airship
/
divingbell
Code Issues Proposed changes

Avoid rbd unmap failure; use HostToContainer mountPropagation 

The divingbell pods use a hostPath volume for the root filesystem. As a
side-effect of this mount including /var/lib/kubelet, the divingbell pod
becomes aware of every volume mounted in every pod on the same host --
they are all visible in /proc/mounts. This includes ceph-backed PVCs.

With the default mount propagation of None, this happens only when the
divingbell pod starts - divingbell has a "snapshot" of the mount state.

In the case of another pod on the same host using a ceph-backed PVC,
when the pod terminates, kubelet tries to unmap the rbd device. This
fails, because the divingbell pod is still hanging on to a reference to
the rbd. This manifests in kubelet logs as:
    rbd: unmap failed: (16) Device or resource busy

This change sets the mountPropagation to HostToContainer for the rootfs
volume, so that divingbell will not prevent kubelet from releasing these
devices.

https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation

Change-Id: I6e91fb9b9d7cbe852c5e6dc8b7224d6085175590
This commit is contained in:
Phil Sphicas 2020-11-05 21:03:55 +00:00
parent 55ba4cb61c
commit a9d533eee0
9 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
divingbell/templates/daemonset-apparmor.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-apt.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-ethtool.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-exec.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-limits.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-mounts.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-perm.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-sysctl.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-uamlite.yaml
View File

@ -54,6 +54,7 @@ spec:
volumeMounts:
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}