Error container stats resource only available for cgroup v2

Error container stats resource only available for cgroup v2. Sets limits on input/output access to and from block devices. Top-down Constraint ~~~~~ Resources are distributed top-down and a cgroup can further distribute a resource only if the resource has been distributed to it from the parent. Run podman pod stats POD_ID_HERE. OpenJDK detects whether certain resource quotas are in A detailed and complete Resource Management Guide can be found in the Red Hat Enterprise Linux documentation. Red Hat Customer Portal - Access to 24x7 support and knowledge. 25 brings cgroup v2 to GA (general availability), letting the kubelet use the latest container resource management capabilities. podman container stats [options] [container] DESCRIPTION¶ Display a live stream of one or more containers’ resource usage statistics. Enabling cgroup v2 is often needed for running Rootless Containers with limiting the consumption of the CPU, memory, I/O, and PIDs resources, e. Note: Rootless environments that use CGroups V2 are not able Jun 30, 2023 · At the time Docker used cgroups v1 and, hence, runtime support only includes cgroup v1 controllers. The primary function of the systemd suite is service management and supervision. Cgroup v2 is now enabled by default. Author. Consequently, if your nodes run on a sufficiently recent This is the authoritative documentation on the design, interface and conventions of cgroup v2. usage_in_bytes for cgroup v2) Is there a more direct way using podman or perhaps one of the Go SDKs to get this information? Apr 13, 2023 · This is caused by 12f2f03. cgroup v1 has memory. For example, Docker container runtime with cgroupv2 support You adjust the distribution of CPU resources by modifying these interface files, often in a Chef recipe or in the configuration for another deployment tool. Jun 8, 2021 · Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug. Otherwise fall back to existing cgroups v1 container support. The file system is by default mounted on the /sys/fs/cgroup/ directory. I know I can find the pid of the process running in the container, and then inspect /proc/<pid>/cgroups, but this is cumber some, because I first need to identify the PID on the host for the process running in Oct 31, 2019 · In case you missed Akihiro Suda's post on Medium. Use appropriate cAdvisor version (Attention needed!) Move real-time processes to root cgroup. weight controller file) 24. Engineers at Google started the work on this feature in 2006 under the name "process containers". Mar 8, 2022 · New features and possibilities for Kubernetes with cgroup v2. 04. You can find a list of the currently mounted resource controllers in the /proc/cgroups file. g. org >. With cgroups you can do things like isolate core workloads from Jan 15, 2024 · cgroup v2 overview. issue happens only occasionally): Output of podman version: Sep 8, 2020 · Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug /kind feature Description podman stats not working : Error: unable to obtain cgroup stats: open /sys/fs/cgroup/li A Red Hat training course is available for RHEL 8. Removal of v1 controllers doesn't result in that controllers added in v2 hierarchy. The following keys currently appear in this file: nr_descendants This is the total number of visible (i. go:344: starting container process caused "process_linux. ¶. The first layer is in the guest where the workload is placed, while the second layer is on the host where the VMM and associated threads are Apr 18, 2021 · Other parameters related to lxc. 0 are available, but I'm not sure this will be sufficient to conclude that they are also used. run podman stats --all. Create a cgroup for your process and set the limit Oct 18, 2017 · Cgroups v2 completely changes the interface between userspace and the kernel and, as of today, container runtimes only support cgroups v1, so we will focus on v1 first. , living) descendant cgroups underneath this cgroup. 04 container on a ubuntu 20. The version of Linux Control Groups shipped by default with your Linux Oct 12, 2022 · I had the same problem. Display a live stream of one or more containers' resource usage statistics. slice in /sys/fs/cgroup with mkdir set cpuset. rc92. This problem has led to a chicken and egg situation. Aug 25, 2017 · Stack Overflow Jobs powered by Indeed: A job site that puts thousands of tech jobs at your fingertips (U. That is iff cgroups v2 unified hierarchy is available only, use the cgroups v2 backend. [4019392. Mounting cgroups-v2. only). Reload to refresh your session. IgnoreNotExist all non-existent files will be ignored, e. Or completely disable cgroupv1 in the kernel with: cgroup_no_v1=all. 0. This means that all non-root “cgroup. With much of the work in 5. 04 host with cgroup v1 and systemd in the container using podman 3. json create the group docker. group of processes). If you want to use cgroup v2 you need the unified hierarchy, please try adding systemd. toml - c. Since cgroup v2 is the version that is used in recent Linux distributions, we will focus on v2 in the remainder of our examples. More precisely, the rule is that a (nonroot) cgroup can't both (1) have member processes, and (2) distribute. cgroup v2 offers several improvements over cgroup v1, including a unified hierarchy, safer sub-tree delegation, new features such as Pressure Stall Information, and enhanced resource management and isolation. As a result, you can regulate your applications in CPU consumption. 1. stats, err := control. This is the authoritative documentation on the design, interface and conventions of cgroup v2. Non-default nvidia-container-runtime-hook config file nvidia-container-runtime#47 (comment)) The latter is simpler (no kernel param mods and reboot) but I've found very little discussion of the rationale for choosing one option over the other. However, cgroup v2 has different CPU, memory, and I/O management Sep 16, 2019 · install crun. By default, WSL2 has both cgroup v1 and cgroup v2 hierarchies enabled, with all controllers Sep 1, 2020 · One part of the moving picture of containers is cgroups. Example output (on Ubuntu 20. Describe the results you received: Error: stats is not supported in rootless mode without cgroups v2. Sep 26, 2018 · Some systems will mount cgroup v1 and cgroup v2 by default, just in different locations. " are owned by the parent rather than the cgroup itself. Apr 9, 2024 · Greenplum Database resource groups use Linux Control Groups (cgroups) to manage CPU resources and disk I/O. Describe the results you expected: podman should start streaming stats. unified_cgroup_hierarchy=1 to kernel parameters and reboot, cgroup v2 will be used instead. Jan 20, 2024 · Additionally, when container runtimes are configured with cgroup v2, the Cilium agent pod is deployed in a separate cgroup namespace. stat file Each cgroup in the v2 hierarchy contains a read-only cgroup. Though still don't know why systemd-enabled containers and cgroup v1 cause podman stats to fail. dockerenv. e. 25 [stable] cgroup v2 是 Linux cgroup API 的下一个版本。. When I have a docker container ID or name retrieved by docker ps, how can I quickly get the cgroup associated with that container. Running Docker on cgroup v2. So first install dbus-devel. Dec 15, 2020 · /kind bug Description Nearly/all podman pod stats tests fail when running as a user, on a host using CGroupsV1 & runc-1. 04 LTS): cgroup2 /sys/fs/cgroup/unified cgroup2 rw,nosuid,nodev,noexec,relatime 0 0. There are several ways to examine the cgroups that are used on a Linux host. Memory percentage for cgroup v2: work out if cgroup v2 is used - below should equal cgroup2fs; stat -fc %T /sys/fs/cgroup/ Divide the current memory by the max memory. 25 and beyond have officially graduated cgroup v2 support to Generally Available (GA) status. Podman stats relies on CGroup information for statistics, and CGroup v1 is not supported for rootless use cases. When the system is configured to support only cgroup v2 and cgroup v2 is mounted to the /sys/fs/cgroup directory, iSula uses cgroup v2 for Feb 12, 2017 · Therefore you need to use cgget to find out the memory limit of the given cgroup. Restricting Resources Using cgroup v2 File # Using the lxc. 24, cgroup stands for “control group” and is a means to manage how much computational resources used by a set of processes (i. go:390: setting cgroup config for procHooks process caused \\\"cannot set cpu limit: container could not join or create cgroup\\\"\"": OCI runtime error May 25, 2023 · The kubelet and the underlying container runtime (CRI-O) interface with cgroup to enforce resource management for pods and containers which includes cpu/memory requests and limits for containerized workloads. And now podman stats works just fine. Describe the results you received: Error: pod stats is not supported in rootless mode without cgroups v2. 04 system, you will only see cgroup v2. 更新的功能特性， 例如 Nov 11, 2019 · If you turn on cgroup v2 by default and replace cgroup v1, all of the container tools break. 6. x 内核版本才用的 cgroup v1 版本，可正常使用，无影响。 # 解决. docker run --memory 32m. As a result, Kata Containers run over two layers of cgroups. conf file, lxc writes most configurations to the corresponding files in the cgroup directory of a container to restrict resources. Or watch here for a list of issues with cgroup v1 that cgroup v2 solves. 04+ and the same issue in all of those releases, so it seems to be just a weird divergence in cgroup resource control interfaces between the RPM and Deb distros. Jan 23, 2024 · Linux 5. Ubuntu LTS 22. Same setup works on a fedora host with cgroup v2. slice to, e. controllers 檔案就可以得知，例如下面顯示出有 cpuset, cpu, io …等 Subsystem；而 v1 用來記錄 Process PID 的 tasks 檔案就等同於 v2 Jan 5, 2024 · In container technology, creating an OS environment is essential for the container to function autonomously. container would be created. cgcreate(1) or cgrules. It seems to be due to the fact that cgroups v2 is enabled on my host (it used to work with cgroups v1). g Apr 7, 2023 · Introduction to Cgroups Cgroups, which called control group in Linux to limit system resources for specify process group, is comonly used in many container tech, such as Docker, Kubernetes, iSulad etc. You signed out in another tab or window. API 中单个统一的层次结构设计. Ecosystem gradually moves to cgroup v2. 10. answered Oct 14, 2021 at 19:57. Running podman info --debug gave the following output. Note: Rootless environments that use CGroups V2 are not able to The Linux kernel provides a range of resource controllers that are mounted automatically by the systemd service manager. Nov 18, 2020 · Error: container_linux. current instead of memory. executables), as these can always be reloaded if needed. available in the platform for all the cgroup and a cgroup can further distribute a resource only if the Feb 12, 2021 · that is known as hybrid mode, where both cgroup v1 and cgroup v2 are mounted. 77-rt24) Docker 26. Note: Podman stats does not work in rootless environments that use CGroups V1. cpu. Just wait small minutes in order to generate some network traffic for the container. Saved searches Use saved searches to filter your results more quickly Dec 25, 2021 · run podman stats, you will see the kafka broker container memory USAGE increasing very fast, you'll see it goes to GBs; but if you exec into the contianer, and use top show the real memory usage, it only used 344M maybe. Show all containers. issue happens only occasionally): Output of podman version: This means that the controller interface files - anything which doesn't start with "cgroup. Switching to cgroups v2 Mar 23, 2024 · To determine what cgroups version your system is using run the following command: stat -fc %T /sys/fs/cgroup/. cgroup v2 is an experimental feature and cannot be put into commercial use. May 26, 2020 · Additional information you deem important (e. cgroup mount list - Ubuntu 22. legacy_systemd_cgroup_controller=0. dnf install dbus-devel and then run a clean Slurm build. Introduction. 90. This allows you to take processes from one cgroup and move them to another. cgroup v2 对 cgroup v1 进行了多项改进，例如：. Das schließt CPU/Speicher Anfragen und Limits für containerisierte Arbeitslasten ein. 更安全的子树委派给容器. Decide whether to adopt cgroup v2 or not. Describe the results you expected: See all container. devices are the default devices parameters configured by lcr for the container. Display a live stream of one or more containers’ resource usage statistics. 0-146. There were other problems as well. Internally Docker uses cgroups to limit memory resources, and in its simplest form is exposed as the flags “-m” and “–memory-swap” when bringing up a docker container. Auf Linux beschränken control groups die Ressourcen, die einem Prozess zugeteilt werden. cfs_quota_us. You can manage the control groups ( cgroups) by creating or removing directories and by writing to files in the cgroups virtual file system. Further information. Originally created by Google, and incorporated into the Linux kernel 2. There are two versions of cgroup in the Linux kernel: cgroup v1 and cgroup v2. IgnoreNotExist) Move process across cgroups. Other interface files allow you to query and monitor a cgroup's stats. Note the memory limit in docker needs to be set. To test this you can run a container with a memory limit: docker run --memory 512m --rm -it ubuntu bash. 636520] Killed process 4178127 (apache2) total-vm:143960kB, anon-rss Jan 8, 2024 · Über cgroup v2. stated above. cgget -n --values-only --variable memory. subtree_control file. Cgroups v2 cgroup. slice in daemon. cfs_period_us. Add systemd. [2] In late 2007, the nomenclature changed to "control May 23, 2023 · However, if you run the same command on an Ubuntu 22. usage. cgroups are a Linux kernel capability that establish resource management Resources are distributed top-down and a cgroup can further distribute a resource only if the resource has been distributed to it from the parent. Stat() By adding cgroups. As such systemd ensures that the appropriate services start at the appropriate time and in the correct order during the boot process. Apr 20, 2020 · Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug Description Steps to reproduce the issue: Use podman-compose version 0. You should be able to check whether cgroup2 is available or not with the command: grep -c cgroup2 /proc/filesystems. So, if the cgroup exists and is not empty, and the systemd cgroup driver is used, this almost always means that the systemd unit also exists. S. Search jobs Dec 5, 2021 · 4. 2. Oct 5, 2021 · Error: stats is not supported in rootless mode without cgroups v2. cgroup. Sep 30, 2021 · 透過查看該 cgroup 內的 cgroup. 21. Apr 19, 2022 · OpenJDK's container awareness detection uses Linux's control group (cgroup) filesystem to detect enforced resource quotas. Nov 19, 2017 · Stack Overflow Public questions & answers; Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers; Talent Build your employer brand Dec 1, 2019 · When reducing the cgroup memory. It can help to see where those are with: grep ^cgroup /etc/mtab. Only running containers are shown by default--format=template May 6, 2021 · You signed in with another tab or window. In the article Akihiro talks all things cgroup v2 and what changes it promises to bring to the world of containers, and Podman is at the forefront of that change. Date. E. buildahVersion: 1. Unfortunately, there is an issue. max in cgroup v2. Stat(cgroup1. Enabling cgroup v2 is optional. Products & Services. 3. resources into child cgroups—that is, have a nonempty. 4 or later; runc: v1. Creating cgroups and enabling controllers in cgroups-v2 file system. cgroupControllers: [] cgroupManager: cgroupfs. Cgroups v1. change runtime in libpod. 16+ and OpenJDK 8u372+ are the only long-term support releases that support both cgroups v1 and cgroups v2 configurations. You can use namespaces and cgroups to manage container resources. Das kubelet und die zugrundeliegende Container Runtime müssen mit cgroups interagieren um Ressourcen-Verwaltung für Pods und Container durchzusetzen. When I ran ctr task metric <task-name>, the container runtime returns a rpc error, indicating that the metric collecting method doesn't work on cgroup v2. com, The current adoption status of cgroup v2 in containers, here's a quick link to it. Docker supports cgroup v2 since Docker 20. ctr: failed to create shim task: Could not create the sandbox resource controller cgroups: cgroup mountpoint does not exist: not found. cgroup v2 is the current version of the Linux cgroup API. 5 days ago · Docker is unable to start a container when I have a CGroup slice that is isolated or rooted, meaning not using the default set of CPUs from CGroup tree /. 既然 docker 容器只 Oct 7, 2019 · Work needs to be done to the cgroups lib and containerd metrics interfaces to support cgroups v2 support. No one turns on cgroup v2 because they want the container tools to work, and the container tools never support cgroup v2 because no distributions are using it. Same steps works with cgroups v1 May 15, 1990 · It will run a container and verify that the container is using cgroupsv2 as expected - % docker run -it --rm spurin/wsl-cgroupsv2:latest Success: cgroup type is cgroup2fs If you see tmpfs or another value, please re-check the configuration above. Use systemd cgroup driver. conf to crun. 04 (kernel 6. limit_in_bytes /. 04 LTS uses cgroup V1 by default. 3 kernels this should be reasonable to start supporting as a first class feature and can be a replacement for v1 for some users. 0::/. f. cpuacct. cpus of docker. host: arch: amd64. All future changes must be reflected in this document. Resources are distributed top-down and a cgroup can further distribute a resource only if the resource has been distributed to it from the parent. Note: Rootless environments that use CGroups V2 are not able to report statistics about their networking usage. unified_cgroup_hierarchy=1. There's already implementation for cgroups in our system which bases on: for CPU: cpu. sudo docker run -it -m 8m --memory-swap 8m A controller can only be part of cgroupv1 or cgroupv2. Apr 19, 2021 · The top-rated answer (from the link above) suggests to check for the string docker in /proc/1/cgroup, however here's what I get: # cat /proc/1/cgroup. The user has two methods how to regulate distribution of CPU time allocated to a control group: Setting CPU bandwidth (editing the cpu. Feb 24, 2022 · NVIDIA Container Toolkit doesn't work in rootless mode by default, because cgroup is not supported in rootless mode, disabling its use fixed the issue as mentioned in NVIDIA/nvidia-docker#1155 (comment) However, limiting resources is sup Nov 2, 2020 · The pod has 600M memory limit and it seems it can consume it quite easily even though PHP has 128 MB limit per run. Describe the results you received: 24. max controller file) Setting CPU weight (editing the cpu. 626796] Memory cgroup out of memory: Kill process 4178127 (apache2) score 1137 or sacrifice child. October, 2015. cgroup design is based on a hierarchical organized file-system ( cgroupfs) where each directory represents a bounded cgroup (i. 2, build 569dd73 $ cat /etc/fstab LABEL=cloudimg-rootfs / ext4 defaults 0 1 cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev Cgroups v2 cgroup. swap memory stats without swap enabled. limit_in_bytes the system will discard pages from disk cache and from disk images (e. If 1 is returned the cgroups 2. cgroup2. issue happens only occasionally): I've tried using multiple versions of podman. Oct 14, 2021 · 1. subtree_control” files can only contain controllers which are enabled in the parent’s “cgroup. In your case, it appears you are using cgroupv1 to manage the controllers, but podman detects cgroupv2 since there is a cgroupv2 mount. cgroupVersion: v1. runc recently gained support for v2 as well as crun. Apr 23, 2024 · 特性状态： Kubernetes v1. cgroup v2 提供了一个具有增强资源管理能力的统一控制系统。. JDK-8230305 extended functionality of JDK-8146115 to also detect cgroups v2. I think I know the issue lies in the collect_metric method. Namespace allocates specific areas for network, CPU/RAM, user hostname, etc Feb 11, 2021 · You can tell systemd to use cgroupv2 via kernel cmdline parameter: systemd. subtree_control” file. Note that cgroup is not needed for just limiting resources with traditional ulimit and cpulimit , though they work in process-granularity Aug 31, 2022 · Kubernetes 1. Jul 26, 2022 · For cgroup v2, I managed to calculate the percent usage for memory but I cannot get the CPU percentage correct. Options--all, -a. For commands and configuration files, see relevant man pages, e. Maybe it is related to #9252? Steps to reproduce the issue: DESCRIPTION. Control Group v2. . cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, etc. 7dev) run Nov 9, 2022 · Get Stats on the cgroup stats, err := control. 15 or later (v5. In Kata Containers, workloads run in a virtual machine that is managed by a virtual machine monitor (VMM) running on the host. This is because of the cgroups v2 "no internal processes" rule: The "no internal processes" rule is in fact more subtle than. Running Docker on cgroup v2 also requires the following conditions to be satisfied: containerd: v1. DESCRIPTION ¶. Jan 12, 2021 · Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line) /kind bug Description Rootless podman run with cgroups v2 and custom podman network fails. I can not get stats from a ubuntu 20. conf(5) Tips and tricks Enable cgroup v1. Three things to prepare for infrastructure. I found similar issue #1927and I modified sandbox_cgroup_only=true. As of this writing, OpenJDK 17, OpenJDK 11. Run this within your container: apt-get update. 2 or later is recommended) Note that the cgroup v2 mode behaves slightly different from the cgroup v1 mode: Mar 30, 2023 · $ uname --all Linux XXXXXX-XXXXXXX 5. This file-system starts Feb 7, 2021 · I've found a workaround, Ubuntu Server 20. Tejun Heo < tj @ kernel. Will have a PR to fix it. It might also be needed to explictly disable hybrid cgroupv1 support to avoid problems using: systemd. Describe the results you expected: Pod stats. There are two versions of cgroups: cgroup v1 and cgroup v2. Slurm has support for both cgroup/v1 and v2, but support for v2 is only compiled in if the dbus development files are present. limit_in_bytes but it changes to memory. May 6, 2020 · 2. If you want to know the differences between v1 and v2 read here or watch this talk. What are cgroups? Effective resource management is a critical aspect of Kubernetes. They all live in /sys/fs/cgroup: Evaluate the cgroup v2 impact and new logic for the cgroup API. Description. cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr Jan 18, 2020 · Containers themselves are light, but by default a container has access to all the memory resources of the Docker host. unified_cgroup_hierarchy=1 to the kernel command line. apt-get install cgroup-bin. Additional information you deem important (e. Chapter 26. It works: Jul 7, 2023 · I wonder about your initial question, though: Docker-in-Docker is a fairly unusual setup, and trying to launch containers dynamically comes with many complications around permissions and managing the container lifecycle. iSula can use cgroup v1 and cgroup v2 to restrict resources. 14) that consists of lines containing key-value pairs. Another answer suggests to check for the existence of the file /. I've looked into all the Ubuntu distros 16. What we have discovered is that Kubernetes 1. go:424: container init caused \"process_linux. Jan 14, 2022 · You signed in with another tab or window. # will report 536870912. 1-ubuntu Steps to reproduce Set the property cgroup-parent to docker. Greenplum Database 7 supports both versions, but it only supports the parameter IO_LIMIT for cgroup v2. This was made on purpose, but probably too much breaking as a patch release. Configuring resource management by using cgroups-v2 and systemd. Feb 4, 2024 · Here it means that cgroup v2 is running because the cgroup v2 filesystem is mounted. Cgroups basics. Then I tried running the following command to enable cgroups v2. Controllers available for cgroups-v1: blkio. Knowledgebase. When observing dmesg -w I can regularly see: [4019392. You either need to use cgroup v2, or make sure there is no cgroupv2 mount (use a tmpfs for /sys/fs/cgroup). 1. 6dev (also tested against 0. The cgroup architecture is comprised of two main components: the cgroup core: which contains a pseudo-filesystem cgroupfs, the subsystem controllers: thresholds for system resources, such as Nov 28, 2023 · This means that hitting the memory limit should never occur, as the remaining 20% remains available for non-heap memory allocation and caching. 1-microsoft-standard-WSL2 #1 SMP Fri Jan 27 02:56:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux $ sudo service docker restart * Stopping Docker: docker [ OK ] * Starting Docker: docker [ OK ] $ docker --version Docker version 23. Jul 18, 2022 · The easiest way to get access to cgroup v2 capable system having only a Windows machine is to spawn WSL2 instance hosting Ubuntu 22. 15. You switched accounts on another tab or window. a container). This involves managing the finite resources in your nodes, such as CPU, memory, and storage. That is not supported by Podman (or by crun/runc), and only the cgroup v1 mounted controllers are going to be used. Documentation for v1 is available under Control Groups version 1. The tests were globally skipped in the case of rootless + CGrou Sep 24, 2020 · Steps to reproduce the issue: Install podman. But it doesn't work. [1]) of a collection of processes . disable cgroup support in the nvidia-container-runtime (no-cgroups=true in config. If you have swap enabled, it can also page out anonymous memory. The output should be: cgroup2fs. stat file (first introduced in Linux 4. Be sure to see the canonical cgroup v2 reference documentation for additional details on the CPU controller files. Nov 8, 2023 · Expected result. cgroup v2 is the new generation of the cgroup API. Based upon uses of cgroup API in downstream projects #14190 (comment), the following four functions should be prioritized Jun 16, 2022 · I'm not sure whether the search path of /sys/fs/cgroup is guaranteed to be correct; If cgroup v2 is in use, the file I am looking for might have a different basename (for example, it might be memory. Rootless podman user cannot run containers with cgroups V2 enabled. It describes all userland-visible aspects of cgroup including core and specific controller behaviors. Nov 24, 2022 · cgroup (v1) The problem is that sometimes the script is run inside container, and then we'd like to monitor usage of particular cgroup instead of system-wide statistics. Dec 9, 2019 · Run podman stats as normal user; Describe the results you received: Error: stats is not supported in rootless mode without cgroups v2. x 及以上内核改用了 cgroup v2 版本，而容器镜像环境需要的还是 cgroup v1 版本。 同时由于 cgroup v2 和 v1 不能兼容，因此导致容器启动后，容器内相关服务无法正常启动。 Linux 4. 0-rc91 or later; Kernel: v4. Play a K8s Pod or Deployment YAML file. Cgroups v1 has a per-resource (memory, blkio etc) hierarchy, where each resource hierarchy contains cgroups for that resource. Another difference: cgroup v2 follows a unified hierarchy unlike cgroup v1. Actual result. zb mq gb cf mt pl in ui ur ky