Hi Tobias-
Long term, we want this to work like so:
1. Filesystem bits live in a container, possibly in the kubelet container itself or a sibling to it
2. The container running the filesystem bits bind-mounts the rootfs of the host with a propagation mode of 'shared', so that the mount can be done in a container and propagate back to the host so that it is visible to other containers.
However, that's the long-term vision. Currently, what the kubelet does to perform mounts while the kubelet is containerized is to enter the host's root mount ns via /proc/1/ns/mnt and call mount(8) on the host. This is going to break down for your use-case, since it depends on the configuration of the host.
I'm not actually sure what you can do to make this exact case work at the moment, since you need the shared propagation mode to make the mount events propagate back to the host mount ns. Can I ask, have you gotten your approach to work?
Thanks,
P