Use kubelet owned directories for mounting rather than /tmp

Signed-off-by: Itamar Holder <iholder@redhat.com>
kubernetes · May 21, 2024 · a6b971f · a6b971f
1 parent 74f2988
commit a6b971f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 10 deletions.
diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go
@@ -214,7 +214,7 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I
 			return nil, fmt.Errorf("running with swap on is not supported, please disable swap or set --fail-swap-on flag to false")
 		}
 
-		if !swap.IsTmpfsNoswapOptionSupported(mountUtil) {
+		if !swap.IsTmpfsNoswapOptionSupported(mountUtil, nodeConfig.KubeletRootDir) {
 			nodeRef := nodeRefFromNode(string(nodeConfig.NodeName))
 			recorder.Event(nodeRef, v1.EventTypeWarning, events.PossibleMemoryBackedVolumesOnDisk,
 				"The tmpfs noswap option is not supported. Memory-backed volumes (e.g. secrets, emptyDirs, etc.) "+

diff --git a/pkg/kubelet/util/swap/swap_util.go b/pkg/kubelet/util/swap/swap_util.go
@@ -18,6 +18,7 @@ package swap
 
 import (
 	"bytes"
+	"errors"
 	"os"
 	sysruntime "runtime"
 	"strings"
@@ -39,7 +40,7 @@ var (
 
 const TmpfsNoswapOption = "noswap"
 
-func IsTmpfsNoswapOptionSupported(mounter mount.Interface) bool {
+func IsTmpfsNoswapOptionSupported(mounter mount.Interface, mountPath string) bool {
 	isTmpfsNoswapOptionSupportedHelper := func() bool {
 		if sysruntime.GOOS == "windows" {
 			return false
@@ -55,28 +56,32 @@ func IsTmpfsNoswapOptionSupported(mounter mount.Interface) bool {
 			return true
 		}
 
-		mountDir, err := os.MkdirTemp("", "tmpfs-noswap-test-")
+		if mountPath == "" {
+			klog.ErrorS(errors.New("mount path is empty, falling back to /tmp"), "")
+		}
+
+		mountPath, err = os.MkdirTemp(mountPath, "tmpfs-noswap-test-")
 		if err != nil {
-			klog.InfoS("error creating dir to test if tmpfs noswap is enabled. Assuming not supported", "mount path", mountDir, "error", err)
+			klog.InfoS("error creating dir to test if tmpfs noswap is enabled. Assuming not supported", "mount path", mountPath, "error", err)
 			return false
 		}
 
 		defer func() {
-			err = os.RemoveAll(mountDir)
+			err = os.RemoveAll(mountPath)
 			if err != nil {
-				klog.ErrorS(err, "error removing test tmpfs dir", "mount path", mountDir)
+				klog.ErrorS(err, "error removing test tmpfs dir", "mount path", mountPath)
 			}
 		}()
 
-		err = mounter.MountSensitiveWithoutSystemd("tmpfs", mountDir, "tmpfs", []string{TmpfsNoswapOption}, nil)
+		err = mounter.MountSensitiveWithoutSystemd("tmpfs", mountPath, "tmpfs", []string{TmpfsNoswapOption}, nil)
 		if err != nil {
 			klog.InfoS("error mounting tmpfs with the noswap option. Assuming not supported", "error", err)
 			return false
 		}
 
-		err = mounter.Unmount(mountDir)
+		err = mounter.Unmount(mountPath)
 		if err != nil {
-			klog.ErrorS(err, "error unmounting test tmpfs dir", "mount path", mountDir)
+			klog.ErrorS(err, "error unmounting test tmpfs dir", "mount path", mountPath)
 		}
 
 		return true

diff --git a/pkg/volume/emptydir/empty_dir.go b/pkg/volume/emptydir/empty_dir.go
@@ -328,7 +328,7 @@ func (ed *emptyDir) setupTmpfs(dir string) error {
 		return nil
 	}
 
-	options := ed.generateTmpfsMountOptions(swap.IsTmpfsNoswapOptionSupported(ed.mounter))
+	options := ed.generateTmpfsMountOptions(swap.IsTmpfsNoswapOptionSupported(ed.mounter, ed.plugin.host.GetPluginDir(emptyDirPluginName)))
 
 	klog.V(3).Infof("pod %v: mounting tmpfs for volume %v", ed.pod.UID, ed.volName)
 	return ed.mounter.MountSensitiveWithoutSystemd("tmpfs", dir, "tmpfs", options, nil)