Fix CI cgroupv2 failures by enabling cgroupv2 controller subtree control

[delthas]

Issue: ZENKO-5194
See: actions/runner-images#13684

[bert-e]

Hello delthas,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Available options

name	description	privileged	authored
/after_pull_request	Wait for the given pull request id to be merged before continuing with the current one.
/bypass_author_approval	Bypass the pull request author's approval	⭐
/bypass_build_status	Bypass the build and test status	⭐
/bypass_commit_size	Bypass the check on the size of the changeset TBA	⭐
/bypass_incompatible_branch	Bypass the check on the source branch prefix	⭐
/bypass_jira_check	Bypass the Jira issue check	⭐
/bypass_peer_approval	Bypass the pull request peers' approval	⭐
/bypass_leader_approval	Bypass the pull request leaders' approval	⭐
/approve	Instruct Bert-E that the author has approved the pull request.		✍️
/create_pull_requests	Allow the creation of integration pull requests.
/create_integration_branches	Allow the creation of integration branches.
/no_octopus	Prevent Wall-E from doing any octopus merge and use multiple consecutive merge instead
/unanimity	Change review acceptance criteria from one reviewer at least to all reviewers
/wait	Instruct Bert-E not to run until further notice.

Available commands

name	description	privileged
/help	Print Bert-E's manual in the pull request.
/status	Print Bert-E's current status in the pull request TBA
/clear	Remove all comments from Bert-E from the history TBA
/retry	Re-start a fresh build TBA
/build	Re-start a fresh build TBA
/force_reset	Delete integration branches & pull requests, and restart merge process from the beginning.
/reset	Try to remove integration branches unless there are commits on them which do not appear on the source branch.

Status report is not available.

[bert-e]

Request integration branches

Waiting for integration branch creation to be requested by the user.

To request integration branches, please comment on this pull request with the following command:

/create_integration_branches

Alternatively, the /approve and /create_pull_requests commands will automatically
create the integration branches.

[Copilot]

Pull request overview

Adjusts the end-to-end deploy composite action to proactively enable cgroup v2 controllers on GitHub-hosted runners, addressing recent CI breakages caused by runner/Docker/containerd cgroupv2 behavior changes (ZENKO-5194, runner-images#13684).

Changes:

• Add a deploy-step that attempts to enable cgroup v2 controllers (including cpuset) via cgroup.subtree_control before bootstrapping the kind cluster.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This step suppresses all errors from enabling controllers (2>/dev/null || true) but then logs Controllers enabled: ..., which can be misleading if writes failed (e.g., permissions / cgroup rules). Consider verifying that the required controller(s) (at least cpuset) are present in cgroup.subtree_control after attempting to enable them, and if not, emit a clear warning or fail fast with an actionable message so CI failures remain diagnosable.

Suggested change

	echo "Controllers enabled: $(cat /sys/fs/cgroup/cgroup.subtree_control)"
	enabled_controllers="$(cat /sys/fs/cgroup/cgroup.subtree_control 2>/dev/null || echo "")"
	echo "Controllers enabled: ${enabled_controllers}"
	if ! printf '%s\n' "${enabled_controllers}" | grep -qw "cpuset"; then
	echo "ERROR: Failed to enable required 'cpuset' cgroup v2 controller in /sys/fs/cgroup/cgroup.subtree_control." >&2
	echo "This can cause JVM (JDK 11) and ZooKeeper failures inside containers on GitHub Actions runners." >&2
	echo "Please ensure the runner allows enabling the 'cpuset' controller (cgroup v2 delegation) or disable this step." >&2
	exit 1
	fi

[Copilot]

tee will echo each +$c back to stdout, which can add a lot of log noise in CI. Redirecting tee output to /dev/null (while keeping errors/warnings as appropriate) would keep logs cleaner and make failures easier to spot.

Suggested change

	echo "+$c" | sudo tee /sys/fs/cgroup/cgroup.subtree_control 2>/dev/null || true
	done
	if [ -f /sys/fs/cgroup/system.slice/cgroup.subtree_control ]; then
	for c in $(cat /sys/fs/cgroup/system.slice/cgroup.controllers); do
	echo "+$c" | sudo tee /sys/fs/cgroup/system.slice/cgroup.subtree_control 2>/dev/null || true
	echo "+$c" | sudo tee /sys/fs/cgroup/cgroup.subtree_control >/dev/null || true
	done
	if [ -f /sys/fs/cgroup/system.slice/cgroup.subtree_control ]; then
	for c in $(cat /sys/fs/cgroup/system.slice/cgroup.controllers); do
	echo "+$c" | sudo tee /sys/fs/cgroup/system.slice/cgroup.subtree_control >/dev/null || true