oci: Delete container resources upon creation failure
When cri-o assumes the container creation failed, we need to let the runtime know that we're bailing out so that it cancels all ongoing operation. In container creation timeout situations for example, failing to explictly request the runtime for container deletion can lead to large resource leaks as kubelet re-creates a failing container, while the runtime finishes creating the previous one(s). Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
Samuel Ortiz
parent
5b2652c3e3
commit
eae1b7d6bd
1 changed files with 8 additions and 1 deletions
|
|
@ -151,7 +151,7 @@ func getOCIVersion(name string, args ...string) (string, error) {
|
|||
}
|
||||
|
||||
// CreateContainer creates a container.
|
||||
func (r *Runtime) CreateContainer(c *Container, cgroupParent string) error {
|
||||
func (r *Runtime) CreateContainer(c *Container, cgroupParent string) (err error) {
|
||||
var stderrBuf bytes.Buffer
|
||||
parentPipe, childPipe, err := newPipe()
|
||||
childStartPipe, parentStartPipe, err := newPipe()
|
||||
|
|
@ -248,6 +248,13 @@ func (r *Runtime) CreateContainer(c *Container, cgroupParent string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
// We will delete all container resources if creation fails
|
||||
defer func() {
|
||||
if err != nil {
|
||||
r.DeleteContainer(c)
|
||||
}
|
||||
}()
|
||||
|
||||
// Wait to get container pid from conmon
|
||||
type syncStruct struct {
|
||||
si *syncInfo
|
||||
|
|
|
|||
Loading…
Reference in a new issue