From 0ffde4162ecb7539fe505840c3e4fdd4e750deb0 Mon Sep 17 00:00:00 2001
From: Rick Bartra <rb560u@att.com>
Date: Tue, 21 Jul 2020 22:26:34 +0000
Subject: [PATCH] Run etcd with shareProcessNamespace: true to reap zombie
 processes

The kubernetes-etcd pods are leaving behind zombie processes and
setting 'shareProcessNamespace: true' eliminates that problem.

When you enable process namespace sharing for a Pod, Kubernetes uses a
single process namespace for all the containers in that Pod. The
Kubernetes Pod infrastructure container becomes PID 1 and automatically
reaps orphaned processes. [0]

[0]https://cloud.google.com/solutions/best-practices-for-building-containers#solution_2_enable_process_namespace_sharing_in_kubernetes


Change-Id: I61566fb71258baafa709b0e5367c71f13e980f6f
---
 charts/etcd/templates/daemonset-anchor.yaml         | 1 +
 charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl | 1 +
 charts/etcd/templates/tests/test-etcd-health.yaml   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/charts/etcd/templates/daemonset-anchor.yaml b/charts/etcd/templates/daemonset-anchor.yaml
index 47df998d..1f74854e 100644
--- a/charts/etcd/templates/daemonset-anchor.yaml
+++ b/charts/etcd/templates/daemonset-anchor.yaml
@@ -53,6 +53,7 @@ spec:
     spec:
 {{ dict "envAll" $envAll "application" "anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       hostNetwork: true
+      shareProcessNamespace: true
       {{- if .Values.anchor.dns_policy }}
       dnsPolicy: {{ .Values.anchor.dns_policy }}
       {{- end }}
diff --git a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
index 5bc5a315..c4850bc1 100644
--- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
+++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl
@@ -54,6 +54,7 @@ metadata:
 spec:
 {{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
   hostNetwork: true
+  shareProcessNamespace: true
   containers:
     - name: etcd
       image: {{ .Values.images.tags.etcd }}
diff --git a/charts/etcd/templates/tests/test-etcd-health.yaml b/charts/etcd/templates/tests/test-etcd-health.yaml
index 0029fabc..cc9cef59 100644
--- a/charts/etcd/templates/tests/test-etcd-health.yaml
+++ b/charts/etcd/templates/tests/test-etcd-health.yaml
@@ -36,6 +36,7 @@ spec:
     {{ .Values.labels.anchor.node_selector_key }}: {{ .Values.labels.anchor.node_selector_value }}
   restartPolicy: Never
   hostNetwork: true
+  shareProcessNamespace: true
   tolerations:
     - key: node-role.kubernetes.io/master
       effect: NoSchedule