salt: Avoid duplicating static pod manifests

When using `metalk8s.static_pod_managed`, we call `file.managed` behind the scenes. This state does a lot of magic, including creating a temporary file with the new contents before replacing the old file. This temp file gets created **in the same directory** as the managed file by default, so it gets picked up by `kubelet` as if it were another static Pod to manage. If the replacement occurs too late, `kubelet` may have already created another Pod for the temp file, and may not be able to "remember" the old Pod, hence not cleaning it up. This results in "rogue containers", which can create issues (e.g. preventing new containers from binding some ports on the host). This commit ensures we create the temp files in `/tmp` (unless specified otherwise), which should prevent the aforementioned situation from happening. Fixes: #2840
scality · Dec 28, 2020 · 45e461e · 45e461e
1 parent 7286a2f
commit 45e461e
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/salt/_states/metalk8s.py b/salt/_states/metalk8s.py
@@ -1,5 +1,6 @@
 """Custom states for MetalK8s."""
 
+import tempfile
 import time
 import re
 
@@ -76,6 +77,7 @@ def static_pod_managed(name,
             context or {},
             config_digest=config_digest, metalk8s_version=metalk8s_version
         ),
+        tmp_dir=kwargs.pop("tmp_dir", tempfile.gettempdir()),
         **kwargs
     )