Skip to content

Commit

Permalink
fix: don't mount D-Bus socket via mount under recursive bind mount
Browse files Browse the repository at this point in the history
`/var/run` was mounted from `/run`, and D-Bus socket to `/var/run/dbus/`
path, so when the container is stopped, container mounts are removed,
but on the host side mount propagates back, so D-Bus socket gets
propagated back to the host `/run`, and on the next kubelet restart
process continues adding even more mount levels exponentially.
Eventually on kubelet restart kernel resources are exhausted and the
node freezes.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
  • Loading branch information
smira committed Apr 27, 2022
1 parent 9a8ff76 commit c0d386a
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
1 change: 0 additions & 1 deletion internal/app/machined/pkg/system/services/kubelet.go
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,6 @@ func (k *Kubelet) Runner(r runtime.Runtime) (runner.Runner, error) {
{Type: "bind", Destination: "/etc/cni", Source: "/etc/cni", Options: []string{"rbind", "rshared", "rw"}},
{Type: "bind", Destination: "/usr/libexec/kubernetes", Source: "/usr/libexec/kubernetes", Options: []string{"rbind", "rshared", "rw"}},
{Type: "bind", Destination: "/var/run", Source: "/run", Options: []string{"rbind", "rshared", "rw"}},
{Type: "bind", Destination: "/var/run/dbus/system_bus_socket", Source: constants.DBusClientSocketPath, Options: []string{"bind", "rw"}},
{Type: "bind", Destination: "/var/lib/containerd", Source: "/var/lib/containerd", Options: []string{"rbind", "rshared", "rw"}},
{Type: "bind", Destination: "/var/lib/kubelet", Source: "/var/lib/kubelet", Options: []string{"rbind", "rshared", "rw"}},
{Type: "bind", Destination: "/var/log/containers", Source: "/var/log/containers", Options: []string{"rbind", "rshared", "rw"}},
Expand Down
2 changes: 1 addition & 1 deletion pkg/machinery/constants/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -658,7 +658,7 @@ const (
DBusServiceSocketPath = SystemRunPath + "/dbus/service.socket"

// DBusClientSocketPath is the path to the D-Bus socket for the kubelet to connect to.
DBusClientSocketPath = SystemRunPath + "/dbus/client.socket"
DBusClientSocketPath = "/run/dbus/system_bus_socket"
)

// See https://linux.die.net/man/3/klogctl
Expand Down

0 comments on commit c0d386a

Please sign in to comment.