Trevor
Starfighter Starfighter
Starfighter
  • 1,356 Views

cgroups version

Got a question for the container technology champions out there.
Which cgroups version (v1 or v2) does OpenShift rely on?  Same
question for Docker?

 

Trevor "Red Hat Evangelist" Chandler
Labels (3)
0 Kudos
3 Replies
Travis
Moderator
Moderator
  • 1,347 Views

@Trevor -

You also need to expand the question to Podman then too. However, the question is missing some more critical details. The larger thing you need to know is version of OS and the Docker/Podman/OCP version. 

Keep in mind, the older OSes and implementations of Docker/Podman/OCP all used the older CGroupv1 standard. Additionally, some systems might have been configured to revert back to CGroupv1 or never had v2 configured.

https://access.redhat.com/solutions/5913671 

https://rootlesscontaine.rs/getting-started/common/cgroup2/

In terms of OpenShift, it is Red Hat's distribution that builds on top of Kubernetes ... so it might be good to know when Kubernetes first started introducing CGroupV2.

https://kubernetes.io/docs/concepts/architecture/cgroups/

So some of the requirements will tell you whether things are using CGroupV2 as if the OS and worker nodes don't meet the minimum requirements, you already know it is CGROUPv1.

 

 

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
Trevor
Starfighter Starfighter
Starfighter
  • 1,338 Views

Travis -

My excuse (not reason ) for not mentoning podman in my query
was influenced by Podman's design being based on Docker, and
therefore I would make the assumption (oh brother, now I'm asking
for trouble) that the cgroup version for Docker would apply to Podman.
I'm sure glad I didn't have to give this response while sitting in the
witness stand box.  My body language would have been sending all
kinds of mixed signals

Now what I absolutely should receive detention for is failure to
mention an OS version.  I know I wanted to be very brief with my
wording, but leaving out that all important piece of information is
like asking what type of spark plug to get for a Ford Mustang.  Well,
is the year 1968 or 2008?   Yep, after I finish composing this post, I will
position myself in a corner, head held down in shame, for 15 minutes!!!

Thanks for pointing me to that additioinal information.  I didn't know
that I was going to rope you into the containerization side of the
ball.  You're that athlete (won't mention any name here) who plays
not only offense and defense in a sport, but plays multiple sports
on top of that!!!

Multiple lessons learned here, one of which is not to take any
shortcuts in phrasing my query, and another is make no assumptions. 
Really, I already knew better, that's why the self-imposed detention. 
Okay, off to a corner now to begin serving the 15 minute penalty

Thanks Travis!

 

 

 

Trevor "Red Hat Evangelist" Chandler
Travis
Moderator
Moderator
  • 1,317 Views

@Trevor -

The penalty is now over ...

So to provide more specific answers and now that I've rested some ...

OCP 4.13 is when OpenShift first started with CGroupV2. Links provided below on how to enable.

https://cloud.redhat.com/blog/cgroups-v2-goes-ga-in-openshift-4.13

https://docs.openshift.com/container-platform/4.12/installing/install_config/enabling-cgroup-v2.html

As for Podman vs. Docker ... one thing to keep in mind, Podman is completely separate and works totally different than Docker. Things that apply to Docker do not translate or apply to Podman. Podman became the default for container management with RHEL8 as Podman is daemonless meaning you don't need a daemon running on the system for the container to be launched like you do with Docker. Also, Podman was developed to manage "pods" which is the lowest manageable unit in Kubernetes/OpenShift (pod is one or more containers). Podman also was first able to do the "rootless" containers as you didn't need to have the Docker daemon for Podman.

The closer comparison is Kubernetes to OpenShift ... remember if you think of Kubernetes like the Linux Kernel, then OpenShift would be the Red Hat distribution of Kubernetes. So bottom line, Red Hat OpenShift Container Platform (OCP) is built on top of Kubernetes and extends Kubernetes. So that means, Kubernetes would most likely first bring in the CGroupV2 before it works its way into the supported RHOCP distribution. In the links above, we see that OCP v4.13 is when CGroupV2 got introduced. Lots of other changes with securities and security policies are also happening with OCP. I don't track that as closely as Ansible, Satellite, and RHV as OCP is #4 on what I focus on and teach, but I'm tracking it a little more now that I bought a new server and am running OCP 4.13 with OpenShift Virtualization at home.

I almost never track Docker, but I do use Docker Desktop on a teaching Macbook and Surface Tablet, so Docker Engine 20.10, adding support for cgroups v2 with improvements in the command line interface (CLI) and support for dual logging. This is the first major release after Docker Engine 19.03, released on 22nd July, 2019..

https://www.infoq.com/news/2021/01/docker-engine-cgroups-logging/

https://docs.docker.com/config/containers/runmetrics/

$ docker info
Client:
Version: 24.0.2
Context: desktop-linux

travis @ Traviss-MacBook-Pro-16in-4: ~ $ docker info | grep 'Cgroup Version' Cgroup Version: 2

So as you can see, if you are using Docker Desktop and you have continued to upgrade DockerDesktop, you end up with the latest release which leverages the CGroupV2. You can also check this on a Linux system that is running Docker, however, everything I have is RHEL-based or Fedora so I use Podman.

 

[student@workstation ~]$ podman --version
podman version 4.0.2

[student@workstation ~]$ podman info | grep -i cgroup
  cgroupControllers:
  cgroupManager: systemd
  cgroupVersion: v2

[student@workstation ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)

I had looked for a nice supported table for you, but I didn't find anything and I'm too lazy to make one. However, with this post, it should let you know the difference in CGroups and answer your question completely. Because if you can know the Docker/Podman version, you now can 100% know for certain which CGroup version is used as you can type the command. I also provided some general guidance from the documents and a few "articles" where updates and release notes announced when something became supported and introduced.

A neat little read from 2019 ...

https://medium.com/nttlabs/cgroup-v2-596d035be4d7

 

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
0 Kudos
Join the discussion
You must log in to join this conversation.