kubelet failed to find mountpoint for CPU

Question

I'm using kubeadm 1.15.3, docker-ce 18.09 on Debian 10 buster 5.2.9-2, and seeing errors in journalctl -xe | grep kubelet:

server.go:273] failed to run Kubelet: mountpoint for cpu not found

My /sys/fs/cgroup contains:

-r--r--r--  1 root root 0 Sep  2 18:49 cgroup.controllers
-rw-r--r--  1 root root 0 Sep  2 18:50 cgroup.max.depth
-rw-r--r--  1 root root 0 Sep  2 18:50 cgroup.max.descendants
-rw-r--r--  1 root root 0 Sep  2 18:49 cgroup.procs
-r--r--r--  1 root root 0 Sep  2 18:50 cgroup.stat
-rw-r--r--  1 root root 0 Sep  2 18:49 cgroup.subtree_control
-rw-r--r--  1 root root 0 Sep  2 18:50 cgroup.threads
-rw-r--r--  1 root root 0 Sep  2 18:50 cpu.pressure
-r--r--r--  1 root root 0 Sep  2 18:50 cpuset.cpus.effective
-r--r--r--  1 root root 0 Sep  2 18:50 cpuset.mems.effective
drwxr-xr-x  2 root root 0 Sep  2 18:49 init.scope
-rw-r--r--  1 root root 0 Sep  2 18:50 io.pressure
-rw-r--r--  1 root root 0 Sep  2 18:50 memory.pressure
drwxr-xr-x 20 root root 0 Sep  2 18:49 system.slice
drwxr-xr-x  2 root root 0 Sep  2 18:49 user.slice

docker.service is running okay and has /etc/docker/daemon.json:

{
  "exec-opts": [
    "native.cgroupdriver=systemd"
  ],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "storage-driver": "overlay2"
}

The kubeadm docs say if using docker the cgroup driver will be autodetected, but I tried supplying it anyway for good measure - no change.

With mount or cgroupfs-mount:

$ mount -t cgroup -o all cgroup /sys/fs/cgroup
mount: /sys/fs/cgroup: cgroup already mounted on /sys/fs/cgroup/cpuset.
$ cgroupfs-mount
mount: /sys/fs/cgroup/cpu: cgroup already mounted on /sys/fs/cgroup/cpuset.
mount: /sys/fs/cgroup/blkio: cgroup already mounted on /sys/fs/cgroup/cpuset.
mount: /sys/fs/cgroup/memory: cgroup already mounted on /sys/fs/cgroup/cpuset.
mount: /sys/fs/cgroup/pids: cgroup already mounted on /sys/fs/cgroup/cpuset.

Is the problem that it's at cpuset rather than cpu? I tried to create a symlink, but root does not have write permission for /sys/fs/cgroup. (Presumably I can change it, but I took that as enough warning not to meddle.)

How can let kubelet find my CPU cgroup mount?

Answer 1

I would say that something very weird with your docker-ce installation and not kubelet. You are looking into the right direction showing mapping problem.

I have tried 3 different docker versions on both GCP and AWS environments instances. What I have noticed comparing our results - you have wrong folder structure under /sys/fs/cgroup. Pay attention that I have much more permissions in /sys/fs/cgroup comparing to your output. This is how my results looks like:

root@instance-3:~# docker version
Client: Docker Engine - Community
 Version:           19.03.1
 API version:       1.39 (downgraded from 1.40)
 Go version:        go1.12.5
 Git commit:        74b1e89
 Built:             Thu Jul 25 21:21:24 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       4c52b90
  Built:            Wed Jan  9 19:02:44 2019
  OS/Arch:          linux/amd64
  Experimental:     false


root@instance-3:~# ls -la /sys/fs/cgroup
total 0
drwxr-xr-x 14 root root 360 Sep  3 11:30 .
drwxr-xr-x  6 root root   0 Sep  3 11:30 ..
dr-xr-xr-x  5 root root   0 Sep  3 11:30 blkio
lrwxrwxrwx  1 root root  11 Sep  3 11:30 cpu -> cpu,cpuacct
dr-xr-xr-x  5 root root   0 Sep  3 11:30 cpu,cpuacct
lrwxrwxrwx  1 root root  11 Sep  3 11:30 cpuacct -> cpu,cpuacct
dr-xr-xr-x  2 root root   0 Sep  3 11:30 cpuset
dr-xr-xr-x  5 root root   0 Sep  3 11:30 devices
dr-xr-xr-x  2 root root   0 Sep  3 11:30 freezer
dr-xr-xr-x  5 root root   0 Sep  3 11:30 memory
lrwxrwxrwx  1 root root  16 Sep  3 11:30 net_cls -> net_cls,net_prio
dr-xr-xr-x  2 root root   0 Sep  3 11:30 net_cls,net_prio
lrwxrwxrwx  1 root root  16 Sep  3 11:30 net_prio -> net_cls,net_prio
dr-xr-xr-x  2 root root   0 Sep  3 11:30 perf_event
dr-xr-xr-x  5 root root   0 Sep  3 11:30 pids
dr-xr-xr-x  2 root root   0 Sep  3 11:30 rdma
dr-xr-xr-x  5 root root   0 Sep  3 11:30 systemd
dr-xr-xr-x  5 root root   0 Sep  3 11:30 unified



root@instance-3:~# ls -la /sys/fs/cgroup/unified/
total 0
dr-xr-xr-x  5 root root   0 Sep  3 11:37 .
drwxr-xr-x 14 root root 360 Sep  3 11:30 ..
-r--r--r--  1 root root   0 Sep  3 11:42 cgroup.controllers
-rw-r--r--  1 root root   0 Sep  3 11:42 cgroup.max.depth
-rw-r--r--  1 root root   0 Sep  3 11:42 cgroup.max.descendants
-rw-r--r--  1 root root   0 Sep  3 11:30 cgroup.procs
-r--r--r--  1 root root   0 Sep  3 11:42 cgroup.stat
-rw-r--r--  1 root root   0 Sep  3 11:42 cgroup.subtree_control
-rw-r--r--  1 root root   0 Sep  3 11:42 cgroup.threads
drwxr-xr-x  2 root root   0 Sep  3 11:30 init.scope
drwxr-xr-x 52 root root   0 Sep  3 11:30 system.slice
drwxr-xr-x  3 root root   0 Sep  3 11:30 user.slice

Encourage you completely reinstall docker from scratch(or recreate instance and install docker again). That should help. Let me share with you my docker-ce installation steps:

$ sudo apt update
$ sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
$ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
$ sudo apt update
$ apt-cache policy docker-ce
$ sudo apt install docker-ce=5:18.09.1~3-0~debian-buster

I have also seen a workaroung in Kubelet: mountpoint for cpu not found issue answer, but also dont have a permission under root to fix it:

mkdir /sys/fs/cgroup/cpu,cpuacct
mount -t cgroup -o cpu,cpuacct none /sys/fs/cgroup/cpu,cpuacct