app-admin/kubelet-wrapper: mark kubelet datadir volume as a recursive…

… mount So far `/var/lib/kubelet` was mounted as an implicit non-recursive mount. This changes the wrapper to an explicit recursive mount. As shown in kubernetes/kubernetes#38498 (comment), current non-recursive behavior seems to confuse the kubelet which is incapable of cleaning up resources for orphaned pods, as the extisting mountpoints for them are not available inside kubelet chroot. With `recursive=true`, those mounts are made available in the chroot and can be unmounted on the host-side from kubelet chroot via shared back-propagation. Fixes coreos/bugs#1831
ChrisMcKenzie · Dec 9, 2017 · fd0812b · fd0812b
1 parent 2e7ef1d
commit fd0812b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app-admin/kubelet-wrapper/files/kubelet-wrapper b/app-admin/kubelet-wrapper/files/kubelet-wrapper
@@ -66,7 +66,7 @@ exec ${RKT} ${RKT_GLOBAL_ARGS} \
 	--volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
 	--volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
 	--volume var-lib-docker,kind=host,source=/var/lib/docker,readOnly=false \
-	--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
+	--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false,recursive=true \
 	--volume var-log,kind=host,source=/var/log,readOnly=false \
 	--volume os-release,kind=host,source=/usr/lib/os-release,readOnly=true \
 	--volume run,kind=host,source=/run,readOnly=false \