CRE-2025-0125
Kubelet EventedPLEG Panic Causes NodeFailureHighImpact: 9/10Mitigation: 6/10
CRE-2025-0125View on GitHub
Description
Detects a critical kubelet panic in the EventedPLEG subsystem under rapid pod launch pressure. When triggered, the node's kubelet crashes, the node becomes NotReady and all resident pods are evicted resulting in a full node-level outage until manual intervention.\n
Mitigation
IMMEDIATE ACTIONS:\n- Restart kubelet on the affected node\n- Distribute load across nodes\nRECOVERY:\n- Disable `EventedPLEG` via feature gate if persistent\n- Monitor kubelet logs for panics related to evented.go\nPREVENTION:\n- Test EventedPLEG in staging before enabling in production\n- Use pod admission control to slow pod floods on small nodes\n