Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make /var a runtime volume #779

Merged
merged 4 commits into from
Aug 20, 2019
Merged

make /var a runtime volume #779

merged 4 commits into from
Aug 20, 2019

Conversation

BenTheElder
Copy link
Member

Per the Filesystem Hierarchy Standard all of /var is persistent runtime files. This should not be on the container filesystem.

Moving this to a runtime anonymous volume for all of /var:

  • allows us to not put any /var/... volumes in the base image (for container runtime storage, which must not be stacked)
    • which will allow us to potentially add pre-loaded images to an existing node image
  • ensures writes to anything in /var goes to a volume instead of the container filesystem

The only downside is that new kind images will require a new version of kind. Images built prior to this should continue to work even with the new version.

While doing this I also normalized on long flags for node creation for clarity and consistency.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 19, 2019
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 19, 2019
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Aug 19, 2019
@BenTheElder
Copy link
Member Author

/hold
doing some debugging locally to make sure everything does what I want :-)

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 20, 2019
@BenTheElder
Copy link
Member Author

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 20, 2019
BenTheElder
BenTheElder commented Aug 20, 2019
View reviewed changes
images/base/entrypoint
mount --make-shared /
mount --make-shared /run
mount --make-shared /var/lib/containerd
mount --make-rshared /
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is recursive, and from upstream (difficult to find docs for this though...)
we don't know what mounts users will try to propagate, so everything is made shared

we need this change not just because it's more correct, but because /var/lib/containerd is no longer a mount point

@BenTheElder BenTheElder added this to the v0.5.0 milestone Aug 20, 2019
@BenTheElder
Copy link
Member Author

/retest
(prow failing to create the pod)

@amwat
Copy link
Contributor

amwat commented Aug 20, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 20, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amwat, BenTheElder

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit e845fa4 into kubernetes-sigs:master Aug 20, 2019
@BenTheElder BenTheElder deleted the var-vol branch August 20, 2019 01:39
@aojea aojea mentioned this pull request Sep 7, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@munnerz munnerz Awaiting requested review from munnerz

@neolit123 neolit123 Awaiting requested review from neolit123

Assignees

@amwat amwat

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v0.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@BenTheElder @amwat @k8s-ci-robot