Why Kubernetes 1.25’s GA cgroup v2 Support Matters for Your Clusters
Kubernetes 1.25 officially ships cgroup v2 support, enabling the kubelet to leverage the latest Linux resource‑management features, and the article explains what cgroups are, the advantages of v2, how to enable it, migration considerations, and where to learn more.
What Is a cgroup?
cgroups (control groups) are a Linux kernel feature that lets the system limit and isolate resources such as CPU, memory, and storage for groups of processes. Kubernetes relies on cgroups to enforce pod and container resource requests and limits.
What Is cgroup v2?
cgroup v2 is the latest version of the Linux cgroup API, offering a unified hierarchy, improved subtree delegation, pressure‑stall information, and better cross‑resource isolation. It has been under development since 2016 and is now the default on many modern Linux distributions.
Why It Matters for Kubernetes
Kubernetes 1.25 promotes cgroup v2 to GA, allowing the kubelet to use the new capabilities. Features such as MemoryQoS depend on v2, and future kubelet enhancements will build on these APIs.
How to Use cgroup v2
Most recent Linux distributions already enable cgroup v2. Recommended distributions include Container‑Optimized OS, Ubuntu 22.04+, Debian 11+, Fedora 31+, Arch Linux (since April 2021), and RHEL 9+.
To verify the cgroup version on a node, consult the distro documentation or follow the “Identify the cgroup version on a Linux node” guide.
If you run a managed Kubernetes service, check with your provider how they adopt cgroup v2 and whether any action is required.
Requirements for Enabling cgroup v2 with Kubernetes
Your Linux kernel must be version 5.8 or newer with cgroup v2 enabled.
Your container runtime must support cgroup v2, e.g., containerd v1.4+ or cri‑o v1.20+.
The kubelet and container runtime should be configured to use the systemd cgroup driver.
Both the kubelet and the runtime use the cgroup driver to set cgroup parameters. Using the systemd driver for both ensures a single cgroup manager on the host.
Migrating to cgroup v2
When you run Kubernetes on a distro that defaults to cgroup v2 and meet the above requirements, the kubelet automatically adapts without extra configuration. Most users will not notice any UI change unless they directly interact with the cgroup filesystem.
If applications on the node or inside containers access the cgroup filesystem, they must be updated to use the v2 API instead of v1.
Scenarios that may require updates include:
Third‑party monitoring or security agents that read cgroup files – upgrade them to versions that support v2.
Standalone cAdvisor DaemonSets – upgrade to v0.43.0 or newer.
Java applications – use JDK 11.0.16+ or JDK 15+ that fully support cgroup v2.
Further Reading
Kubernetes cgroup v2 documentation.
KEP 2254 – the design proposal for cgroup v2 support.
Linux man page for cgroups and the kernel documentation for cgroup v2.
Get Involved
Feedback is welcome via the SIG Node Slack channel #sig-node or the SIG Node mailing list.
The evolution of cgroup v2 showcases a successful open‑source collaboration across the Linux kernel, systemd, container runtimes, and Kubernetes.
Acknowledgments
Thanks to Giuseppe Scrivano for initiating cgroup v2 support in Kubernetes, SIG Node chair Dawn Chen, and reviewer Derek Carr. Appreciation also goes to the maintainers of containerd, CRI‑O, cAdvisor, runc, and libcontainer, as well as the systemd and upstream kernel teams.
References
kubelet: /zh-cn/docs/concepts/overview/components/#kubelet
Resource management: /zh-cn/docs/concepts/configuration/manage-resources-containers/
Pod and container requests/limits: /zh-cn/docs/concepts/configuration/manage-resources-containers/#requests-and-limits
Pressure‑stall information: https://www.kernel.org/doc/html/latest/accounting/psi.html
MemoryQoS feature: /blog/2021/11/26/qos-memory-resources/
Identify cgroup version on a Linux node: /zh-cn/docs/concepts/architecture/cgroups/#check-cgroup-version
containerd: https://containerd.io/
cri‑o: https://cri-o.io/
systemd cgroup driver: /zh-cn/docs/setup/production-environment/container-runtimes#systemd-cgroup-driver
cgroup driver docs: /zh-cn/docs/setup/production-environment/container-runtimes#cgroup-drivers
cAdvisor: https://github.com/google/cadvisor
Full cgroup v2 support in JDK: https://bugs.openjdk.org/browse/JDK-8230305
Kubernetes cgroup v2 docs: /zh-cn/docs/concepts/architecture/cgroups/
KEP 2254: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2254-cgroup-v2/README.md
cgroups man page: https://man7.org/linux/man-pages/man7/cgroups.7.html
cgroup v2 kernel docs: https://docs.kernel.org/admin-guide/cgroup-v2.html
Slack: https://slack.k8s.io/
Mailing list: https://github.com/kubernetes/community/tree/master/sig-node#contact
Giuseppe Scrivano: https://github.com/giuseppe
Dawn Chen: https://github.com/dchen1107
Derek Carr: https://github.com/derekwaynecarr
cAdvisor repo: https://github.com/google/cadvisor
runc / libcontainer: https://github.com/opencontainers/runc
Cloud Native Technology Community
The Cloud Native Technology Community, part of the CNBPA Cloud Native Technology Practice Alliance, focuses on evangelizing cutting‑edge cloud‑native technologies and practical implementations. It shares in‑depth content, case studies, and event/meetup information on containers, Kubernetes, DevOps, Service Mesh, and other cloud‑native tech, along with updates from the CNBPA alliance.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.