Error while reading from Writer

[narayanan]

Seeing the following message in docker daemon log. Once this error happens, docker daemon becomes unresponsive.

time="2020-08-15T22:15:47Z" level=error msg="Error while reading from Writer: bufio.Scanner: token too long" plugin=08dbb7e7fa5b2fe88e92ccac8783d8866cc40df8b2855bbe8381132b8e1c3ec3

Environment:

• Docker DIND + OPA authz plugin deployed in kubernetes environment

apiVersion: v1
kind: Pod
metadata:
  labels:
    name: dind
  name: dind-daemon
  containers:
  - command:
    - sh
    - -c
    - if [ -d /var/run/dind/docker.sock ]; then rm -rf /var/run/dind/docker.sock;fi
      && /usr/local/bin/dockerd-entrypoint.sh dockerd --storage-driver=overlay2 -H
      unix:///var/run/dind/docker.sock
    image: docker:18.09.5-dind
    imagePullPolicy: IfNotPresent
    lifecycle:
      postStart:
        exec:
          command:
          - /bin/sh
          - -c
          - 'mkdir -p /etc/docker/policies && cp /etc/docker/opa-policy/authz.rego
            /etc/docker/policies && docker -H unix:///var/run/dind/docker.sock plugin
            install --grant-all-permissions openpolicyagent/opa-docker-authz-v2:0.4
            opa-args="-policy-file /opa/policies/authz.rego" && echo ''{ "authorization-plugins":
            ["openpolicyagent/opa-docker-authz-v2:0.4"] }'' > /etc/docker/daemon.json
            && kill -HUP $(pidof dockerd)'
    name: dind
    resources:
      requests:
        cpu: "1"
        memory: 4G
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /var/lib/docker
      name: varlibdocker
    - mountPath: /var/run/dind
      name: rundind
    - mountPath: /etc/docker/opa-policy
      name: opa-policy
  volumes:
  - emptyDir: {}
    name: varlibdocker
  - configMap:
      defaultMode: 420
      name: docker-opa-policy
    name: opa-policy
  - hostPath:
      path: /var/run/dind/
      type: ""
    name: rundind

====

apiVersion: v1
data:
  authz.rego: |-
    package docker.authz

    default allow = false

    allow {
        not input.Body.HostConfig.Privileged
    }
kind: ConfigMap
metadata:
  name: docker-opa-policy