File descriptors leak
moshen-maverick opened this issue · comments
What happened:
After enabling the vpc-cni Network policy and adding some K8S policies we see a massive File descriptors leak which crashes the instance after a few hours.
The process that is causing this issue is "/controller --enable-ipv6=false --enable-network-policy=true --enable-cloudwatch-logs=true --enable-policy-event-logs=false --metrics-bind-addr=:8162 --health-probe-bind-addr=:8163"
At some point we can see 416698 open files by this process.
Running lsof we see a huge number of the following lines:
controlle 4873 root 20u a_inode 0,12 0 12748 bpf-map
controlle 4873 root 21u a_inode 0,12 0 12748 bpf-map
controlle 4873 root 22u a_inode 0,12 0 12748 bpf-map
controlle 4873 root 23u a_inode 0,12 0 12748 bpf-map
Attach logs
What you expected to happen:
No impact on File descriptors leak
How to reproduce it (as minimally and precisely as possible):
Enable the vpc-cni Network policy and add some K8S policies
Anything else we need to know?:
Environment:
- Kubernetes version (use
kubectl version
): EKS 1.27 - CNI Version: "v1.15.3-eksbuild.1"
- Network Policy Agent Version
- OS (e.g:
cat /etc/os-release
): - Kernel (e.g.
uname -a
): .10.198-187.748.amzn2.x86_64 #1 SMP Tue Oct 24 19:49:54 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Known issue in v1.15.3
and is addressed in v1.15.4
.
@achevuru Thanks! I will update the CNI.