Similar goroutine leakage from my cluster that had been running for 5 hours. My kubelet happily accumulate over 18000 goroutines.

8930 @ 0x417025 0x4138e0 0x412d78 0x56a587 0x56a5f3 0x56c2af 0x57f75c 0x5c6b0e 0x5d0a14 0x7a59fe 0x7a5c40 0x5c4304 0x440751
#   0x56a587    net.(*pollDesc).Wait+0x47       /usr/src/go/src/net/fd_poll_runtime.go:84
#   0x56a5f3    net.(*pollDesc).WaitRead+0x43       /usr/src/go/src/net/fd_poll_runtime.go:89
#   0x56c2af    net.(*netFD).Read+0x40f         /usr/src/go/src/net/fd_unix.go:242
#   0x57f75c    net.(*conn).Read+0xdc           /usr/src/go/src/net/net.go:121
#   0x5c6b0e    net/http.noteEOFReader.Read+0x6e    /usr/src/go/src/net/http/transport.go:1270
#   0x5d0a14    net/http.(*noteEOFReader).Read+0xd4 <autogenerated>:125
#   0x7a59fe    bufio.(*Reader).fill+0x1ce      /usr/src/go/src/bufio/bufio.go:97
#   0x7a5c40    bufio.(*Reader).Peek+0xf0       /usr/src/go/src/bufio/bufio.go:132
#   0x5c4304    net/http.(*persistConn).readLoop+0xa4   /usr/src/go/src/net/http/transport.go:842

8935 @ 0x417025 0x4192cc 0x418762 0x5c540d 0x440751
#   0x5c540d    net/http.(*persistConn).writeLoop+0x41d /usr/src/go/src/net/http/transport.go:945

As an record: I measured this before 1.0 release, and found some leakages from cAdvsor. After that fix, we reasonably keep the goroutine down to some number (i.e. 100)

This should be a regression. This explains Kubelet CPU, memory usage increasing.

I found the culprit.

TL;DR: go-dockerclient now saves and reuses the connection. cadvisor.GetVersionInfo creates a new docker client each time, causing the connection leakage. This does not affect v1.1 because go-dockerclient was only updated recently (#15127).

Kubelet calls cadvisor to get version info whenever updating the node status. In every cadvisor.GetVersionInfo function call, cadvisor creates and using a new docker client each time to get the Docker version.

A recent go-dockerclient commit fsouza/go-dockerclient@1632686 changes to use http.Client for HTTP requests over UNIX domain socket. This changes the behavior of the client - it no longer closes the connection immediately after the request, instead, it saves it for future use.

Note that the cadvisor repository still uses the older go-dockerclient, hence could not have caught the leakage.

Removing this issue from v1.1milestone since it only affects HEAD (verified).

Simple code to reproduce this issue:
Using cadvisor (through k8s): https://gist.github.com/yujuhong/bed3f6757da772bef50b
Using go-dockerclient directly: https://gist.github.com/yujuhong/6068441fb45746dfcc77

Classy digging 🏆

Some PRs from cadvisor (#909, @jimmidyson's prometheus PRs) and a pending PR for issue #920, might have to be cherry-picked into v1.1. I think resolving this issue right away in cadvisor is necessary.

Some PRs from cadvisor (#909, @jimmidyson's prometheus PRs) and a pending PR for issue #920, might have to be cherry-picked into v1.1. I think resolving this issue right away in cadvisor is necessary.

We should resolve this issue in cadvisor, but as long as we don't bump the go-dockerclient version in v1.1, v1.1 wouldn't be affected.

Update: cadvisor also creates a new docker client for each container. With the new go-dockerclient, it would use one connection per container, and never reclaims those connections after the containers die.

Here are the reason I moved this back to v1.1 milestone:

#15612 (comment)

cc/ @pmorie Do we really need AdditionalGroups feature for 1.1 release? Otherwise, we don't need to bump go-dockerclient library to include commit fsouza/go-dockerclient@1632686

All pr required from cAdvisor were merged, we just need to cut a new release: google/cadvisor#935, and update our GoDep here.

@dchen1107 I would like to have SupplementalGroups for use in 1.1, yeah.

Is this what causes my Kubelets to use a massive amount of memory?

@paralin If you are running kubelet from HEAD, you might hit by this issue caused by misuse of new go-dockerclient library by cAdvisor. But if you are running 1.0 release, that should be a different issue.

@dchen1107 It's on HEAD. Is there a fix PR yet?

@paralin: The fix #16127 (cadvisor version bump) should be merged soon.

Needs cherrypick, also