kubernetes-sigs · k8s-ci-robot · Aug 20, 2019 · Aug 19, 2019 · Aug 19, 2019 · Aug 20, 2019
diff --git a/images/base/entrypoint b/images/base/entrypoint
@@ -37,12 +37,9 @@ fix_mount() {
   # and this flag also happens to make /sys rw, amongst other things
   mount -o remount,ro /sys
 
-  echo 'INFO: making mounts shared for "/", "/run", "/var/lib/containerd"'
+  echo 'INFO: making mounts shared'
   # for mount propagation
-  # TODO(bentheelder): determine which exact mounts we need to do this on
-  mount --make-shared /
-  mount --make-shared /run
-  mount --make-shared /var/lib/containerd
+  mount --make-rshared /
 }
 
 fix_machine_id() {

diff --git a/pkg/build/node/node.go b/pkg/build/node/node.go
@@ -44,7 +44,7 @@ import (
 const DefaultImage = "kindest/node:latest"
 
 // DefaultBaseImage is the default base image used
-const DefaultBaseImage = "kindest/base:v20190708-022110d@sha256:8acfd3b9b8a3a42385a761f8c6aa3bdad4241cac220c12d3309f1b7a6d70af24"
+const DefaultBaseImage = "kindest/base:v20190819-26e1eb5@sha256:e609eaa7853289ef603db647ae9568b32093b2347f839a2117d98a08bfc7ab17"
 
 // DefaultMode is the default kubernetes build mode for the built image
 // see pkg/build/kube.Bits
@@ -320,15 +320,6 @@ func (c *BuildContext) buildImage(dir string) error {
 	// Save the image changes to a new image
 	cmd := exec.Command(
 		"docker", "commit",
-		/*
-			The snapshot storage must be a volume to avoid overlay on overlay
-
-			NOTE: we do this last because changing a volume with a docker image
-			must occur before defining it.
-
-			See: https://docs.docker.com/engine/reference/builder/#volume
-		*/
-		"--change", `VOLUME [ "/var/lib/containerd" ]`,
 		// we need to put this back after changing it when running the image
 		"--change", `ENTRYPOINT [ "/usr/local/bin/entrypoint", "/sbin/init" ]`,
 		containerID, c.image,

diff --git a/pkg/cluster/nodes/create.go b/pkg/cluster/nodes/create.go
@@ -133,23 +133,26 @@ func CreateWorkerNode(name, image, clusterLabel string, mounts []cri.Mount, port
 // effectively be paused until we call actuallyStartNode(...)
 func createNode(name, image, clusterLabel, role string, mounts []cri.Mount, portMappings []cri.PortMapping, extraArgs ...string) (handle *Node, err error) {
 	runArgs := []string{
-		"-d", // run the container detached
-		"-t", // allocate a tty for entrypoint logs
+		"--detach", // run the container detached
+		"--tty",    // allocate a tty for entrypoint logs
 		// running containers in a container requires privileged
 		// NOTE: we could try to replicate this with --cap-add, and use less
 		// privileges, but this flag also changes some mounts that are necessary
 		// including some ones docker would otherwise do by default.
 		// for now this is what we want. in the future we may revisit this.
 		"--privileged",
 		"--security-opt", "seccomp=unconfined", // also ignore seccomp
+		// runtime temporary storage
 		"--tmpfs", "/tmp", // various things depend on working /tmp
 		"--tmpfs", "/run", // systemd wants a writable /run
-		// some k8s things want /lib/modules
-		"-v", "/lib/modules:/lib/modules:ro",
-		// ensure pods etc. are not on container filesystem
-		// TODO: we could do this in the image instead
-		// However this would leave old images with this issue
-		"-v", "/var/lib/kubelet",
+		// runtime persistent storage
+		// this ensures that E.G. pods, logs etc. are not on the container
+		// filesystem, which is not only better for performance, but allows
+		// running kind in kind for "party tricks"
+		// (please don't depend on doing this though!)
+		"--volume", "/var",
+		// some k8s things want to read /lib/modules
+		"--volume", "/lib/modules:/lib/modules:ro",
 		"--hostname", name, // make hostname match container name
 		"--name", name, // ... and set the container name
 		// label the node with the cluster ID