Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3527

Allow to configure additional parameters via ContainerRuntimeConfig

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Blocker Blocker
    • None
    • None
    • MCO, Node
    • 0% To Do, 0% In Progress, 100% Done

      1. Proposed title of this feature request

      Allow to configure additional parameters via ContainerRuntimeConfig.

       

      2. What is the nature and description of the request?

      To configure CRI-O, the ContainerRuntimeConfig should be used instead of manually creating a MC to apply the changes, as that could cause that other configurations are overwritten by the MC. Some configurations are currently missing from the ContainerRuntimeConfig, like for example the skip_mount_home in the /etc/containers/storage.conf, suggested as a workaround for bug 2065283 (see comment #32 [2]).

      This RFE is to allow configuring additional parameters in the ContainerRuntimeConfig resource (and not only the skip_mount_home), for configuring /etc/crio/crio.conf and /etc/containers/storage.conf.

       

      3. Why does the customer need this? (List the business requirements here)

      Customer's use case:

      Our agent runs as a daemonset in k8s clusters and monitors the node.
      Running with mount propagation set to HostToContainer allows the agent to access any container file, also containers which start running after agent startup. With this settings, when a new container starts, a new mount is created and added to the host mount namespace and also to the agent container and by that the agent can access the container files
      e.g. the agent is mounted to /host and can access to the filesystem of other container by path
      /host/var/lib/containers/storage/overlay/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/merged/test_file

      This approach works in k8s clusters and OpenShift 3, but not in OpenShift 4. How can I make the agent pod to get noticed about any new mount which was created on the node and get access to it as well?

      The workaround for that was provided in bug 2065283 (see comment #32 [2]).

       

      4. List any affected packages or components.

      ContainerRuntimeConfig, CRI-O, Node, MCO.

       

      Additional information in this Slack discussion [3].

       

       

      [1] https://docs.openshift.com/container-platform/4.11/post_installation_configuration/machine-configuration-tasks.html#create-a-containerruntimeconfig_post-install-machine-configuration-tasks
      [2] https://bugzilla.redhat.com/show_bug.cgi?id=2065283#c32
      [3] https://coreos.slack.com/archives/CK1AE4ZCK/p1670491480185299

              gausingh@redhat.com Gaurav Singh
              oarribas@redhat.com Oscar Arribas Arribas
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: