-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minimal kernel version plan: probably 4.18/4.19+ #116799
Comments
/sig node |
A new use case is #117873 (comment) which is scoped sysctl since v4.5. |
/triage accepted |
"KEP-3857: Recursively Read-only (RRO) hostPath mounts"
See https://github.com/kubernetes/enhancements/pull/3858/files#diff-a5e3a174567e889120ab32af5f159c2bcddd459cc36abdf56f3eceb5ad86d6c5R183 for more details. |
|
Some status from the Linux community :
|
Containerd update: containerd/containerd#5890 Support idmapped mounts (kernel 5.12) |
#120895 discusses moving the existing |
/cc |
docker/for-linux#693 (A RSS problem in old kernel with docker. Not sure if it will be with other container runtime)
|
Key kernel versions:
According to key points and Linux LTS status, I would suggest to change the suggested minimal kernel version to 4.19 in Kubernetes v1.30 to follow the EOL date of Linux. Any inputs? |
The RHEL 8 kernel is 4.18 plus backports of way more than what's in 4.19... Presumably the current minimum kernel is 3.10 because that's the nominal version of the RHEL 7 kernel, so having the new minimum version be the nominal version of the RHEL 8 kernel seems like it makes sense... |
Low-level ARM specific problems (example: Instant::now() was 70x slower on ARM before this Pull Request to Rust: rust-lang/rust#88652) |
The cgroup v1 deprecation in 1.30 was discussed in recent sig node meeting.
|
kubernetes/release#3246 is about |
a limitation about this approach is often downstream kernels backport needed features so would technically be compliant. I think it's worth defining features we need and maybe guess which kernels support, but it's more robust to attempt to use the feature and smartly not use it if it's not available |
That can work for features, but bugfixes are often impossible to autodetect without essentially doing an e2e test. When we added |
Summary
checked means
EOF
4.9 LTS, EOF in Jan 2023.(linux, LTS)4.14 LTS EOF in Jan 2024(linux, LTS)What would you like to be added?
Currently, there is a kernel version check-in system validator that is used by kubeadm. (// Requires 3.10+, or newer)
kubernetes/vendor/k8s.io/system-validators/validators/types_unix.go
Line 31 in c9ff286
During the weekly sig-node meeting, there was a discussion about adding a kernel-version-sensitive safe sysctl in kubelet. It was noted that 3.16 is considered to be a very low kernel version and it was suggested that we introduce a minimal kernel version for Kubernetes. Alternatively, we should have a warning for low kernel versions(I think that we should add a warning if the kernel version is less than 3.18 or 4.0).
Linux Kernel version is 5.8 or later
. https://kubernetes.io/docs/concepts/architecture/cgroups/kubernetes/pkg/kubelet/sysctl/safe_sysctls.go
Line 25 in c9ff286
Why is this needed?
Some historical issues related and some CNCF projects like cilium: #30706
kubernetes/pkg/proxy/ipvs/proxier.go
Line 93 in c9ff286
kubernetes/cluster/addons/calico-policy-controller/felixconfigurations-crd.yaml
Lines 320 to 324 in c9ff286
https://github.com/containerd/containerd#runtime-requirements
The text was updated successfully, but these errors were encountered: