fix: bring back updated containerd gvisor patch#1235
fix: bring back updated containerd gvisor patch#1235talos-bot merged 1 commit intosiderolabs:mainfrom
Conversation
When updating for containerd 2.1, I assumed the patch is no longer needed, as it was included into containerd, but it turns out it got reverted upstream: containerd/containerd#11793 So bring back the patch in updated form, as otherwise `gvisor` leaves running processes behind on container stop. Signed-off-by: Andrey Smirnov <[email protected]>
|
containerd/containerd#11793 is a new fix for the same issue, so the previous patch should no longer be needed. If you are still running into problems with gVisor and containerd, please open an issue with the containerd project. |
thanks, will do this after I confirm that it indeed fixes the issue. I could only observe that some process is left over in the host after gvisor-backed is terminated (previously it was stuck on termination), but now the pod is terminated, but something is left running (need to check more). |
|
/m |
@samuelkarp created an issue containerd/containerd#11871 |
Don't set sandbox ID on containers when using the internal podsandbox sandboxer. gVisor's shim doesn't implement the Sandbox Manager API, so linking containers to it causes kubelet to detect SandboxChanged and restart pods every ~2 minutes. Cherry-picked from containerd PR containerd#11741 / Talos siderolabs/pkgs#1235. Co-Authored-By: Claude Opus 4.6 <[email protected]>
4 participants
When updating for containerd 2.1, I assumed the patch is no longer needed, as it was included into containerd, but it turns out it got reverted upstream: containerd/containerd#11793
So bring back the patch in updated form, as otherwise
gvisorleaves running processes behind on container stop.