Updates

kubernetes · Jun 8, 2017 · 8536f25 · 8536f25
1 parent f277614
commit 8536f25
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/contributors/design-proposals/propagation.md b/contributors/design-proposals/propagation.md
@@ -163,20 +163,32 @@ and something prevents it from starting if `/sys` is shared.
 ## Decision
 
 * We will take 'Add an option in VolumeMount API' (with an annotation during
-  alpha instead of real VolumeMount field).
+  alpha instead of real VolumeMount field):
   * With validation that it can be used only with HostPath volumes.
   * With validation that shared propagation can be used only in privileged
     containers.
+  * kubernetes/kubernetes#46444
 * Kubelet will make sure that at least `/var/lib/kubelet` can be share-able into
-  containers and it will refuse to start if it's unsuccessful.
+  containers and it will refuse to start if it's unsuccessful
+  * kubernetes/kubernetes#45724
+* Kubelet's Docker shim layer will check that it is able to run a container with
+  shared mount propagation on `/var/lib/kubelet` during startup and refuse to
+  start otherwise. This ensures that both Docker and kubelet see the same
+  `/var/lib/kubelet` and it can be shared into containers.
+  E.g. Google COS-58 runs Docker in a separate mount namespace with slave
+  propagation and thus can't run a container with shared propagation on
+  anything. Other container engines should follow the suit.
 * Node conformance suite will check that mount propagation in /var/lib/kubelet
   works.
 * During alpha, all the behavior above must be explicitly enabled by
   `kubelet --test-enable-mount-propagation`
-  (or `kubelet --feature-gates MountPropagation=true`?). It will be used only
-  for testing of volume plugins in e2e tests. Developers / testers can enable it
-  in their clusters, but it's clearly marked as not ready for production.
+  It will be used only for testing of volume plugins in e2e tests and
+  it will be marked as deprecated from the beginning.
+  Developers / testers can enable it in their clusters manually.
   Mount propagation may be redesigned or even removed in any future release.
+* During the first alpha, the default mount propagation will be `private`.
+  The ultimate goal should be `rslave` as the default mount propagation
+  for all pods, this will require extensive testing though.
 
 ## Extra Concerns