Fix: anchor pre-stop failures

kubernetes-controller-manager-anchor pods get stuck in Terminating state because the pre-stop script tries to touch /tmp/stop, which is on a read only root filesystem. This change mounts an emptyDir at /tmp to resolve the issue. The same change is applied to apiserver, etcd, and scheduler anchors, to prevent the issue if readOnlyRootFilesystem is enabled. Related change for haproxy: https://review.opendev.org/685711/ Change-Id: I784498e0dc24da91a983716029973919b96a3055
2019-11-04 11:39:19 -08:00 · 2019-11-04 11:39:19 -08:00 · a7c7282ba4
parent 02fc5342b2
commit a7c7282ba4
4 changed files with 16 additions and 0 deletions
--- a/charts/apiserver/templates/daemonset.yaml
+++ b/charts/apiserver/templates/daemonset.yaml
@ -99,6 +99,8 @@ spec:
              mountPath: /tmp/bin
            - name: {{ .Values.service.name }}-etc
              mountPath: /tmp/etc
+            - name: pod-tmp
+              mountPath: /tmp
 {{ if $mounts_kubernetes_apiserver.volumeMounts }}{{ toYaml $mounts_kubernetes_apiserver.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: {{ .Values.service.name }}-bin
@ -120,5 +122,7 @@ spec:
          configMap:
            name: {{ .Values.service.name }}-etc
            defaultMode: 0444
+        - name: pod-tmp
+          emptyDir: {}
 {{ if $mounts_kubernetes_apiserver.volumes }}{{ toYaml $mounts_kubernetes_apiserver.volumes | indent 8 }}{{ end }}
 {{- end }}
--- a/charts/controller_manager/templates/daemonset.yaml
+++ b/charts/controller_manager/templates/daemonset.yaml
@ -91,6 +91,8 @@ spec:
              mountPath: /host
            - name: secret
              mountPath: /secret
+            - name: pod-tmp
+              mountPath: /tmp
 {{ if $mounts_controller_manager.volumeMounts }}{{ toYaml $mounts_controller_manager.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: {{ .Values.service.name }}-bin
@ -108,5 +110,7 @@ spec:
          secret:
            secretName: {{ .Values.service.name }}
            defaultMode: 0444
+        - name: pod-tmp
+          emptyDir: {}
 {{ if $mounts_controller_manager.volumes }}{{ toYaml $mounts_controller_manager.volumes | indent 8 }}{{ end }}
 {{- end }}
--- a/charts/etcd/templates/daemonset-anchor.yaml
+++ b/charts/etcd/templates/daemonset-anchor.yaml
@ -127,6 +127,8 @@ spec:
              mountPath: /manifests
            - name: {{ .Values.service.name }}-etc
              mountPath: /anchor-etcd
+            - name: pod-tmp
+              mountPath: /tmp
 {{ if $mounts_daemonset_anchor.volumeMounts }}{{ toYaml $mounts_daemonset_anchor.volumeMounts | indent 12 }}{{ end }}
      volumes:
        - name: {{ .Values.service.name }}-bin
@ -161,5 +163,7 @@ spec:
          configMap:
            name: {{ .Values.service.name }}-etc
            defaultMode: 0444
+        - name: pod-tmp
+          emptyDir: {}
 {{ if $mounts_daemonset_anchor.volumes }}{{ toYaml $mounts_daemonset_anchor.volumes | indent 8 }}{{ end }}
 {{- end }}
--- a/charts/scheduler/templates/sched-anchor.yaml
+++ b/charts/scheduler/templates/sched-anchor.yaml
@ -81,6 +81,8 @@ spec:
              mountPath: /host
            - name: secret
              mountPath: /secret
+            - name: pod-tmp
+              mountPath: /tmp
      terminationGracePeriodSeconds: {{ .Values.anchor.termination_grace_period }}
      volumes:
        - name: bin
@ -98,3 +100,5 @@ spec:
          secret:
            secretName: kubernetes-scheduler
            defaultMode: 0444
+        - name: pod-tmp
+          emptyDir: {}