airship
/
divingbell
Code Issues Proposed changes

Avoid rbd unmap failure; use HostToContainer mountPropagation 

The divingbell pods use a hostPath volume for the root filesystem.
Because this mount includes /var/lib/kubelet, the pod holds a reference
to every volume mounted by every pod on the same host.

The most visible case where this causes a problem is the termination of
a pod that uses a ceph-backed PVCs. When kubelet tries to unmap the rbd
device, it is unable to do so, manifesting in the kubelet logs as:
    rbd: unmap failed: (16) Device or resource busy

This change sets the mountPropagation to HostToContainer for the rootfs
volume, so that the divingbell pods will not prevent kubelet from
releasing these devices.

https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation

Change-Id: I6e91fb9b9d7cbe852c5e6dc8b7224d6085175590
This commit is contained in:
Phil Sphicas 2020-11-05 21:03:55 +00:00
parent 55ba4cb61c
commit 918da6d055
9 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
divingbell/templates/daemonset-apparmor.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-apt.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-ethtool.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-exec.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-limits.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-mounts.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-perm.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-sysctl.yaml
View File

@ -58,6 +58,7 @@ spec:
mountPath: /tmp
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}

1
divingbell/templates/daemonset-uamlite.yaml
View File

@ -54,6 +54,7 @@ spec:
volumeMounts:
- name: rootfs-{{ $daemonset }}
mountPath: {{ .Values.conf.chroot_mnt_path }}
mountPropagation: HostToContainer
- name: {{ $secretName }}
mountPath: /tmp/{{ $daemonset }}.sh
subPath: {{ $daemonset }}