Open sleerssen opened 3 years ago
I think I found the source of the leak. It looks like a call to deleteNetwork() is needed here:
I've been trying to get this to build locally, but am having issues with
cannot find package "github.com/containernetworking/cni/pkg/types/current"
I guess maybe I need to be on a k8s node for this to build?
Bump.
AWS EKS: 1.15/1.16 Cilium: 1.8.4 CNI Genie: genie-plugin@sha256:fbd3ad6db001035f270f9a7dc460de5145fc773cca3875ade505fa233a04ea08 genie-policy-controller@sha256:849551bc3ad1d8a74a49f264aad21191e97c0e5fdad08c20d7f7d07d9ea1e4e7
We have a cron job that frequently restarts pod creation, the result of which appears to cause CNI Genie to leak IPs by not calling the underlying CNI to release the IP. It allocates the IP, but during configuration of the pod, finds the container no longer available (from the sandbox recreation) and appears to attempt to release the address from the CNI, but the call to the CNI is never made, so the IP is held in IPAM as used, eventually exhausting IP address space.
From the kubelet log, it shows the IP allocation and the failed attempt to set up the network:
and then shortly after that, it shows an attempt to release the IP, but the CNI never gets the request: