overlay: Require opt-in if idmap mounts are not supported.

If we don't use idmap mounts, doing a chown per pod is very expensive: it implies duplicating the container storage for the image for every pod and the latency to start a new pod is affected too. Let's make sure users are aware of this, by having them opt-in, for snapshotters that we have a better solution (like overlayfs, that has support for idmap mounts). Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
2023-09-19 13:08:05 +02:00
parent 00666764b8
commit ec9e0dca91
3 changed files with 36 additions and 2 deletions
--- a/snapshotter_opts_unix.go
+++ b/snapshotter_opts_unix.go
@@ -26,7 +26,8 @@ import (
 )

 const (
-	capabRemapIDs = "remap-ids"
+	capabRemapIDs    = "remap-ids"
+	capaOnlyRemapIds = "only-remap-ids"
 )

 // WithRemapperLabels creates the labels used by any supporting snapshotter
@@ -72,6 +73,17 @@ func resolveSnapshotOptions(ctx context.Context, client *Client, snapshotterName
 		return parent, nil
 	}

+	capaOnlyRemap := false
+	for _, capa := range capabs {
+		if capa == capaOnlyRemapIds {
+			capaOnlyRemap = true
+		}
+	}
+
+	if capaOnlyRemap {
+		return "", fmt.Errorf("snapshotter %q doesn't support idmap mounts on this host, configure `slow_chown` to allow a slower and expensive fallback", snapshotterName)
+	}
+
 	var ctrUID, hostUID, length uint32
 	_, err = fmt.Sscanf(uidMap, "%d:%d:%d", &ctrUID, &hostUID, &length)
 	if err != nil {