Run etcd with shareProcessNamespace: true to reap zombie processes
The kubernetes-etcd pods are leaving behind zombie processes and setting 'shareProcessNamespace: true' eliminates that problem. When you enable process namespace sharing for a Pod, Kubernetes uses a single process namespace for all the containers in that Pod. The Kubernetes Pod infrastructure container becomes PID 1 and automatically reaps orphaned processes. [0] [0]https://cloud.google.com/solutions/best-practices-for-building-containers#solution_2_enable_process_namespace_sharing_in_kubernetes Change-Id: I61566fb71258baafa709b0e5367c71f13e980f6f
This commit is contained in:
parent
d44084664e
commit
0ffde4162e
@ -53,6 +53,7 @@ spec:
|
|||||||
spec:
|
spec:
|
||||||
{{ dict "envAll" $envAll "application" "anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
{{ dict "envAll" $envAll "application" "anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
shareProcessNamespace: true
|
||||||
{{- if .Values.anchor.dns_policy }}
|
{{- if .Values.anchor.dns_policy }}
|
||||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -54,6 +54,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
{{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
|
{{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
shareProcessNamespace: true
|
||||||
containers:
|
containers:
|
||||||
- name: etcd
|
- name: etcd
|
||||||
image: {{ .Values.images.tags.etcd }}
|
image: {{ .Values.images.tags.etcd }}
|
||||||
|
@ -36,6 +36,7 @@ spec:
|
|||||||
{{ .Values.labels.anchor.node_selector_key }}: {{ .Values.labels.anchor.node_selector_value }}
|
{{ .Values.labels.anchor.node_selector_key }}: {{ .Values.labels.anchor.node_selector_value }}
|
||||||
restartPolicy: Never
|
restartPolicy: Never
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
|
shareProcessNamespace: true
|
||||||
tolerations:
|
tolerations:
|
||||||
- key: node-role.kubernetes.io/master
|
- key: node-role.kubernetes.io/master
|
||||||
effect: NoSchedule
|
effect: NoSchedule
|
||||||
|
Loading…
Reference in New Issue
Block a user