Workaround rootfsPropagation: shared brokenness.

Despite using `rootfsPropagation` after updating to Kubernetes v1.10 (not done
here yet) we are seeing:

    RunContainerError: failed to start container 4ea4bde9b43a9eb241a5d7d98abf87184938f85ce9139949a3a246b6fe6b8985":
      Error response from daemon:
        linux mounts: path /etc/kubernetes/pki/etcd is mounted on /etc/kubernetes but it is not a shared or slave mount

Workaround this by temporarily (re)doing it in the entrypoint.

Signed-off-by: Ian Campbell <[email protected]>

Author: Ian Campbell

pkg/cri-containerd/Dockerfile

@@ -47,5 +47,7 @@ RUN make DESTDIR=/out install
 
 FROM scratch
 WORKDIR /
-ENTRYPOINT ["cri-containerd", "-v", "2", "--alsologtostderr", "--network-bin-dir", "/opt/cni/bin", "--network-conf-dir", "/etc/cni/net.d"]
+# `rootfsPropagation: shared` (used in `build.yml`) appears to be broken at the moment, workaround that issue here.
+#ENTRYPOINT ["cri-containerd", "-v", "2", "--alsologtostderr", "--network-bin-dir", "/opt/cni/bin", "--network-conf-dir", "/etc/cni/net.d"]
+ENTRYPOINT ["/bin/sh", "-c", "set -ex; mount --make-shared / && exec cri-containerd -v 2 --alsologtostderr --network-bin-dir /opt/cni/bin --network-conf-dir /etc/cni/net.d"]
 COPY --from=build /out /

yml/docker.yml

@@ -21,7 +21,9 @@ services:
      - /var/lib/cni/bin:/opt/cni/bin:rshared,rbind
      - /var/lib/kubelet-plugins:/usr/libexec/kubernetes/kubelet-plugins:rshared,rbind
     rootfsPropagation: shared
-    command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
+    # `rootfsPropagation: shared` appears to be broken, workaround that issue here.
+    #command: ["/usr/local/bin/docker-init", "/usr/local/bin/dockerd"]
+    command: ["/bin/sh", "-c", "set -ex; mount --make-shared / && exec /usr/local/bin/docker-init /usr/local/bin/dockerd"]
     runtime:
       mkdir: ["/var/lib/kubeadm", "/var/lib/cni/conf", "/var/lib/cni/bin", "/var/lib/kubelet-plugins"]
     cgroupsPath: podruntime/docker