This problem often arises when a pod attempts to terminate but has open mounts (volumes, secrets, etc.) associated with it. Given that the OneAgent container mounts the entire host's root filesystem, it can prevent Kubernetes from unmounting these resources, leading to the pod being stuck.


Currently we exclude paths matching the following regular expressions:

/var/lib/kubelet/pods/.*/volumes/kubernetes\.io~(downward-api|empty-dir|csi|secret) /var/lib/kubelet/pods/.*/volume-subpaths/.* /run/netns/.* /run/containerd/io\.containerd\.grpc\.v1\.cri/sandboxes/.*

If the default exclusions are insufficient for your setup, you can specify additional patterns for exclusion.

  • Set the ONEAGENT_ADDITIONAL_UNMOUNT_PATTERN environmental variable in the OneAgent container.
  • If your host root filesystem is mounted as read-only, you can specify an exclusion pattern by creating a file mounted to /mnt/additional_unmount_pattern. This file should contain a single line of text with the regular expression for the paths you want to exclude.
‎02 Apr 2024 08:00 AM
