m/node: switch to cgroupv2 This switches us from legacy cgroup (v1) to cgroup v2 aka unified cgroup. Our versions of Kubernetes, containerd and runc/gVisor all support this by now. cgroup_bpf needs to be enabled in the kernel for containerd with cgroup v2. Also enable swap as this now works with cgroup v2, this gets rid of a warning for every pod being started. We are not really using cgroups ourselves, but as the root cgroup in v2 is special, move our own process into a subgroup at startup. Change-Id: I8d63b2ad672568c052c3fe1a2306182f033667fa Reviewed-on: https://review.monogon.dev/c/monogon/+/3207 Tested-by: Jenkins CI Reviewed-by: Jan Schär <jan@monogon.tech>

commit: fe6b506b6124b39b0b36c483d03de3b4efc5bdc4 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Tue Jul 02 16:32:35 2024 +0000
committer: Lorenz Brun <lorenz@monogon.tech> Thu Jul 04 14:50:22 2024 +0000
tree: b3a4cbd0f4890dc5ee9a30eb643b2d3e9aa79fa5
parent: 9f21f5396aa18bc9f2f83c867ff883f49bbf02ae [diff] [blame]
diff --git a/metropolis/node/core/BUILD.bazel b/metropolis/node/core/BUILD.bazel
index 938a7d7..9c80741 100644
--- a/metropolis/node/core/BUILD.bazel
+++ b/metropolis/node/core/BUILD.bazel

@@ -45,6 +45,7 @@
         "@com_github_cenkalti_backoff_v4//:backoff",
         "@com_github_containerd_containerd//:containerd",
         "@com_github_containerd_containerd//namespaces",
+        "@com_github_opencontainers_runc//libcontainer/cgroups",
         "@org_golang_google_grpc//:go_default_library",
         "@org_golang_google_grpc//codes",
         "@org_golang_google_grpc//status",
commit	fe6b506b6124b39b0b36c483d03de3b4efc5bdc4	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Tue Jul 02 16:32:35 2024 +0000
committer	Lorenz Brun <lorenz@monogon.tech>	Thu Jul 04 14:50:22 2024 +0000
tree	b3a4cbd0f4890dc5ee9a30eb643b2d3e9aa79fa5
parent	9f21f5396aa18bc9f2f83c867ff883f49bbf02ae [diff] [blame]