Runtime process left behind when container creation fails #4000
Description
Description
When running the following container, which will fail to start, I can see runc / kata / runtimes processes being left behind.
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2020-07-11T17:52:32Z"
name: reproducer
spec:
restartPolicy: Never
containers:
- command:
- /bin/sleep 3000
env:
- name: PATH
value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- name: TERM
value: xterm
- name: HOSTNAME
- name: container
value: podman
image: docker.io/library/busybox:latest
name: sadramanujan
resources: {}
securityContext:
allowPrivilegeEscalation: true
capabilities: {}
privileged: false
readOnlyRootFilesystem: false
seLinuxOptions: {}
stdin: true
tty: true
workingDir: /
On a k8s environment using CRI-O, simply do:
Steps to reproduce the issue:
- kubectly apply -f /path/to/reproducer.yml
- Wait till it fails to start
- Check that a runc or kata processes are still left behind
Describe the results you received:
The processes are still left behind.
Describe the results you expected:
The processes should be cleaned up, as it's done with containerd.
Additional information you deem important (e.g. issue happens only occasionally):
Output of crio --version:
fidencio@angeli ~ $ crio --version
crio version 1.18.3
Version: 1.18.3
GitCommit: f8e20a121278c753fe55eb806de8c764f2ec6e3e
GitTreeState: dirty
BuildDate: 2020-07-22T14:08:49Z
GoVersion: go1.14.4
Compiler: gc
Platform: linux/amd64
Linkmode: dynamic
Additional environment details (AWS, VirtualBox, physical, etc.):
Tested on a physical k8s clusters, deployed with kubeadm.