KubeADM: enable shared pid ns

This PS enables the pod shared pid feature gate in k8s, which allows
the puase container to reap processes when desired.

Change-Id: I01eac64bfa029027465d47c5036119cf5799a100
Signed-off-by: Pete Birley <pete@port.direct>

tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubeadm-master/templates/kubeadm-conf.yaml.j2

@@ -32,14 +32,16 @@ tokenTTL: 24h0m0s
 selfHosted: {{ k8s.selfHosted }}
 apiServerExtraArgs:
   service-node-port-range: "1024-65535"
-  feature-gates: "MountPropagation=true"
+  feature-gates: "MountPropagation=true,PodShareProcessNamespace=true"
 controllerManagerExtraArgs:
   address: "0.0.0.0"
   port: "10252"
+  feature-gates: "PodShareProcessNamespace=true"
 #   <argument>: <value|string>
 schedulerExtraArgs:
   address: "0.0.0.0"
   port: "10251"
+  feature-gates: "PodShareProcessNamespace=true"
 # apiServerCertSANs:
 # - <name1|string>
 # - <name2|string>

tools/images/kubeadm-aio/assets/opt/playbooks/roles/deploy-kubelet/templates/10-kubeadm.conf.j2

@@ -7,7 +7,7 @@ Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/e
 Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
 Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
 Environment="KUBELET_NODE_LABELS=--node-labels {{ kubelet.kubelet_labels }}"
-Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates MountPropagation=true"
+Environment="KUBELET_EXTRA_ARGS=--max-pods=220 --pods-per-core=0 --feature-gates=MountPropagation=true --feature-gates=PodShareProcessNamespace=true"
 #ExecStartPre=-+/sbin/restorecon -v /usr/bin/kubelet #SELinux
 ExecStart=
 ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_NODE_LABELS $KUBELET_EXTRA_ARGS