From b9edac61485f3251fc1c1b2d70962469d344e8ad Mon Sep 17 00:00:00 2001
From: Pete Birley <pete@port.direct>
Date: Thu, 19 Apr 2018 21:38:32 -0500
Subject: [PATCH] Kubernetes: enable mount propagation

This PS enables the mount propogation feature gate.

Change-Id: I7a37f45ff6061b144c6f04233712cd84fccb3e83
---
 roles/deploy-docker/templates/centos-docker.service.j2         | 3 +++
 .../roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 | 1 +
 .../roles/deploy-kubelet/templates/10-kubeadm.conf.j2          | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/roles/deploy-docker/templates/centos-docker.service.j2 b/roles/deploy-docker/templates/centos-docker.service.j2
index 9975818b1..bbaea27b8 100644
--- a/roles/deploy-docker/templates/centos-docker.service.j2
+++ b/roles/deploy-docker/templates/centos-docker.service.j2
@@ -19,6 +19,9 @@ ExecStart=/usr/bin/dockerd-current \
           --storage-driver=overlay2 \
           --log-driver=json-file \
           --iptables=false
+# NOTE(portdirect): fix mount propagation for CentOS, this is done post start,
+# as docker seems to reset this.
+ExecStartPost=/usr/bin/mount --make-rshared /
 ExecReload=/bin/kill -s HUP $MAINPID
 LimitNOFILE=1048576
 LimitNPROC=1048576
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
index 1881eac1e..955ea9ab9 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2
@@ -32,6 +32,7 @@ tokenTTL: 24h0m0s
 selfHosted: {{ k8s.selfHosted }}
 apiServerExtraArgs:
   service-node-port-range: "1024-65535"
+  feature-gates: "MountPropagation=true"
 controllerManagerExtraArgs:
   address: "0.0.0.0"
   port: "10252"
diff --git a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2 b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
index 22448f784..e9f4d1d91 100644
--- a/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
+++ b/tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2
@@ -7,7 +7,7 @@ Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/e
 Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
 Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
 Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
-Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0"
+Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates MountPropagation=true"
 #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
 ExecStart=
 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS