Run iscsid and multipath on hosts as daemonset

[deitch]

Should be included as another container in the existing DaemonSet.

Depends on completing the work in https://github.com/packethost/packet-block-storage:

• work on alpine
• containerize
• scripts should only start processes
• scripts should only configure processes

[deitch]

This is going to be an open tracking issue for a while. Specifically, we are constrained by the following elements:

• iscsid and iscsiadm must be the same version. There is no "standard" protocol for iscsid <-> iscsiadm communication, which is why there is no external go library or anything like it. Running .874 on the host and .878, e.g. (which was tried) leads to errors
• the kernel modules must match the kernel version (obviously)
• the iSCSI netlink code in the Linux kernel is not network namespace aware

This means that any of our options leads to a potential minefield.

• Run iscsid and iscsiadm in containers. This can create problems with the Unix domain socket that iscsid listens on, which means uninstalling it from the host as part of deploying the DaemonSet (a difficult and potentially dangerous step) as well as creating issues with kernel modules that may not match the host.
• Run iscsid on the host, and iscsiadm in a container. This can create version mismatch problems, as mentioned above.
• Run iscsid on the host, and mount iscsiadm from the host into the container. This guarantees correct version match between iscsiadm and iscsid, and between kernel modules and kernel. However, it loses the ability to update to a newer version of open-iscsi to fix bugs.

For now, we are sticking with the last option, bind-mounting iscsiadm into the packet-driver container so we have the correct versions, but keeping an eye on developments to see if it becomes possible to run it all in containers in the future.

References:

• Decent summary of the issues from docker's engineering blog
• Core issue discussion from Kubernetes CSI
• Basic discussion in iscsi Google Groups
• More extended discussion in same form and specific comment in that thread that links to the proposed RFC to fix it

[displague]

Will not fix - see #103 (Equinix Metal Block Storage from Datera is EOL).