achevuru
commented
9 months ago Known issue in v1.15.3 and is addressed in v1.15.4.
Closed moshen-maverick closed 9 months ago
achevuru
commented
9 months ago Known issue in v1.15.3 and is addressed in v1.15.4.
moshen-maverick
commented
9 months ago @achevuru Thanks! I will update the CNI.
What happened:
After enabling the vpc-cni Network policy and adding some K8S policies we see a massive File descriptors leak which crashes the instance after a few hours.
The process that is causing this issue is "/controller --enable-ipv6=false --enable-network-policy=true --enable-cloudwatch-logs=true --enable-policy-event-logs=false --metrics-bind-addr=:8162 --health-probe-bind-addr=:8163"
At some point we can see 416698 open files by this process.
Running lsof we see a huge number of the following lines:
controlle 4873 root 20u a_inode 0,12 0 12748 bpf-map controlle 4873 root 21u a_inode 0,12 0 12748 bpf-map controlle 4873 root 22u a_inode 0,12 0 12748 bpf-map controlle 4873 root 23u a_inode 0,12 0 12748 bpf-map
Attach logs
What you expected to happen: No impact on File descriptors leak How to reproduce it (as minimally and precisely as possible): Enable the vpc-cni Network policy and add some K8S policies Anything else we need to know?:
Environment:
kubectl version): EKS 1.27cat /etc/os-release):uname -a): .10.198-187.748.amzn2.x86_64 #1 SMP Tue Oct 24 19:49:54 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux