Modifies the hostroot volume in the multus-daemonset-thick.yml example/quickstart deployment file from HostToContainer to Bidirectional. This change enables the volume to be accessible in both directions, which is necessary for users who need to share a mount with another container/pod.
This is motivated by the fact that in thin plugin mode, since all things were run on the host directly, CNI plugins wouldn't be limited by the mount propagation.
One example that has come up recently is userspace CNI interaction with kubevirt, and sharing the usage of the socket as mounted by kubevirt.
This does expose some level of risk (as noted in the mount propagation docs regarding changing of mounts), however, I don't believe it's significantly more than would've been the case in thin plugin mode.
coverage: 63.116%. remained the same
when pulling e45ee4105ae82d4fd659c12925a4ae9e78194c11 on dougbtv:hostroot-mount-propagation
into 9f5c0239a804a90bf8913c9a386ca50eff9ce0cc on k8snetworkplumbingwg:master.
Modifies the
hostroot
volume in themultus-daemonset-thick.yml
example/quickstart deployment file fromHostToContainer
toBidirectional
. This change enables the volume to be accessible in both directions, which is necessary for users who need to share a mount with another container/pod.This is motivated by the fact that in thin plugin mode, since all things were run on the host directly, CNI plugins wouldn't be limited by the mount propagation.
One example that has come up recently is userspace CNI interaction with kubevirt, and sharing the usage of the socket as mounted by kubevirt.
This does expose some level of risk (as noted in the mount propagation docs regarding changing of mounts), however, I don't believe it's significantly more than would've been the case in thin plugin mode.
References