Skip to content
This repository has been archived by the owner on Oct 22, 2021. It is now read-only.

Be able to share mounts across some containers on volume #963

Open
mook-as opened this issue May 28, 2020 · 1 comment
Open

Be able to share mounts across some containers on volume #963

mook-as opened this issue May 28, 2020 · 1 comment
Labels
enhancement New feature or request scheduled

Comments

@mook-as
Copy link
Contributor

mook-as commented May 28, 2020
edited by viovanov
Loading

Is your feature request related to a problem? Please describe.
Context: attempting to implement NFS-persi for kubecf.

For kubecf, we would like to be able to implement diego volume drivers (e.g. nfs-volume); this involves having something mount things in /var/vcap/data/volumes/nfs/… (the ephemeral volume) in one container, and expecting it to show up in a different container.

Describe the solution you'd like

  • I'd like some way to express that a job wants to make mountpoints (which, I believe, ~requires it to be privileged?), possibly in a specific volume.
  • I'd like some way to have those mounts reflected in other jobs that mount the same volume, possibly opting in to this behaviour.
  • I'd like the ephemeral volume to be the target of this.

Describe alternatives you've considered

  • Some way to execute multiple jobs in the same mount namespace.
    • This wouldn't actually work, because the jobs are from different BOSH releases, and therefore needs to use different base images.
  • Be able to opt in to process namespace sharing and do something magical with /proc/$pid/root

Additional context
cloudfoundry-incubator/kubecf#382
I have a local PoC hack (that isn't worth pushing, I don't think) using Bidirectional mount propagation in privileged containers, and HostToContainer everywhere else, to achieve the desired-ish behaviour (at least, it does the minimum I need). But that looks like a terrible idea (including the scary warning†), so I'm hoping there's a… less terrible solution that I can't think of.

† The warning on the mount propagation docs:

Caution: Bidirectional mount propagation can be dangerous. It can damage the host operating system and therefore it is allowed only in privileged Containers. Familiarity with Linux kernel behavior is strongly recommended. In addition, any volume mounts created by Containers in Pods must be destroyed (unmounted) by the Containers on termination.
@mook-as mook-as added the enhancement New feature or request label May 28, 2020
@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/173068487

The labels on this github issue will be updated when the story is started.

This was referenced May 28, 2020
Draft
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request scheduled
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mook-as @cf-gitbot