*** This bug is a duplicate of bug 1846787 ***
https://bugs.launchpad.net/bugs/1846787
Verification done with fix for bug 1846787 on xenial-proposed (systemd
229-4ubuntu21.23).
With the new systemd packages there are no leaked scope units for
transient mounts.
cheers,
Mauricio
Setup
---
$ sudo snap install --beta --classic multipass
$ multipass launch --cpus 16 --mem 8G --disk 8G --name lp1847512 xenial
$ multipass shell lp1847512
$ sudo apt update && sudo apt -y upgrade && sudo apt -y install
linux-generic-hwe-16.04 && sudo reboot
$ multipass shell lp1847512
$ lsb_release -cs
xenial
$ uname -rv
4.15.0-72-generic #81~16.04.1-Ubuntu SMP Tue Nov 26 16:34:21 UTC 2019
$ sudo snap install microk8s --channel=1.16/stable --classic
$ sudo snap alias microk8s.kubectl kubectl
$ sudo usermod -a -G microk8s $USER
$ newgrp microk8s
$ kubectl create secret generic secret-for-pod --from-literal=key=value
$ cat <<EOF > pod-with-secret.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-with-secret
spec:
containers:
- name: container
image: debian:stretch
args: ["/bin/true"]
volumeMounts:
- name: secret
mountPath: /secret
volumes:
- name: secret
secret:
secretName: secret-for-pod
restartPolicy: Never
EOF
xenial-updates: there are leaked scope units over time. (bad)
---
$ multipass shell lp1847512
$ dpkg -s systemd | grep ^Version:
Version: 229-4ubuntu21.22
No scope units at the beginning:
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
$
Test #1: leaked one unit.
$ kubectl create -f pod-with-secret.yaml
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-with-secret 0/1 Completed 0 11s
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
run-rf2ba6bb83e014123818fedcdde24ef63.scope loaded active running Kubernetes
transient mount for
/var/snap/microk8s/common/var/lib/kubelet/pods/62cea6e6-bb30-4a48-a61b-0242d10f0546/volumes/kubernetes.io~secret/secret
$ kubectl delete pods pod-with-secret
pod "pod-with-secret" deleted
Test #2: leaked zero units.
$ kubectl create -f pod-with-secret.yaml
pod/pod-with-secret created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-with-secret 0/1 Completed 0 5s
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
run-rf2ba6bb83e014123818fedcdde24ef63.scope loaded active running Kubernetes
transient mount for
/var/snap/microk8s/common/var/lib/kubelet/pods/62cea6e6-bb30-4a48-a61b-0242d10f0546/volumes/kubernetes.io~secret/secret
$ kubectl delete pods pod-with-secret
pod "pod-with-secret" deleted
Test #3: leaked one more unit.
$ kubectl create -f pod-with-secret.yaml
pod/pod-with-secret created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-with-secret 0/1 Completed 0 4s
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
run-r181f6242dd644256be6f8405eab60ed7.scope loaded active running Kubernetes
transient mount for
/var/snap/microk8s/common/var/lib/kubelet/pods/a35aee3e-cc0a-443c-a33d-556b94730e1e/volumes/kubernetes.io~secret/secret
run-rf2ba6bb83e014123818fedcdde24ef63.scope loaded active running Kubernetes
transient mount for
/var/snap/microk8s/common/var/lib/kubelet/pods/62cea6e6-bb30-4a48-a61b-0242d10f0546/volumes/kubernetes.io~secret/secret
$ kubectl delete pods pod-with-secret
Clean up the leaked units.
$ sudo systemctl stop run-r181f6242dd644256be6f8405eab60ed7.scope
run-rf2ba6bb83e014123818fedcdde24ef63.scope
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
$
xenial-proposed: there are NO leaked scope units over time. (good)
---
$ echo 'deb http://archive.ubuntu.com/ubuntu xenial-proposed main' | sudo tee
/etc/apt/sources.list.d/xenial-proposed.list
$ sudo apt update
$ sudo apt -y install systemd
$ sudo systemctl daemon-reexec
$ dpkg -s systemd | grep ^Version:
Version: 229-4ubuntu21.23
No scope units at the beginning:
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
$
Test #1: no leaked zero units.
$ kubectl create -f pod-with-secret.yaml
pod/pod-with-secret created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-with-secret 0/1 Completed 0 4s
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
$
$ kubectl delete pods pod-with-secret
pod "pod-with-secret" deleted
Test #2: no leaked zero units.
$ kubectl create -f pod-with-secret.yaml
pod/pod-with-secret created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-with-secret 0/1 Completed 0 7s
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
$
$ kubectl delete pods pod-with-secret
pod "pod-with-secret" deleted
Test #3: no leaked zero units.
$ kubectl create -f pod-with-secret.yaml
pod/pod-with-secret created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-with-secret 0/1 Completed 0 4s
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
$
$ kubectl delete pods pod-with-secret
pod "pod-with-secret" deleted
Test #4: no leaked zero units.
$ kubectl create -f pod-with-secret.yaml
pod/pod-with-secret created
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-with-secret 0/1 Completed 0 3s
$ systemctl list-units --type=scope | grep 'Kubernetes transient mount for'
$
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847512
Title:
xenial: leftover scope units for Kubernetes transient mounts
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1847512/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
