From a7c7282ba4117a827eea3862a7cb68e87d29daac Mon Sep 17 00:00:00 2001 From: Phil Sphicas Date: Mon, 4 Nov 2019 11:39:19 -0800 Subject: [PATCH] Fix: anchor pre-stop failures kubernetes-controller-manager-anchor pods get stuck in Terminating state because the pre-stop script tries to touch /tmp/stop, which is on a read only root filesystem. This change mounts an emptyDir at /tmp to resolve the issue. The same change is applied to apiserver, etcd, and scheduler anchors, to prevent the issue if readOnlyRootFilesystem is enabled. Related change for haproxy: https://review.opendev.org/685711/ Change-Id: I784498e0dc24da91a983716029973919b96a3055 --- charts/apiserver/templates/daemonset.yaml | 4 ++++ charts/controller_manager/templates/daemonset.yaml | 4 ++++ charts/etcd/templates/daemonset-anchor.yaml | 4 ++++ charts/scheduler/templates/sched-anchor.yaml | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/charts/apiserver/templates/daemonset.yaml b/charts/apiserver/templates/daemonset.yaml index 5620dd34..4b737869 100644 --- a/charts/apiserver/templates/daemonset.yaml +++ b/charts/apiserver/templates/daemonset.yaml @@ -99,6 +99,8 @@ spec: mountPath: /tmp/bin - name: {{ .Values.service.name }}-etc mountPath: /tmp/etc + - name: pod-tmp + mountPath: /tmp {{ if $mounts_kubernetes_apiserver.volumeMounts }}{{ toYaml $mounts_kubernetes_apiserver.volumeMounts | indent 12 }}{{ end }} volumes: - name: {{ .Values.service.name }}-bin @@ -120,5 +122,7 @@ spec: configMap: name: {{ .Values.service.name }}-etc defaultMode: 0444 + - name: pod-tmp + emptyDir: {} {{ if $mounts_kubernetes_apiserver.volumes }}{{ toYaml $mounts_kubernetes_apiserver.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/charts/controller_manager/templates/daemonset.yaml b/charts/controller_manager/templates/daemonset.yaml index c18669ff..34071a26 100644 --- a/charts/controller_manager/templates/daemonset.yaml +++ b/charts/controller_manager/templates/daemonset.yaml @@ -91,6 +91,8 @@ spec: mountPath: /host - name: secret mountPath: /secret + - name: pod-tmp + mountPath: /tmp {{ if $mounts_controller_manager.volumeMounts }}{{ toYaml $mounts_controller_manager.volumeMounts | indent 12 }}{{ end }} volumes: - name: {{ .Values.service.name }}-bin @@ -108,5 +110,7 @@ spec: secret: secretName: {{ .Values.service.name }} defaultMode: 0444 + - name: pod-tmp + emptyDir: {} {{ if $mounts_controller_manager.volumes }}{{ toYaml $mounts_controller_manager.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/charts/etcd/templates/daemonset-anchor.yaml b/charts/etcd/templates/daemonset-anchor.yaml index 5ff68f0a..6c4050df 100644 --- a/charts/etcd/templates/daemonset-anchor.yaml +++ b/charts/etcd/templates/daemonset-anchor.yaml @@ -127,6 +127,8 @@ spec: mountPath: /manifests - name: {{ .Values.service.name }}-etc mountPath: /anchor-etcd + - name: pod-tmp + mountPath: /tmp {{ if $mounts_daemonset_anchor.volumeMounts }}{{ toYaml $mounts_daemonset_anchor.volumeMounts | indent 12 }}{{ end }} volumes: - name: {{ .Values.service.name }}-bin @@ -161,5 +163,7 @@ spec: configMap: name: {{ .Values.service.name }}-etc defaultMode: 0444 + - name: pod-tmp + emptyDir: {} {{ if $mounts_daemonset_anchor.volumes }}{{ toYaml $mounts_daemonset_anchor.volumes | indent 8 }}{{ end }} {{- end }} diff --git a/charts/scheduler/templates/sched-anchor.yaml b/charts/scheduler/templates/sched-anchor.yaml index 467ba910..eb204fa7 100644 --- a/charts/scheduler/templates/sched-anchor.yaml +++ b/charts/scheduler/templates/sched-anchor.yaml @@ -81,6 +81,8 @@ spec: mountPath: /host - name: secret mountPath: /secret + - name: pod-tmp + mountPath: /tmp terminationGracePeriodSeconds: {{ .Values.anchor.termination_grace_period }} volumes: - name: bin @@ -98,3 +100,5 @@ spec: secret: secretName: kubernetes-scheduler defaultMode: 0444 + - name: pod-tmp + emptyDir: {}