What this PR does / why we need it: Fixes incorrect forcing of the alpha procMount field to a non-nil value. Without DaemonSet can/will suddenly all redeploy at the same time, leading to outages on upgrade: https://github.com/kubernetes/kubernetes/issues/78633 Upstream PR: https://github.com/kubernetes/kubernetes/pull/78882
4.2 PR, to be tested by QA: https://github.com/openshift/origin/pull/23512
Verified by upgrading an env from payload 4.1.0-0.nightly-2019-08-13-020742 which does incorrect procMount defaulting, to payload 2 4.1.0-0.nightly-2019-08-13-091918 which includes the fix. Didn't see daemonset containers unexpectedly restart. More details: Before upgrade, besides the cluster-component daemonsets, create a daemonset which would include non-nil podSpec.Containers.SecurityContext.ProcMount after creation: oc create -f - -n xxia-proj << EOF apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: myds spec: selector: matchLabels: name: myds template: metadata: labels: name: myds spec: containers: - image: openshift/hello-openshift name: hello-openshift securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL EOF After creation, the daemonset looks like: ... securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL procMount: Default ... Then do above upgrade.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2547