From 1d032c40d345c08a976eae15dae1066008c01179 Mon Sep 17 00:00:00 2001
From: "Lubomir I. Ivanov" <lubomirivanov@vmware.com>
Date: Fri, 8 Feb 2019 04:51:16 +0200
Subject: [PATCH 1/2] kubeadm: add a preflight check for Docker and cgroup
 driver

systemd is the recommended driver as per the setup of running
the kubelet using systemd as the init system. Add a preflight
check that throws a warning if this isn't the case.
---
 cmd/kubeadm/app/preflight/checks.go         | 12 ++++++
 cmd/kubeadm/app/preflight/checks_darwin.go  | 27 +++++++++++++
 cmd/kubeadm/app/preflight/checks_linux.go   | 44 +++++++++++++++++++++
 cmd/kubeadm/app/preflight/checks_windows.go |  6 +++
 cmd/kubeadm/app/util/cgroupdriver.go        |  9 ++++-
 5 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 cmd/kubeadm/app/preflight/checks_darwin.go
 create mode 100644 cmd/kubeadm/app/preflight/checks_linux.go

diff --git a/cmd/kubeadm/app/preflight/checks.go b/cmd/kubeadm/app/preflight/checks.go
index 3f468767c2..e0f7283b87 100644
--- a/cmd/kubeadm/app/preflight/checks.go
+++ b/cmd/kubeadm/app/preflight/checks.go
@@ -226,6 +226,14 @@ func (IsPrivilegedUserCheck) Name() string {
 	return "IsPrivilegedUser"
 }
 
+// IsDockerSystemdCheck verifies if Docker is setup to use systemd as the cgroup driver.
+type IsDockerSystemdCheck struct{}
+
+// Name returns name for IsDockerSystemdCheck
+func (IsDockerSystemdCheck) Name() string {
+	return "IsDockerSystemdCheck"
+}
+
 // DirAvailableCheck checks if the given directory either does not exist, or is empty.
 type DirAvailableCheck struct {
 	Path  string
@@ -998,6 +1006,10 @@ func addCommonChecks(execer utilsexec.Interface, cfg kubeadmapi.CommonConfigurat
 		if containerRuntime.IsDocker() {
 			isDocker = true
 			checks = append(checks, ServiceCheck{Service: "docker", CheckIfActive: true})
+			// Linux only
+			// TODO: support other CRIs for this check eventually
+			// https://github.com/kubernetes/kubeadm/issues/874
+			checks = append(checks, IsDockerSystemdCheck{})
 		}
 	}
 
diff --git a/cmd/kubeadm/app/preflight/checks_darwin.go b/cmd/kubeadm/app/preflight/checks_darwin.go
new file mode 100644
index 0000000000..d4cb02628a
--- /dev/null
+++ b/cmd/kubeadm/app/preflight/checks_darwin.go
@@ -0,0 +1,27 @@
+// +build darwin
+
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package preflight
+
+// This is a MacOS stub
+
+// Check validates if Docker is setup to use systemd as the cgroup driver.
+// No-op for Darwin (MacOS).
+func (idsc IsDockerSystemdCheck) Check() (warnings, errorList []error) {
+	return nil, nil
+}
diff --git a/cmd/kubeadm/app/preflight/checks_linux.go b/cmd/kubeadm/app/preflight/checks_linux.go
new file mode 100644
index 0000000000..12828815ce
--- /dev/null
+++ b/cmd/kubeadm/app/preflight/checks_linux.go
@@ -0,0 +1,44 @@
+// +build linux
+
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package preflight
+
+import (
+	"github.com/pkg/errors"
+	"k8s.io/kubernetes/cmd/kubeadm/app/util"
+	"k8s.io/utils/exec"
+)
+
+// Check validates if Docker is setup to use systemd as the cgroup driver.
+func (idsc IsDockerSystemdCheck) Check() (warnings, errorList []error) {
+	warnings = []error{}
+	driver, err := util.GetCgroupDriverDocker(exec.New())
+	if err != nil {
+		errorList = append(errorList, err)
+		return nil, errorList
+	}
+	if driver != util.CgroupDriverSystemd {
+		err = errors.Errorf("detected %q as the Docker cgroup driver. "+
+			"The recommended driver is %q. "+
+			"Please follow the guide at https://kubernetes.io/docs/setup/cri/",
+			driver,
+			util.CgroupDriverSystemd)
+		warnings = append(warnings, err)
+	}
+	return warnings, nil
+}
diff --git a/cmd/kubeadm/app/preflight/checks_windows.go b/cmd/kubeadm/app/preflight/checks_windows.go
index 1477204248..85bae087cc 100644
--- a/cmd/kubeadm/app/preflight/checks_windows.go
+++ b/cmd/kubeadm/app/preflight/checks_windows.go
@@ -43,3 +43,9 @@ func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) {
 
 	return nil, errorList
 }
+
+// Check validates if Docker is setup to use systemd as the cgroup driver.
+// No-op for Windows.
+func (idsc IsDockerSystemdCheck) Check() (warnings, errorList []error) {
+	return nil, nil
+}
diff --git a/cmd/kubeadm/app/util/cgroupdriver.go b/cmd/kubeadm/app/util/cgroupdriver.go
index 2d1e450689..602f6c3f6f 100644
--- a/cmd/kubeadm/app/util/cgroupdriver.go
+++ b/cmd/kubeadm/app/util/cgroupdriver.go
@@ -24,6 +24,13 @@ import (
 	utilsexec "k8s.io/utils/exec"
 )
 
+const (
+	// CgroupDriverSystemd holds the systemd driver type
+	CgroupDriverSystemd = "systemd"
+	// CgroupDriverCgroupfs holds the cgroupfs driver type
+	CgroupDriverCgroupfs = "cgroupfs"
+)
+
 // TODO: add support for detecting the cgroup driver for CRI other than
 // Docker. Currently only Docker driver detection is supported:
 // Discussion:
@@ -39,7 +46,7 @@ func GetCgroupDriverDocker(execer utilsexec.Interface) (string, error) {
 }
 
 func validateCgroupDriver(driver string) error {
-	if driver != "cgroupfs" && driver != "systemd" {
+	if driver != CgroupDriverCgroupfs && driver != CgroupDriverSystemd {
 		return errors.Errorf("unknown cgroup driver %q", driver)
 	}
 	return nil

From 3b3b79fe2c96d7f8bc72638c1a64c9498ee77d6f Mon Sep 17 00:00:00 2001
From: "Lubomir I. Ivanov" <lubomirivanov@vmware.com>
Date: Fri, 8 Feb 2019 04:53:47 +0200
Subject: [PATCH 2/2] autogenerated bazel

---
 cmd/kubeadm/app/preflight/BUILD | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/cmd/kubeadm/app/preflight/BUILD b/cmd/kubeadm/app/preflight/BUILD
index e362cb3c4b..88c7dd9b69 100644
--- a/cmd/kubeadm/app/preflight/BUILD
+++ b/cmd/kubeadm/app/preflight/BUILD
@@ -10,6 +10,8 @@ go_library(
     name = "go_default_library",
     srcs = [
         "checks.go",
+        "checks_darwin.go",
+        "checks_linux.go",
         "checks_unix.go",
         "checks_windows.go",
         "utils.go",
@@ -33,7 +35,12 @@ go_library(
         "//vendor/github.com/pkg/errors:go_default_library",
         "//vendor/k8s.io/klog:go_default_library",
         "//vendor/k8s.io/utils/exec:go_default_library",
-    ],
+    ] + select({
+        "@io_bazel_rules_go//go/platform:linux": [
+            "//cmd/kubeadm/app/util:go_default_library",
+        ],
+        "//conditions:default": [],
+    }),
 )
 
 go_test(