From 4060f5b566f14724909ae7fdc54b09ea0303269f Mon Sep 17 00:00:00 2001
From: "Ciro S. Costa" <cscosta@pivotal.io>
Date: Thu, 4 Jul 2019 22:26:35 -0400
Subject: [PATCH] [stable/concourse] properly cleanup btrfs subvolume and
 children (#14941)

When a `dind` (Docker in Docker) image is used with btrfs to e.g. run
integration tests as per https://hub.docker.com/r/amidos/dcind/ in some
occasions like job errors or interruptions the btrfs subvolumes are left
not cleaned.

So what happens then is that when the `rm -rf /concourse-worker-dir`
runs it fails with `Operation not permitted` error which then causes
`Init:Error` and ends in `Init:CrashLoopBackOff`.

The solution is to take that into account and properly delete all of the
btrfs subvolumes.

This can be achieved either with the suggested script or with the mount
option [user_subvol_rm_allowed](https://askubuntu.com/questions/509292/how-to-set-user-subvol-rm-allowed-capability)
that is tricky to apply or with that delete script that seems as a
better option.

Signed-off-by: Ciro S. Costa <cscosta@pivotal.io>
Co-authored-by: Radoslav Kirilov <rkirilow@gmail.com>
Co-authored-by: Taylor Silva <tsilva@pivotal.io>
---
 stable/concourse/Chart.yaml                        | 2 +-
 stable/concourse/templates/worker-statefulset.yaml | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/stable/concourse/Chart.yaml b/stable/concourse/Chart.yaml
index b365ffe182ae..642628256b28 100644
--- a/stable/concourse/Chart.yaml
+++ b/stable/concourse/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: concourse
-version: 8.0.0
+version: 8.0.1
 appVersion: 5.3.0
 description: Concourse is a simple and scalable CI system.
 icon: https://avatars1.githubusercontent.com/u/7809479
diff --git a/stable/concourse/templates/worker-statefulset.yaml b/stable/concourse/templates/worker-statefulset.yaml
index 7e53e8eb824f..bb63fc5cd42f 100644
--- a/stable/concourse/templates/worker-statefulset.yaml
+++ b/stable/concourse/templates/worker-statefulset.yaml
@@ -51,12 +51,17 @@ spec:
           image: "{{ .Values.image }}:{{ .Values.imageTag }}"
           {{- end }}
           imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
+          securityContext:
+            privileged: true
           command:
-            - /bin/sh
+            - /bin/bash
           args:
             - -ce
             - |-
-              rm -rf {{ .Values.concourse.worker.workDir }}/*
+              for v in $((btrfs subvolume list --sort=-ogen "{{ .Values.concourse.worker.workDir }}" || true) | awk '{print $9}'); do
+                (btrfs subvolume show "{{ .Values.concourse.worker.workDir }}/$v" && btrfs subvolume delete "{{ .Values.concourse.worker.workDir }}/$v") || true
+              done
+              rm -rf "{{ .Values.concourse.worker.workDir }}/*"
           volumeMounts:
             - name: concourse-work-dir
               mountPath: {{ .Values.concourse.worker.workDir | quote }}