kubernetes: Pod stuck in ContainerCreating: Unit ...slice already exists

Not sure, but problem still exists in both 1.21.2 and 1.21.3 versions. Stuck with *.slice problem: not creating container and complaining that slice exists Also found fatal error which causes failure of kubelet at all:

kubelet.go:1384] "Failed to start ContainerManager" err="failed to initialize top level QOS containers: failed to create top level Burstable QOS cgroup : error while starting unit \"kubepods-burstable.slice\" with properties [{Name:Description Value:\"libcontainer container kubepods-burstable.slice\"} {Name:Wants Value:[\"kubepods.slice\"]} {Name:MemoryAccounting Value:true} {Name:CPUAccounting Value:true} {Name:IOAccounting Value:true} {Name:TasksAccounting Value:true} {Name:DefaultDependencies Value:false}]: Unit kubepods-burstable.slice already exists."

kubelet.service: Main process exited, code=exited, status=1/FAILURE

runc is 1.0.1 under archlinux

@sfxworks thanks for the report, we believe that this currently affects 1.21.2 (but not prior versions of 1.21) and the 1.22 release candidate based on our RCA. It’s a release blocker, we’re working on it.

/milestone v1.22

+1 to backport to 1.21 as well to fix the bug in 1.21.x

Can confirm I just experienced this as well after upgrading to v1.21.2. It’s intermittent as well.

Thanks for opening #104280.

if I’m understanding correctly, this issue (#102676) describes a problem that is still present in release-1.21 (runc rc95+), but we can’t pick up the runc version that fixes it (1.0.1) because of #104280?

@odinuge thanks! We’re backporting both https://github.com/opencontainers/runc/pull/3082 and https://github.com/opencontainers/runc/pull/3067 to 1.0.1, and still hope to have a release soon.

@odinuge Got https://github.com/kubernetes/test-infra/pull/22553 approved to help out with the failing serial tests on cri-o/systemd driver, https://github.com/kubernetes/kubernetes/pull/102169 is also pending and should help.

The current runc diff to master: https://github.com/opencontainers/runc/compare/v1.0.0-rc95...master

This is not the right diff to look at. We have already upgraded to 1.0.0 and it caused an issue (https://github.com/kubernetes/kubernetes/pull/103483) causing a revert. The issue has been fixed and backported to release-1.0 branch; we’re going to have a release this week.

So, the diff to look at is the difference between 1.0.0 and to-be-released 1.0.1: https://github.com/opencontainers/runc/compare/v1.0.0...release-1.0

The list of PRs for 1.0.1 can be seen at https://github.com/opencontainers/runc/issues/3076; from the kubernetes perspective, this is limited to the fix that caused a revert of runc 1.0.0 bump.

The runc 1.0.0 (or 1.0.1) bump would also fix “dbus: connection closed by user” issue caused by dbus restart (reported to https://bugzilla.redhat.com/show_bug.cgi?id=1941456), but I guess it’s not super critical (the workaround is to restart kubernetes).

I am fine either way, but bumping runc to 1.0.1 and backporting may be beneficial and should not introduce any new regressions as we have already tested 1.0.0.

I agree with @odinuge, the churn+bugs in runc is very concerning, if #102250 works, then we should just take that and hold off on the huge dependency bump.

cc @derekwaynecarr @SergeyKanzhelev as well.

You should probably mention that this only affects people who use cgroupDriver: systemd.