airship/porthole
Code Issues Proposed changes

Update calicoctl-utility container with 'shareProcessNamespace: true'

Browse Source 
The calicoctl-utility container is leaving behind zombie processes and
setting 'shareProcessNamespace: true' eliminates that problem.

When you enable process namespace sharing for a Pod, Kubernetes uses a
single process namespace for all the containers in that Pod. The
Kubernetes Pod infrastructure container becomes PID 1 and automatically
reaps orphaned processes. [0]

[0]https://cloud.google.com/solutions/best-practices-for-building-containers#solution_2_enable_process_namespace_sharing_in_kubernetes

Change-Id: I8efc08942ac281f5da0f0819fc5f181eca15d25b
This commit is contained in:
Rick Bartra 2020-07-16 16:54:32 +00:00
parent bfaeab4597
commit 4f0a22345e
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
charts/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
View File

@ -114,6 +114,7 @@ spec:
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
nodeSelector: nodeSelector:
{{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }} {{ .Values.labels.utility.node_selector_key }}: {{ .Values.labels.utility.node_selector_value }}
shareProcessNamespace: true
containers: containers:
- name: calicoctl-utility - name: calicoctl-utility
{{ tuple $envAll "calicoctl_utility" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "calicoctl_utility" | include "helm-toolkit.snippets.image" | indent 10 }}