In most cases `dir` arg of `SetUpAt()` method of `volume.Mounter` interface is the same as `mounter.GetPath()` because we usually call `SetUpAt()` from `SetUp()` like this:"
```
func (ed *emptyDir) SetUp(mounterArgs volume.MounterArgs) error {
return ed.SetUpAt(ed.GetPath(), mounterArgs)
}
```
(this example is from `volume/emptydir/empty_dir.go`, but there are plenty other examples like that in `volume/*`)
However, there is currently one exception. This is from `volume/projected/projected.go`:
```
if err := wrapped.SetUpAt(dir, mounterArgs); err != nil {
return err
}
```
(see 96306f144a/pkg/volume/projected/projected.go (L203))
In this case `dir` is not equal to `wrapped.GetPath()` and `volume.SetVolumeOwnership()` fails when called from `SetUpAt()` of wrapped volume:
```
lstat /var/lib/kubelet/pods/a2f6e58f-7edf-4c48-a97c-ef1b8fd3caf6/volumes/kubernetes.io~empty-dir/wrapped_kube-api-access-knvkv: no such file or directory
```
To fix the issue let's pass `dir` arg to `volume.SetVolumeOwnership()` explicitly, and use it instead of `mounter.GetPath()`.
Some of the unit tests cannot pass on Windows due to various reasons:
- fsnotify does not have a Windows implementation.
- Proxy Mode IPVS not supported on Windows.
- Seccomp not supported on Windows.
- VolumeMode=Block is not supported on Windows.
- iSCSI volumes are mounted differently on Windows, and iscsiadm is a
Linux utility.
In theory the check is not necessary, but for sake of robustness and
completenes, let's check SELinuxMountReadWriteOncePod feature gate before
assuming anything about SELinux labels.
Add a new call to VolumePlugin interface and change all its
implementations.
Kubelet's VolumeManager will be interested whether a volume supports
mounting with -o conext=XYZ or not to hanle SetUp() / MountDevice()
accordingly.
Currently, there are some unit tests that are failing on Windows due to
various reasons:
- volume mounting is a bit different on Windows: Mount will create the
parent dirs and mklink at the volume path later (otherwise mklink will
raise an error).
- os.Chmod is not working as intended on Windows.
- path.Dir() will always return "." on Windows, and filepath.Dir()
should be used instead (which works correctly).
- on Windows, you can't typically run binaries without extensions. If
the file C:\\foo.bat exists, we can still run C:\\foo because Windows
will append one of the supported file extensions ($env:PATHEXT) to it
and run it.
- Windows file permissions do not work the same way as the Linux ones.
- /tmp directory being used, which might not exist on Windows. Instead,
the OS-specific Temp directory should be used.
Fixes a few other issues:
- rbd.go: Return error in a case in which an error is encountered. This
will prevent "rbd: failed to setup" and "rbd: successfully setup" log
messages to be logged at the same time.
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Addresses in the Kubernetes API objects (PV, Pod) have `[]` around IPv6
addresses, while addresses in /dev/ and /sys/ have addresses without them.
Add/remove `[]` as needed.
Some of these changes are cosmetic (repeatedly calling klog.V instead of
reusing the result), others address real issues:
- Logging a message only above a certain verbosity threshold without
recording that verbosity level (if klog.V().Enabled() { klog.Info... }):
this matters when using a logging backend which records the verbosity
level.
- Passing a format string with parameters to a logging function that
doesn't do string formatting.
All of these locations where found by the enhanced logcheck tool from
https://github.com/kubernetes/klog/pull/297.
In some cases it reports false positives, but those can be suppressed with
source code comments.
The field in fact says that the container runtime should relabel a volume
when running a container with it, it does not say that the volume supports
SELinux. For example, NFS can support SELinux, but we don't want NFS
volumes relabeled, because they can be shared among several Pods.
iSCSI and FC volume plugins do not implement real 3rd party attach/detach.
If reconstruction fails with an error on a FC or iSCSI volume, it will not
be unmounted from the volume global dir and at the same time it will be
marked as unused, to be available to be mounted on another node.
The volume can then be mounted on several nodes, resulting in volume
corruption.
The other block based volume plugins implement attach/detach that either
makes the volume stuck (can't be detached) or will be force-detached from a
node before attaching it somewhere else.
Volumes that are provisioned with `VolumeMode: Block` often have a
MetrucsProvider interface declared in their type. However, the
MetricsProvider should implement a GetMetrics() function. In the cases
where the storage drivers do not implement GetMetrics(), a panic can
occur.
Usual type-assertions are not sufficient in this case. All assertions
assume the interface is present. There is no straight forward way to
verify that a valid GetMetrics() function is provided.
By adding SupportsMetrics(), storage driver implementations require
careful reviewing for metrics support.
PR #97972 added support for gathering metrics for Block PVCs provided by
CSI drivers. The in-tree drivers can support at leas the most basic
metric; Capacity.
iSCSI volume plugin persists volume metadata into global mount directory,
before it is mounted. Content of the directory is shadowed by the volume
mount. Therefore kubelet should not write metadata to the directory when a
second pod uses the same volume on the same node.
1. The metadata were already persisted before mounting the volume for the
first pod.
2. The global mount directory has the volume mounted, so any write there
would write to the volume, which is undesirable.
Errors from staticcheck:
pkg/volume/azure_dd/azure_common.go:68:2: var winDiskNumFormat is unused (U1000)
pkg/volume/csi/csi_block.go:97:2: field volumeInfo is unused (U1000)
pkg/volume/csi/csi_block_test.go:56:6: func prepareBlockUnmapperTest is unused (U1000)
pkg/volume/csi/csi_client.go:108:2: const initialDuration is unused (U1000)
pkg/volume/csi/csi_client.go:109:2: const factor is unused (U1000)
pkg/volume/csi/csi_client.go:110:2: const steps is unused (U1000)
pkg/volume/csi/csi_client_test.go:83:8: this value of err is never used (SA4006)
pkg/volume/csi/csi_mounter.go:76:2: field options is unused (U1000)
pkg/volume/csi/csi_mounter_test.go:454:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:766:16: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:861:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:1186:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:1249:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_test.go:305:5: the goroutine calls T.Fatalf, which must be called in the same goroutine as the test (SA2002)
pkg/volume/flexvolume/probe_test.go:67:10: this value of err is never used (SA4006)
pkg/volume/iscsi/iscsi_test.go:95:2: field attachCalled is unused (U1000)
pkg/volume/iscsi/iscsi_test.go:96:2: field detachCalled is unused (U1000)
pkg/volume/iscsi/iscsi_test.go:501:24: this value of err is never used (SA4006)
pkg/volume/iscsi/iscsi_util_test.go:159:2: this value of exist is never used (SA4006)
pkg/volume/local/local.go:351:57: argument devicePath is overwritten before first use (SA4009)
pkg/volume/plugins_test.go:119:2: this value of plug is never used (SA4006)
pkg/volume/plugins_test.go:125:2: this value of plug is never used (SA4006)
pkg/volume/quobyte/quobyte.go:474:23: this result of append is never used, except maybe in other appends (SA4010)
pkg/volume/quobyte/quobyte.go:477:23: this result of append is never used, except maybe in other appends (SA4010)
pkg/volume/quobyte/quobyte.go:480:23: this result of append is never used, except maybe in other appends (SA4010)
pkg/volume/rbd/rbd.go:886:2: field adminSecret is unused (U1000)
pkg/volume/rbd/rbd.go:887:2: field adminID is unused (U1000)
pkg/volume/rbd/rbd.go:888:2: field imageFormat is unused (U1000)
pkg/volume/rbd/rbd.go:889:2: field imageFeatures is unused (U1000)
pkg/volume/storageos/storageos.go:302:2: field secretName is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:43:2: field apiAddr is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:44:2: field apiUser is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:45:2: field apiPass is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:46:2: field apiVersion is unused (U1000)
pkg/volume/util/atomic_writer_test.go:756:49: argument err is overwritten before first use (SA4009)
pkg/volume/util/fsquota/common/quota_linux_common.go:37:2: const acct is unused (U1000)
pkg/volume/util/fsquota/common/quota_linux_common.go:38:2: const enforcing is unused (U1000)
pkg/volume/util/fsquota/project.go:168:31: identical expressions on the left and right side of the '==' operator (SA4000)
pkg/volume/util/fsquota/quota_linux.go:306:50: argument poduid is overwritten before first use (SA4009)
pkg/volume/util/fsquota/quota_linux_test.go:558:16: this value of err is never used (SA4006)
pkg/volume/util/subpath/subpath_linux.go:232:81: argument err is overwritten before first use (SA4009)
pkg/volume/util/subpath/subpath_linux_test.go:579:73: argument err is overwritten before first use (SA4009)
