- lxc >= 4.0.5, master recommened
- conmon/pinns v2.0.2
- cri-o release-1.19
- k8s 1.19.4
# liblxc / conmon build dependencies
apt-get install build-essential libtool automake pkg-config \
libseccomp-dev libapparmor-dev libbtrfs-dev \
libdevmapper-dev libcap-dev libc6-dev libglib2.0-dev
# k8s dependencies, tools
apt-get install jq ebtables iptables conntrack
# liblxc / conmon build dependencies
pacman -Sy base-devel apparmor libseccomp libpcap btrfs-progs
# k8s dependencies
pacman -Sy conntrack-tools ebtables jq
Enable cgroupv2 unified hierarchy manually:
mount -t cgroup2 none /sys/fs/cgroup
or permanent via kernel cmdline params:
systemd.unified_cgroup_hierarchy=1 cgroup_no_v1=all
Modify systemd service file to run with full privileges. This is required for the runtime to set cgroupv2 device controller eBPF
ExecStart=+/usr/local/bin/crio
See cri-o/cri-o#4272