Propagate host mount changes to metricbeat container
The metricbeat pod requests a hostPath volume which mounts the rootfs of the host into the container. This is required for metricbeat to read the filesystem usage from within the container. The rootfs mount is also bind mounting all subpath mounts within the container which includes the DRBD filesystems. When SM attempts to unmount the DRBD filesystems as part of the swact operation, the metricbeat container is still holding on to the mounted filesystems, preventing the DRBD devices to be shutdown. To address this, the metricbeat container will specify the mount propagation so that any changes to the host filesystem are also reflected inside the container. This will ensure that when the host performs the unmount, the container will also release the mount reference. In the future, security policies should be added to ensure other application containers do not perform host mount operations without having the necessary privileges to access the host filesystem. Change-Id: I43c6dcbe6a438b357532263be5b04f122b587c70 Closes-Bug: 1866099 Signed-off-by: Matt Peters <matt.peters@windriver.com>
This commit is contained in:
Matt Peters
parent
03c2d97364
commit
687fb8584f
|
|
@ -563,6 +563,7 @@ data:
|
|||
- name: root
|
||||
mountPath: /hostfs
|
||||
readOnly: true
|
||||
mountPropagation: HostToContainer
|
||||
extraVolumes:
|
||||
- name: root
|
||||
hostPath:
|
||||
|
|
|
|||
Loading…
Reference in New Issue