Re: Failed to ensure state of "/docker-daemon": failed to apply oom score -900 to PID 382

The kubelet in Kubernetes creates a cgroup /docker-daemon and attempts to move the docker daemon into that cgroup as part of its internal accounting.  It also lowers the OOM score of the daemon to -900 so the oom_killer will not target it in low memory situations over end-user containers.

On systemd environments, this type of cgroup manipulation is not needed because systemd already launched the daemon in the cgroup associated with its service, i.e. /system.slice/docker.service.  I recommend modifying the unit file for your docker daemon and setting the OOMScoreAdjust=-900 to ensure that in low-memory situations the oom_killer does not incorrectly target your docker daemon, but in general, the kubelet should not be doing this type of bootstrap manipulation on systemd environments.

I have a PR upstream that attempts to remove this noise when bootstrapping on systemd that hopefully will get merged soon:



I keep seeing this in the openshift console.  Is this something to be concerned about?

