From 4f0a22345ef8bb108c891f9d3eb4f46f6b259ed7 Mon Sep 17 00:00:00 2001
From: Rick Bartra <rb560u@att.com>
Date: Thu, 16 Jul 2020 16:54:32 +0000
Subject: [PATCH] Update calicoctl-utility container with
 'shareProcessNamespace: true'

The calicoctl-utility container is leaving behind zombie processes and
setting 'shareProcessNamespace: true' eliminates that problem.

When you enable process namespace sharing for a Pod, Kubernetes uses a
single process namespace for all the containers in that Pod. The
Kubernetes Pod infrastructure container becomes PID 1 and automatically
reaps orphaned processes. [0]

[0]https://cloud.google.com/solutions/best-practices-for-building-containers#solution_2_enable_process_namespace_sharing_in_kubernetes

Change-Id: I8efc08942ac281f5da0f0819fc5f181eca15d25b
---
 .../templates/deployment-calicoctl-utility.yaml                  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml b/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
index 5248605f..5fedddf8 100644
--- a/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
+++ b/charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
@@ -114,6 +114,7 @@ spec:
       serviceAccountName: {{ $serviceAccountName }}
       nodeSelector:
         {{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }}
+      shareProcessNamespace: true
       containers:
         - name: calicoctl-utility
 {{ tuple $envAll "calicoctl_utility" | include "helm-toolkit.snippets.image" | indent 10 }}