From 63613b2da29ba0d7c98dacc1d1dff29b00099195 Mon Sep 17 00:00:00 2001 From: Ivan Shapovalov Date: Sat, 23 Dec 2023 02:10:11 +0100 Subject: [PATCH 5/6] *.service: update systemd service files --- k3s-agent-rootless.service | 47 ++++++++++++++++++++++++++++++++++++++ k3s-agent.service | 27 ++++++++++++++++++++++ k3s-rootless.service | 26 +++++++++++---------- k3s.service | 12 +++++----- 4 files changed, 94 insertions(+), 18 deletions(-) create mode 100644 k3s-agent-rootless.service create mode 100644 k3s-agent.service diff --git a/k3s-agent-rootless.service b/k3s-agent-rootless.service new file mode 100644 index 0000000000..68e049b2d1 --- /dev/null +++ b/k3s-agent-rootless.service @@ -0,0 +1,47 @@ +# systemd unit file for k3s (rootless) +# +# Usage: +# - [Optional] Enable cgroup v2 delegation, see https://rootlesscontaine.rs/getting-started/common/cgroup2/ . +# This step is optional, but highly recommended for enabling CPU and memory resource limtitation. +# +# - Copy this file as `~/.config/systemd/user/k3s-rootless.service`. +# Installing this file as a system-wide service (`/etc/systemd/...`) is not supported. +# Depending on the path of `k3s` binary, you might need to modify the `ExecStart=/usr/local/bin/k3s ...` line of this file. +# +# - Run `systemctl --user daemon-reload` +# +# - Run `systemctl --user enable --now k3s-rootless` +# +# - Run `KUBECONFIG=~/.kube/k3s.yaml kubectl get pods -A`, and make sure the pods are running. +# +# Troubleshooting: +# - See `systemctl --user status k3s-rootless` to check the daemon status +# - See `journalctl --user -f -u k3s-rootless` to see the daemon log +# - See also https://rootlesscontaine.rs/ + +[Unit] +Description=Lightweight Kubernetes (agent, rootless) +Documentation=https://k3s.io +Documentation=https://rootlesscontaine.rs/ +After=network.target network-online.target +Wants=network.target network-online.target + +[Service] +Type=notify +EnvironmentFile=-%E/systemd/system/%n.env +# NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation. +# If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope. +ExecStart=/usr/bin/k3s agent --rootless --snapshotter=fuse-overlayfs $K3S_EXEC +ExecReload=/bin/kill -s HUP $MAINPID +KillMode=mixed +Delegate=yes +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=default.target diff --git a/k3s-agent.service b/k3s-agent.service new file mode 100644 index 0000000000..9e8974c972 --- /dev/null +++ b/k3s-agent.service @@ -0,0 +1,27 @@ +[Unit] +Description=Lightweight Kubernetes (agent) +Documentation=https://k3s.io +After=network.target network-online.target +Wants=network.target network-online.target + +[Service] +Type=notify +EnvironmentFile=-/etc/default/%N +EnvironmentFile=-/etc/sysconfig/%N +EnvironmentFile=-/etc/systemd/system/%n.env +ExecStart=/usr/bin/k3s agent $K3S_EXEC +ExecReload=/bin/kill -s HUP $MAINPID +KillMode=process +Delegate=yes +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNOFILE=1048576 +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +TimeoutStartSec=0 +Restart=always +RestartSec=5s + +[Install] +WantedBy=multi-user.target diff --git a/k3s-rootless.service b/k3s-rootless.service index 5879e2f8f2..916af05c6d 100644 --- a/k3s-rootless.service +++ b/k3s-rootless.service @@ -20,26 +20,28 @@ # - See also https://rootlesscontaine.rs/ [Unit] -Description=k3s (Rootless) +Description=Lightweight Kubernetes (server, rootless) +Documentation=https://k3s.io +Documentation=https://rootlesscontaine.rs/ +After=network.target network-online.target +Wants=network.target network-online.target [Service] -Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +Type=notify +EnvironmentFile=-%E/systemd/system/%n.env # NOTE: Don't try to run `k3s server --rootless` on a terminal, as it doesn't enable cgroup v2 delegation. # If you really need to try it on a terminal, prepend `systemd-run --user -p Delegate=yes --tty` to create a systemd scope. -ExecStart=/usr/local/bin/k3s server --rootless --snapshotter=fuse-overlayfs +ExecStart=/usr/bin/k3s server --rootless --snapshotter=fuse-overlayfs $K3S_EXEC ExecReload=/bin/kill -s HUP $MAINPID -TimeoutSec=0 -RestartSec=2 -Restart=always -StartLimitBurst=3 -StartLimitInterval=60s -LimitNOFILE=infinity +KillMode=mixed +Delegate=yes +LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity TasksMax=infinity -Delegate=yes -Type=simple -KillMode=mixed +TimeoutStartSec=0 +Restart=always +RestartSec=5s [Install] WantedBy=default.target diff --git a/k3s.service b/k3s.service index 70ce10c1aa..c786114ce0 100644 --- a/k3s.service +++ b/k3s.service @@ -1,16 +1,16 @@ [Unit] -Description=Lightweight Kubernetes +Description=Lightweight Kubernetes (server) Documentation=https://k3s.io -After=network-online.target -Wants=network-online.target +After=network.target network-online.target +Wants=network.target network-online.target [Service] Type=notify EnvironmentFile=-/etc/default/%N EnvironmentFile=-/etc/sysconfig/%N -EnvironmentFile=-/etc/systemd/system/k3s.service.env -ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service 2>/dev/null' -ExecStart=/usr/local/bin/k3s server +EnvironmentFile=-/etc/systemd/system/%n.env +ExecStart=/usr/bin/k3s server $K3S_EXEC +ExecReload=/bin/kill -s HUP $MAINPID KillMode=process Delegate=yes # Having non-zero Limit*s causes performance problems due to accounting overhead -- 2.43.1