What this PR does / why we need it:
Fixes incorrect forcing of the alpha procMount field to a non-nil value.
Without DaemonSet can/will suddenly all redeploy at the same time, leading to outages on upgrade: https://github.com/kubernetes/kubernetes/issues/78633
Upstream PR: https://github.com/kubernetes/kubernetes/pull/78882
4.2 PR, to be tested by QA: https://github.com/openshift/origin/pull/23512
Verified by upgrading an env from payload 4.1.0-0.nightly-2019-08-13-020742 which does incorrect procMount defaulting, to payload 2 4.1.0-0.nightly-2019-08-13-091918 which includes the fix. Didn't see daemonset containers unexpectedly restart. More details:
Before upgrade, besides the cluster-component daemonsets, create a daemonset which would include non-nil podSpec.Containers.SecurityContext.ProcMount after creation:
oc create -f - -n xxia-proj << EOF
- image: openshift/hello-openshift
After creation, the daemonset looks like:
Then do above upgrade.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.