Ubuntu22.04でKubernetesクラスタを作った
目次
Ubuntu22.04のマシン3台でkubeadmを使ってKubernetesのクラスタを作ったのでメモ。
環境
- OS: Ubuntu 22.04.2 LTS
- CRI: containerd 1.6.12
- kubernetes: 1.27.3
背景
Ubuntu 22.04では、Ubuntu 20.04と同じ手順でkubernetesをインストールしてもうまく動作しなかった。
具体的には、kubeadm init 中に以下のようなエラーが出てクラスタの作成ができなかった。
[init] Using Kubernetes version: v1.27.3
[preflight] Running pre-flight checks
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using 'kubeadm config images pull'
W0716 11:55:37.959602 2738 checks.go:835] detected that the sandbox image "registry.k8s.io/pause:3.6" of the container runtime is inconsistent with that used by kubeadm. It is recommended that using "registry.k8s.io/pause:3.9" as the CRI sandbox image.
[certs] Using certificateDir folder "/etc/kubernetes/pki"
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
error execution phase addon/coredns: unable to create ConfigMap: rpc error: code = Unknown desc = malformed header: missing HTTP content-type
To see the stack trace of this error execute with --v=5 or higher
# 別の試行
[bootstrap-token] Configured RBAC rules to allow Node Bootstrap tokens to post CSRs in order for nodes to get long term certificate credentials
[bootstrap-token] Configured RBAC rules to allow the csrapprover controller automatically approve CSRs from a Node Bootstrap Token
[bootstrap-token] Configured RBAC rules to allow certificate rotation for all node client certificates in the cluster
[bootstrap-token] Creating the "cluster-info" ConfigMap in the "kube-public" namespace
[kubelet-finalize] Updating "/etc/kubernetes/kubelet.conf" to point to a rotatable kubelet client certificate and key
[addons] Applied essential addon: CoreDNS
error execution phase addon/kube-proxy: unable to create ConfigMap: Post "https://xxxxx.notr.app:6443/api/v1/namespaces/kube-system/configmaps?timeout=10s": net/http: request canceled (Client.Timeout exceeded while awaiting headers)
To see the stack trace of this error execute with --v=5 or higher
kubeadm init時に --skip-phases=addon/kube-proxy を指定すればとりあえずクラスタを作成できたが、たびたびAPIサーバなどがクラッシュしてしまい、まともに使うことができなかった。
いろいろ調べたところ、どうやらUbuntu 22.04ではUbuntu 20.04と比べて、Cgroupのバージョンバージョンがv1からv2に変更されているため、このような事態が起きているらしいことがわかった。
kubeadmはv1.22以降、何も指定しなければデフォルトでcgroupドライバーとしてsystemd(≒v2?)を使うようになっているようなのでUbuntu 22.04でも問題ないが、どうやらUbuntuの公式リポジトリからインストールしたcontainerdが標準でcgroupドライバーとしてcgroupfs(≒v1?)を使うため、上手く動作しないようだった。
そのため、クラスタ構築時に各ホストで後述するcontainerdのruncの設定をすれば正常に動作するようになった。
手順
swap無効化
sudo swapoff -a
sudo sed -i '/\/swap.img/d' /etc/fstab
sudo rm -rf /swap.img
カーネル系の設定
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF
sudo modprobe overlay
sudo modprobe br_netfilter
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
EOF
sudo sysctl --system
必要なパッケージのインストール
sudo apt-get update
sudo apt-get install -y containerd
sudo apt-get install -y apt-transport-https ca-certificates curl
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-archive-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
containerdの設定 (今回のポイント)
sudo mkdir -p /etc/containerd
# containerdのconfigの初期化
containerd config default | sudo tee /etc/containerd/config.toml
# runcのcgroupドライバー
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
# sandbox imageのバージョンを推奨のバージョンにあわせる
sudo sed -i 's#sandbox_image = "registry.k8s.io/pause:3.6"#sandbox_image = "registry.k8s.io/pause:3.9"#g' /etc/containerd/config.toml
sudo systemctl restart containerd
kubeadmでクラスタ作成
- 1台目ではinit
sudo kubeadm init \
--control-plane-endpoint=xxxxx.notr.app \
--pod-network-cidr=10.30.0.0/16 \
--upload-certs
- 2台目では1台目のクラスタ作成後に表示されるコマンドでjoin
sudo kubeadm join .....
- 全台で以下のコマンドを実行して、ユーザ権限でもkubectlが使えるようにする
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
CNIインストール
wget https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
sed -i 's#"Network": "10.244.0.0/16"#"Network": "10.30.0.0/16"#g' kube-flannel.yml
kubectl apply -f kube-flannel.yml
control-planeでもpodが動くようにする
kubectl taint nodes ${NODE_NAME} node-role.kubernetes.io/control-plane:NoSchedule-
(終わり)
蛇足
kubeadmがデフォルトでcgroupドライバーとしてsystemd(≒v2?)を使うのに、なぜCgroup v1を使っているUbuntu 20.04では特になにもしなくても動くのか気になったため調べてみた。もっと色々知識が必要そう。
事前の確認として、確かにUbuntu 20.04ではCGroup v1、Ubuntu 22.04ではCGroup v2だった。
# Ubuntu 20.04
$ stat -fc %T /sys/fs/cgroup/
tmpfs
# Ubuntu 22.04
$ stat -fc %T /sys/fs/cgroup/
cgroup2fs
まずはkubeletのログ。Ubuntu 20.04の時だけ下記のログが出ていた。
I0717 04:43:00.341325 1910 server.go:634] "Failed to get the kubelet's cgroup. Kubelet system container metrics may be missing." err="cpu and memory cgroup hierarchy not unified. cpu: /user.slice, memory: /user.slice/user-1000.slice/session-1.scope"
次に systemctl status で確認したCGroupのツリー。構造が全然違う。
-
Ubuntu 20.04
CGroup: / ├─802 bpfilter_umh ├─kubepods-burstable-pod5274c761_8930_4974_8e63_39249bafa2a6.slice:cri-containerd:01d50b82> │ └─1433 /pause ├─kubepods-burstable-pod0dbafa2598f87622047fe2f6a5c200b2.slice:cri-containerd:4a2dd8c92ae6> │ └─990 /pause ├─kubepods-besteffort-pod5b8dfc75_34c9_43bc_bb9f_8e58aac71951.slice:cri-containerd:657b3f9> │ └─1494 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-ove> ├─kubepods-burstable-pod0ccf6f798cd6a1e8c01b8c5475a7779a.slice:cri-containerd:86ade32d465b> │ └─973 /pause ├─kubepods-besteffort-pod5b8dfc75_34c9_43bc_bb9f_8e58aac71951.slice:cri-containerd:2f7de43> │ └─1422 /pause ├─kubepods-burstable-pod0dbafa2598f87622047fe2f6a5c200b2.slice:cri-containerd:209119c536a0> │ └─1218 kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --autho> ├─kubepods-burstable-podbfffa85becc7ba3fbe6430f533c2a0d7.slice:cri-containerd:791fa34d8398> │ └─1194 etcd --advertise-client-urls=https://xxx.xxx.xxx.xxx:2379 --cert-file=/etc/kubern> ├─user.slice │ └─user-1000.slice │ ├─[email protected] │ │ └─init.scope │ │ ├─1735 /lib/systemd/systemd --user │ │ └─1736 (sd-pam) │ └─session-1.scope │ ├─1519 sshd: suuei [priv] │ ├─1832 sshd: suuei@pts/0 │ ├─1833 -bash │ ├─4438 systemctl status │ └─4439 pager ├─kubepods-burstable-pod37eb2721c8a883a24c9565177cb3e592.slice:cri-containerd:1d7be6169b1a> │ └─1200 kube-apiserver --advertise-address=xxx.xxx.xxx.xxx --allow-privileged=true --auth> ├─init.scope │ └─1 /sbin/init ├─kubepods-burstable-pod0ccf6f798cd6a1e8c01b8c5475a7779a.slice:cri-containerd:36c2fe5213d9> │ └─1216 kube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-ma> ├─system.slice │ ├─irqbalance.service │ │ └─683 /usr/sbin/irqbalance --foreground │ ├─containerd.service │ │ ├─ 705 /usr/bin/containerd │ │ ├─ 881 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 86ade32d465ba3072e25c8ab> │ │ ├─ 882 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 4a4d0fa663e555d972c1414f> │ │ ├─ 883 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 4a2dd8c92ae649a8127e30af> │ │ ├─ 884 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id f82578921bcf720aefd06f5b> │ │ ├─1324 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 2f7de43e53b6d13874f8aa5d> │ │ └─1385 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 01d50b82919b151c2d1eb97c> │ ├─systemd-networkd.service -
Ubuntu 22.04
CGroup: / ├─user.slice │ └─user-1000.slice │ ├─[email protected] │ │ └─init.scope │ │ ├─1306 /lib/systemd/systemd --user │ │ └─1307 (sd-pam) │ └─session-1.scope │ ├─1299 sshd: suuei [priv] │ ├─1388 sshd: suuei@pts/0 │ ├─1389 -bash │ ├─2365 systemctl status │ └─2366 pager ├─init.scope │ └─1 /sbin/init ├─system.slice │ ├─irqbalance.service │ │ └─675 /usr/sbin/irqbalance --foreground │ ├─containerd.service │ │ ├─ 689 /usr/bin/containerd │ │ ├─ 989 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 927aa7813dcb84d8152691af> │ │ ├─ 990 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 8fa62c38a7d70ff13c7ffbec> │ │ ├─1011 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 972b24b097524f8e8f9b696c> │ │ ├─1028 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 134c20cc6bf87a0059dc9ece> │ │ ├─1831 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id da0cadbc8af4b58bcb4d5ef2> │ │ └─1860 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 5967d4c8554ff4fda26c70e2> │ ├─systemd-networkd.service └─kubepods.slice ├─kubepods-burstable.slice │ ├─kubepods-burstable-podd50cd1eec3843135d69a00ea588eb029.slice │ │ ├─cri-containerd-8fa62c38a7d70ff13c7ffbec66df9b9a7b9383eb533f5a22a4d250f91ac97cf4.sc> │ │ │ └─1076 /pause │ │ └─cri-containerd-f3406862de907aacd9c2997f471047ee7c5f4e4aa208a61ddd0a24fd1b53d7d4.sc> │ │ └─1227 kube-apiserver --advertise-address=xxx.xxx.xxx.xxx --allow-privileged=true > │ ├─kubepods-burstable-pode5b04fc299b64d18ee398fc7678e87ee.slice │ │ ├─cri-containerd-33ea0953a054157192f1eef91f95cbfdb06f69111bcf1ca02a98ea3a0c7a8d6f.sc> │ │ │ └─1230 kube-controller-manager --allocate-node-cidrs=true --authentication-kubecon> │ │ └─cri-containerd-927aa7813dcb84d8152691af0e5ee0e40fc8400420cc1b67ede08a71828943eb.sc> │ │ └─1094 /pause │ ├─kubepods-burstable-pode38326ebb7a95e9f8b9aacb25bc0bf0d.slice │ │ ├─cri-containerd-017fea223cefa2aa4ecca6fca031fa08776c32626433c5a543f8cb0f9d218110.sc> │ │ │ └─1219 etcd --advertise-client-urls=https://xxx.xxx.xxx.xxx:2379 --cert-file=/etc/> │ │ └─cri-containerd-134c20cc6bf87a0059dc9ece879d1da159533bc63874e26ce3665d4d3ff327ec.sc> │ │ └─1084 /pause │ ├─kubepods-burstable-pod1d8c5cf2_39f0_4c44_97ca_28c97b13bd9d.slice │ │ ├─cri-containerd-c0b525600f6452e07b6ea2d48e6d0a1fedee24972cdcf44c58a2d2b7aafb3fbf.sc> │ │ │ └─2204 /opt/bin/flanneld --ip-masq --kube-subnet-mgr │ │ └─cri-containerd-da0cadbc8af4b58bcb4d5ef2980ce37743a093b6d35acda39d422ef67933b144.sc> │ │ └─1878 /pause │ └─kubepods-burstable-podf035104f862bfa573c7acec5a3816f5a.slice │ ├─cri-containerd-972b24b097524f8e8f9b696cdee51a3c944e5c24680d56997d7570fd3c9dda2f.sc> │ │ └─1085 /pause │ └─cri-containerd-8e64d3eebf95812960ee68b2f37c52056f29b4b881b3c75e42d8485cdb682c52.sc> │ └─1228 kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf -> └─kubepods-besteffort.slice └─kubepods-besteffort-podb1f8cfe5_9406_491b_a37a_5d8f150d125e.slice ├─cri-containerd-5967d4c8554ff4fda26c70e253e9caa6767bba53d36fddc52c79403caeef366f.sc> │ └─1890 /pause └─cri-containerd-b7f53884795bb34dbf550aff5e68b8a19a013cdfe20e1303aa112b92528dfd97.sc> └─1944 /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostna>
systemdがCGroup v1で動いていれば、kubeletのCGroupドライバがSystemdでもCGroup v1で動くようになっている?
Ubuntu 22.04でcontainerdの設定を変えたりしながら色々みてみる。
crictlにcontainerdの設定を入れてコンテナを動かしてみようと思ったが、なかなか面倒くさそう。
とりあえずconfig。
cat <<EOF | sudo tee /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 10
EOF
調べてみると、containerd をDockerと同じ方法でいじるツールがあったので使ってみる。とても便利。
mkdir nerdctl
cd nerdctl
wget https://github.com/containerd/nerdctl/releases/download/v1.4.0/nerdctl-1.4.0-linux-amd64.tar.gz
tar xvf nerdctl-1.4.0-linux-amd64.tar.gz
sudo ./nerdctl ps -a
とりあえず containerdの設定をインストール時のまま変えずに(=runcのCGroupのドライバーをsystemdにせずに) nerdctl run nginx & を10回実行してnginxのコンテナを10個立ち上げてみたところ、こんな感じ。
└─system.slice
├─nerdctl-7133fed8d159231ac5148f47630de29c4d2c31f0e768b8fdb19b6cc2793f4af9.scope
│ ├─3056 nginx: master process nginx -g daemon off;
│ ├─3162 nginx: worker process
│ ├─3163 nginx: worker process
│ ├─3164 nginx: worker process
│ └─3165 nginx: worker process
├─irqbalance.service
│ └─665 /usr/sbin/irqbalance --foreground
├─containerd.service
│ ├─ 682 /usr/bin/containerd
│ ├─1576 /usr/bin/containerd-shim-runc-v2 -namespace default -id c763f3513967a5bb9a5adea9cb0dd6de91>
│ ├─1913 /usr/bin/containerd-shim-runc-v2 -namespace default -id d75f4c8f62ae6c85f91346da459aa80da2>
│ ├─2114 /usr/bin/containerd-shim-runc-v2 -namespace default -id d5509bddda9ef7525b54375c6d378fefea>
│ ├─2289 /usr/bin/containerd-shim-runc-v2 -namespace default -id d761213e763a836c954d57eca1214fa2ff>
│ ├─2437 /usr/bin/containerd-shim-runc-v2 -namespace default -id 775d9f6c013c93e0b65b439531d7b876ac>
│ ├─2585 /usr/bin/containerd-shim-runc-v2 -namespace default -id d8f8f56f3e18bb420b2cde34744da868d6>
│ ├─2750 /usr/bin/containerd-shim-runc-v2 -namespace default -id 60a587a8b5211965cf105793b873d2f267>
│ ├─2893 /usr/bin/containerd-shim-runc-v2 -namespace default -id 2e7912795d2eb1e22c94bd67d337f749b4>
│ ├─3037 /usr/bin/containerd-shim-runc-v2 -namespace default -id 7133fed8d159231ac5148f47630de29c4d>
│ ├─3182 /usr/bin/containerd-shim-runc-v2 -namespace default -id 667e89b1d16f0089d8a4a03a24f0ffd2ef>
│ ├─3328 /usr/bin/containerd-shim-runc-v2 -namespace default -id e30c2bef437299dc7bc12e7f201f03fbac>
│ ├─3471 /usr/bin/containerd-shim-runc-v2 -namespace default -id d50275fed4584b006a10fc3ff04750d57b>
│ └─3617 /usr/bin/containerd-shim-runc-v2 -namespace default -id 2e03071d1009477160989d7939a8fab9e5>
├─systemd-networkd.service
│ └─643 /lib/systemd/systemd-networkd
├─nerdctl-d50275fed4584b006a10fc3ff04750d57bec52c9bc05e9310a618af5781ef4a1.scope
│ ├─3491 nginx: master process nginx -g daemon off;
│ ├─3597 nginx: worker process
│ ├─3598 nginx: worker process
│ ├─3599 nginx: worker process
│ └─3600 nginx: worker process
├─systemd-udevd.service
│ └─430 /lib/systemd/systemd-udevd
├─cron.service
│ └─658 /usr/sbin/cron -f -P
├─polkit.service
│ └─668 /usr/libexec/polkitd --no-debug
├─networkd-dispatcher.service
│ └─667 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
├─multipathd.service
│ └─427 /sbin/multipathd -d -s
├─nerdctl-2e7912795d2eb1e22c94bd67d337f749b404662867871b5824867666cc4bfcae.scope
│ ├─2913 nginx: master process nginx -g daemon off;
│ ├─3016 nginx: worker process
│ ├─3017 nginx: worker process
│ ├─3018 nginx: worker process
│ └─3019 nginx: worker process
├─ModemManager.service
containerdの設定を変えて=runcのCGroupのドライバーをsystemdにして nerdctl run nginx をするとこんな感じ。
└─system.slice
├─irqbalance.service
│ └─665 /usr/sbin/irqbalance --foreground
├─nerdctl-cdfba8805fe730a611afa38e1598dc8e834fa200186a38ff641f30622a81d197.scope
│ ├─5335 nginx: master process nginx -g daemon off;
│ ├─5448 nginx: worker process
│ ├─5449 nginx: worker process
│ ├─5450 nginx: worker process
│ └─5451 nginx: worker process
├─containerd.service
│ ├─5290 /usr/bin/containerd
│ └─5318 /usr/bin/containerd-shim-runc-v2 -namespace default -id cdfba8805fe730a611afa38e1598dc8e83>
├─systemd-networkd.service
│ └─643 /lib/systemd/systemd-networkd
├─systemd-udevd.service
│ └─430 /lib/systemd/systemd-udevd
どちらでも普通にそのまま動いている。
containerdの設定を戻して kubeadm init を実行。失敗するが、とりあえずそのまま確認。
└─system.slice
├─irqbalance.service
│ └─665 /usr/sbin/irqbalance --foreground
├─containerd.service
│ ├─5660 /usr/bin/containerd
│ ├─5949 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id d4a82818a4a7514a0657c091a3dbbba78c5>
│ ├─6489 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 1a4b2e013180ed03bf113559b004f8fe391>
│ ├─6519 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id b21c27c5b0fe82a3b08eb5841b04d5f51c3>
│ └─6520 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id dcf018e7ea649d5f2e1ff498ef627fffb75>
├─systemd-networkd.service
│ └─643 /lib/systemd/systemd-networkd
├─systemd-udevd.service
│ └─430 /lib/systemd/systemd-udevd
├─cron.service
│ └─658 /usr/sbin/cron -f -P
├─polkit.service
│ └─668 /usr/libexec/polkitd --no-debug
├─networkd-dispatcher.service
│ └─667 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
├─kubepods-burstable-pod226208d2c5888c202462be30cfe898e9.slice:cri-containerd:b21c27c5b0fe82a3b08eb>
│ └─6574 /pause
├─multipathd.service
│ └─427 /sbin/multipathd -d -s
├─kubelet.service
│ └─6253 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfi>
├─ModemManager.service
│ └─694 /usr/sbin/ModemManager
├─kubepods-burstable-pod97cac5fc8f5122c2700c3881fff283a1.slice:cri-containerd:7cbc133a225174f84d3d5>
│ └─6653 kube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.con>
├─systemd-journald.service
│ └─385 /lib/systemd/systemd-journald
├─unattended-upgrades.service
│ └─711 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-sign>
├─ssh.service
│ └─722 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
├─kubepods-burstable-podc2aeff821355ff3ba3eebbc228d4cfa8.slice:cri-containerd:dcf018e7ea649d5f2e1ff>
│ └─6572 /pause
├─kubepods-burstable-pod97cac5fc8f5122c2700c3881fff283a1.slice:cri-containerd:1a4b2e013180ed03bf113>
$ find /sys/fs/cgroup -name kube*
/sys/fs/cgroup/system.slice/kubepods-burstable-podc2aeff821355ff3ba3eebbc228d4cfa8.slice:cri-containerd:18a889e7da584f0dc71f2c21a5dc8651be253c91ff68ade001801138cfb2b03e
/sys/fs/cgroup/system.slice/kubepods-burstable-pod226208d2c5888c202462be30cfe898e9.slice:cri-containerd:b21c27c5b0fe82a3b08eb5841b04d5f51c3a886d288e6d3330cfc1bdda7a3e12
/sys/fs/cgroup/system.slice/kubelet.service
/sys/fs/cgroup/system.slice/kubepods-burstable-pod97cac5fc8f5122c2700c3881fff283a1.slice:cri-containerd:7cbc133a225174f84d3d5cdd32594052c6c0e6c361f2e92378900ad390204f7a
/sys/fs/cgroup/system.slice/kubepods-burstable-pod97cac5fc8f5122c2700c3881fff283a1.slice:cri-containerd:1a4b2e013180ed03bf113559b004f8fe39195e0ac27d416f811abba4f6024ce6
/sys/fs/cgroup/system.slice/kubepods-burstable-pod74089e695dcc76637fa5860eb768fd95.slice:cri-containerd:dce6ca0b4f9b8b1353cfc75fd584eb122762f75aab56e4c7a9960f22ea88a6db
/sys/fs/cgroup/system.slice/kubepods-burstable-podc2aeff821355ff3ba3eebbc228d4cfa8.slice:cri-containerd:5eb04dc4b3942b0e2fa86c714e2dc5b75ee36125e805784b4f669a93c67f1ca0
/sys/fs/cgroup/system.slice/kubepods-burstable-pod226208d2c5888c202462be30cfe898e9.slice:cri-containerd:7c71b5a032f31f12166f7136bd019198483333d75aed5ddee610d6480bd5f4ea
/sys/fs/cgroup/system.slice/kubepods-burstable-pod74089e695dcc76637fa5860eb768fd95.slice:cri-containerd:d09cb9e9a846c1dc0dfdefbd3c906211e1a4d660b0905e573b46ff17ca63e67d
/sys/fs/cgroup/kubepods.slice
/sys/fs/cgroup/kubepods.slice/kubepods-burstable.slice
/sys/fs/cgroup/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod226208d2c5888c202462be30cfe898e9.slice
/sys/fs/cgroup/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-podc2aeff821355ff3ba3eebbc228d4cfa8.slice
/sys/fs/cgroup/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod97cac5fc8f5122c2700c3881fff283a1.slice
/sys/fs/cgroup/kubepods.slice/kubepods-burstable.slice/kubepods-burstable-pod74089e695dcc76637fa5860eb768fd95.slice
/sys/fs/cgroup/kubepods.slice/kubepods-besteffort.slice
kubeletがkubepods.sliceを作ってその中でCGroupの設定を入れているが、containerdはCGroup v1と同じようにsystem.sliceを使うため、ここでおかしなことが起きている雰囲気?
もう少し知識をつけて色々追っていかないとわからなそう。
CGroupの仕組みは今回の件で初めて知ったが、なかなか面白そうなので引き続き調べていきたい。