New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Containerized subpath #63143
Containerized subpath #63143
Commits on May 23, 2018
-
Add GetMode to mounter interface.
Kubelet must not call os.Lstat on raw volume paths when it runs in a container. Mounter knows where the file really is.
Configuration menu - View commit details
-
Copy full SHA for 97b5299 - Browse repository at this point
Copy the full SHA 97b5299View commit details -
Allow EvalSymlinks target not to exist.
Various NsEnterMounter function need to resolve the part of the path that exists and blindly add the part that doesn't.
Configuration menu - View commit details
-
Copy full SHA for 7450d1b - Browse repository at this point
Copy the full SHA 7450d1bView commit details -
It should return error when the check fails (e.g. no permissions, symlink link loop etc.)
Configuration menu - View commit details
-
Copy full SHA for 74ba087 - Browse repository at this point
Copy the full SHA 74ba087View commit details -
Change SafeMakeDir to resolve symlinks in mounter implementation
Kubelet should not resolve symlinks outside of mounter interface. Only mounter interface knows, how to resolve them properly on the host. As consequence, declaration of SafeMakeDir changes to simplify the implementation: from SafeMakeDir(fullPath string, base string, perm os.FileMode) to SafeMakeDir(subdirectoryInBase string, base string, perm os.FileMode)
Configuration menu - View commit details
-
Copy full SHA for 7e3fb50 - Browse repository at this point
Copy the full SHA 7e3fb50View commit details -
Refactor doBindSubPath into smaller functions:
- getSubpathBindTarget() computes final target of subpath bind-mount. - prepareSubpathTarget() creates target for bind-mount. - safeOpenSubPath() checks symlinks in Subpath and safely opens it.
Configuration menu - View commit details
-
Copy full SHA for 225a879 - Browse repository at this point
Copy the full SHA 225a879View commit details -
Split NsEnterMounter and Mounter implementation of doBindSubpath
nsenter implementation needs to mount different thing in the end and do different checks on the result.
Configuration menu - View commit details
-
Copy full SHA for 9f80de3 - Browse repository at this point
Copy the full SHA 9f80de3View commit details -
Configuration menu - View commit details
-
Copy full SHA for a8a37fb - Browse repository at this point
Copy the full SHA a8a37fbView commit details -
Pass Nsenter to NsenterMounter and NsenterWriter
So Nsenter is initialized only once and with the right parameters.
Configuration menu - View commit details
-
Copy full SHA for 9b74125 - Browse repository at this point
Copy the full SHA 9b74125View commit details -
Configuration menu - View commit details
-
Copy full SHA for cb5eb25 - Browse repository at this point
Copy the full SHA cb5eb25View commit details