Run etcd with shareProcessNamespace: true to reap zombie processes

The kubernetes-etcd pods are leaving behind zombie processes and setting 'shareProcessNamespace: true' eliminates that problem. When you enable process namespace sharing for a Pod, Kubernetes uses a single process namespace for all the containers in that Pod. The Kubernetes Pod infrastructure container becomes PID 1 and automatically reaps orphaned processes. [0] [0]https://cloud.google.com/solutions/best-practices-for-building-containers#solution_2_enable_process_namespace_sharing_in_kubernetes Change-Id: I61566fb71258baafa709b0e5367c71f13e980f6f
2020-07-21 22:26:34 +00:00 · 2020-07-21 22:26:34 +00:00 · 0ffde4162e
parent d44084664e
commit 0ffde4162e
3 changed files with 3 additions and 0 deletions
--- a/charts/etcd/templates/daemonset-anchor.yaml
+++ b/charts/etcd/templates/daemonset-anchor.yaml
@ -53,6 +53,7 @@ spec:
    spec:
 {{ dict "envAll" $envAll "application" "anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      hostNetwork: true
+      shareProcessNamespace: true
      {{- if .Values.anchor.dns_policy }}
      dnsPolicy: {{ .Values.anchor.dns_policy }}
      {{- end }}
--- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
+++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
@ -54,6 +54,7 @@ metadata:
 spec:
 {{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
  hostNetwork: true
+  shareProcessNamespace: true
  containers:
    - name: etcd
      image: {{ .Values.images.tags.etcd }}
--- a/charts/etcd/templates/tests/test-etcd-health.yaml
+++ b/charts/etcd/templates/tests/test-etcd-health.yaml
@ -36,6 +36,7 @@ spec:
    {{ .Values.labels.anchor.node_selector_key }}: {{ .Values.labels.anchor.node_selector_value }}
  restartPolicy: Never
  hostNetwork: true
+  shareProcessNamespace: true
  tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule