Fix tini zombie reaping with shared process namespace

[ahhda]

Summary

Adds the -s (subreaper) flag to tini in the Dockerfile entrypoint to fix zombie process reaping when shareProcessNamespace: true is set in Kubernetes deployments.

Problem

Our Kubernetes deployments use shareProcessNamespace: true to allow sidecar containers (like the memory monitor) to access /proc of the main process. However, this causes the following warning:

[WARN  tini (82)] Tini is not running as PID 1 and isn't registered as a child subreaper.
Zombie processes will not be re-parented to Tini, so zombie reaping won't work.
To fix the problem, use the -s option or set the environment variable TINI_SUBREAPER to register Tini as a child subreaper, or run Tini as PID 1.

When shareProcessNamespace is enabled, Kubernetes' pause container becomes PID 1 instead of tini:

PID 1: pause (Kubernetes infrastructure)
├── tini -- autopilot
│   └── autopilot
└── /bin/sh -c (memory-monitor sidecar)

Without PID 1 status, tini cannot reap zombie (orphaned) child processes by default.

Solution

The -s flag tells tini to register as a child subreaper via the PR_SET_CHILD_SUBREAPER prctl. This Linux kernel feature allows a non-PID-1 process to adopt and reap orphaned descendant processes, restoring proper zombie cleanup.

[gemini-code-assist]

Code Review

The change correctly adds the -s flag to tini in Dockerfile to address zombie process reaping in shared process namespaces. However, the fix is incomplete. The tini entrypoint in playground/Dockerfile (line 114) is also missing the -s flag, which will lead to the same zombie process reaping failure this PR aims to solve. To ensure consistent behavior and prevent resource leaks from zombie processes, the -s flag should also be added to playground/Dockerfile.

[squadgazzz]

Thanks! Not sure if we need it in the playground/Dockerfile tho.

[jmg-duarte]

Thanks! Not sure if we need it in the playground/Dockerfile tho.

I haven't run into any issues