After enabling the vpc-cni Network policy and adding some K8S policies we see a massive File descriptors leak which crashes the instance after a few hours.
The process that is causing this issue is "/controller --enable-ipv6=false --enable-network-policy=true --enable-cloudwatch-logs=true --enable-policy-event-logs=false --metrics-bind-addr=:8162 --health-probe-bind-addr=:8163"
At some point we can see 416698 open files by this process.
Running lsof we see a huge number of the following lines:
What you expected to happen:
No impact on File descriptors leak
How to reproduce it (as minimally and precisely as possible):
Enable the vpc-cni Network policy and add some K8S policies
Anything else we need to know?:
Environment:
Kubernetes version (use kubectl version): EKS 1.27
CNI Version: "v1.15.3-eksbuild.1"
Network Policy Agent Version
OS (e.g: cat /etc/os-release):
Kernel (e.g. uname -a): .10.198-187.748.amzn2.x86_64 #1 SMP Tue Oct 24 19:49:54 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
What happened:
After enabling the vpc-cni Network policy and adding some K8S policies we see a massive File descriptors leak which crashes the instance after a few hours.
The process that is causing this issue is "/controller --enable-ipv6=false --enable-network-policy=true --enable-cloudwatch-logs=true --enable-policy-event-logs=false --metrics-bind-addr=:8162 --health-probe-bind-addr=:8163"
At some point we can see 416698 open files by this process.
Running lsof we see a huge number of the following lines:
controlle 4873 root 20u a_inode 0,12 0 12748 bpf-map controlle 4873 root 21u a_inode 0,12 0 12748 bpf-map controlle 4873 root 22u a_inode 0,12 0 12748 bpf-map controlle 4873 root 23u a_inode 0,12 0 12748 bpf-map
Attach logs
What you expected to happen: No impact on File descriptors leak How to reproduce it (as minimally and precisely as possible): Enable the vpc-cni Network policy and add some K8S policies Anything else we need to know?:
Environment:
kubectl version
): EKS 1.27cat /etc/os-release
):uname -a
): .10.198-187.748.amzn2.x86_64 #1 SMP Tue Oct 24 19:49:54 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux