From d29bd18e18e5ef54d84ffe145bd801fed47d08e5 Mon Sep 17 00:00:00 2001
From: Djalal Harouni <tixxdz@gmail.com>
Date: Mon, 23 Oct 2023 14:08:11 +0200
Subject: [PATCH] tetragon: limit systemd from restarting the service

Signed-off-by: Djalal Harouni <tixxdz@gmail.com>
---
 install/linux-tarball/systemd/tetragon.service | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/install/linux-tarball/systemd/tetragon.service b/install/linux-tarball/systemd/tetragon.service
index 300e6311a68..b982833dd3c 100644
--- a/install/linux-tarball/systemd/tetragon.service
+++ b/install/linux-tarball/systemd/tetragon.service
@@ -7,6 +7,19 @@ DefaultDependencies=no
 After=network.target local-fs.target
 Documentation=https://tetragon.io/
 
+# Do not restart the service anymore if it was started more than
+# 10 times withing a 2 minutes interval.
+# This allows to cover restart on failures but also gives users
+# the possibility to manually restart the service within those
+# limits.
+# On failures, users can do "systemctl reset-failed tetragon" to
+# flush the counters and allow the service to start again.
+
+# Burst times withing the interval
+StartLimitBurst=10
+# The interval where starting the service again is not allowed anymore.
+StartLimitIntervalSec=2min
+
 [Service]
 Environment="PATH=/usr/local/lib/tetragon/:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 User=root