Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Containerized subpath #63143

Merged
merged 9 commits into from Jun 1, 2018
Merged

Containerized subpath #63143

merged 9 commits into from Jun 1, 2018

Commits on May 23, 2018

  1. Add GetMode to mounter interface. 

    Kubelet must not call os.Lstat on raw volume paths when it runs in a container.
Mounter knows where the file really is.
    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    97b5299 View commit details
    Browse the repository at this point in the history

  2. Allow EvalSymlinks target not to exist. 

    Various NsEnterMounter function need to resolve the part of the path that
exists and blindly add the part that doesn't.
    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    7450d1b View commit details
    Browse the repository at this point in the history

  3. Enhance ExistsPath check 

    It should return error when the check fails (e.g. no permissions, symlink link
loop etc.)
    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    74ba087 View commit details
    Browse the repository at this point in the history

  4. Change SafeMakeDir to resolve symlinks in mounter implementation 

    Kubelet should not resolve symlinks outside of mounter interface.
Only mounter interface knows, how to resolve them properly on the host.

As consequence, declaration of SafeMakeDir changes to simplify the
implementation:
from SafeMakeDir(fullPath string, base string, perm os.FileMode)
to   SafeMakeDir(subdirectoryInBase string, base string, perm os.FileMode)
    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    7e3fb50 View commit details
    Browse the repository at this point in the history

  5. Refactor doBindSubPath into smaller functions: 

    - getSubpathBindTarget() computes final target of subpath bind-mount.
- prepareSubpathTarget() creates target for bind-mount.
- safeOpenSubPath() checks symlinks in Subpath and safely opens it.
    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    225a879 View commit details
    Browse the repository at this point in the history

  6. Split NsEnterMounter and Mounter implementation of doBindSubpath 

    nsenter implementation needs to mount different thing in the end and do
different checks on the result.
    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    9f80de3 View commit details
    Browse the repository at this point in the history

  7. Created directories in /var/lib/kubelet directly.

    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    a8a37fb View commit details
    Browse the repository at this point in the history

  8. Pass Nsenter to NsenterMounter and NsenterWriter 

    So Nsenter is initialized only once and with the right parameters.
    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    9b74125 View commit details
    Browse the repository at this point in the history

  9. Nsenter unit tests

    @jsafrane
    jsafrane committed May 23, 2018
    Configuration menu
    Copy the full SHA
    cb5eb25 View commit details
    Browse the repository at this point in the history