)


jbssm said:
Code: 
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:
lxc.mount.auto: "proc:rw sys:rw"
Click to expand...
this removes almost all isolation which a container offers - that's more or less like running kubernetes directly on the host ....

If you like to try with a LXC guest - I'd start by creating an unprivileged container and enable nesting in Options->Features
 
Hi and thank you.

I was trying LXC because it's much easier to config several LXC containers than several VMs (i.e. I can just change the hostname and IP addresses directly on Proxmox interface and deploy a few of them instead of going through the install process of a full VM).

Stoiko Ivanov said:
If you like to try with a LXC guest - I'd start by creating an unprivileged container and enable nesting in Options->Features
Click to expand...

There's is no nesting option for an LXC container. Aren't you talking about a VM here?
 
  • Like
Reactions: jbssm
You must log in or register to reply here.
Top Bottom