The divingbell pods use a hostPath volume for the root filesystem.
Because this mount includes /var/lib/kubelet, the pod holds a reference
to every volume mounted by every pod on the same host.
The most visible case where this causes a problem is the termination of
a pod that uses a ceph-backed PVCs. When kubelet tries to unmap the rbd
device, it is unable to do so, manifesting in the kubelet logs as:
rbd: unmap failed: (16) Device or resource busy
This change sets the mountPropagation to HostToContainer for the rootfs
volume, so that the divingbell pods will not prevent kubelet from
releasing these devices.
https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation
Change-Id: I6e91fb9b9d7cbe852c5e6dc8b7224d6085175590
This change adds the ability to configure node selectors per module. The
default node selector is 'kubernetes.io/os=linux'. For example:
labels:
apt:
node_selector_key=divingbell-apt
node_selector_value=enabled
Will result in a node selector of 'divingbell-apt=enabled'.
Change-Id: I7150c5f998afa30dce22f505be4d0d164254214f
This adds default AppArmor profile to divingbell.
Also, update to gate script to install ethtool if it is not present.
Change-Id: I7abb13a533b596f4db5fe65fdae5eb7fc57ec00a