In cri-containerd, we usually launch a sandbox container to hold the pod namespace, and let the other application containers share the same namespace with it including pid namespace.
In one of our test, we run a sh -c top container (sharing pid namespace with the sandbox container), and expect to be able to kill and delete it.
task.Kill doesn't kill all processes, for the sh -c top container, top will be left there until we task.Delete the container;task.Delete always Cancel, Wait and Close the IO before delete the task. However, Delete will hang forever, because Cancel doesn't actually aborts all current io operations (the comment seems wrong), and top will keep running and generating output.
Possible solution:
- Option 1: Add a function or option to kill all processes inside the task.
- Option 2:
Cancel is not that useful, we may be able to Close first and Wait for container IO.
Option 2 may cause output missing because we proactively close the stream, so option 1 seems better.
In cri-containerd, we usually launch a sandbox container to hold the pod namespace, and let the other application containers share the same namespace with it including pid namespace.
In one of our test, we run a
sh -c topcontainer (sharing pid namespace with the sandbox container), and expect to be able to kill and delete it.task.Killdoesn't kill all processes, for thesh -c topcontainer,topwill be left there until wetask.Deletethe container;task.DeletealwaysCancel,WaitandClosethe IO before delete the task. However,Deletewill hang forever, becauseCanceldoesn't actuallyaborts all current io operations(the comment seems wrong), andtopwill keep running and generating output.Possible solution:
Cancelis not that useful, we may be able toClosefirst andWaitfor container IO.Option 2 may cause output missing because we proactively close the stream, so option 1 seems better.