github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-01 17:06:28 +00:00
Code Issues Projects Releases Wiki Activity

runtime-rs: Ensure emptyDir is correctly synced between containers

Browse Source 
Enhance Copyfile from host within multi-containers cases, specially
for emptyDir. Add support for emptyDir, its volumes typically have paths like:
`/var/lib/kubelet/pods/{pod-uid}/volumes/kubernetes.io~empty-dir/volx`.

Signed-off-by: Alex Lyn <alex.lyn@antgroup.com>
This commit is contained in:
Alex Lyn
2025-08-20 21:15:01 +08:00
parent 0144bc27c6
commit 8ac465fef0
1 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs
View File

@@ -35,7 +35,7 @@ use crate::share_fs::DEFAULT_KATA_GUEST_SANDBOX_DIR;
use crate::share_fs::PASSTHROUGH_FS_DIR; use crate::share_fs::PASSTHROUGH_FS_DIR;
use crate::share_fs::{MountedInfo, ShareFs, ShareFsVolumeConfig}; use crate::share_fs::{MountedInfo, ShareFs, ShareFsVolumeConfig};
use kata_types::{ use kata_types::{
k8s::{is_configmap, is_downward_api, is_projected, is_secret}, k8s::{is_configmap, is_downward_api, is_empty_dir, is_projected, is_secret},
mount, mount,
}; };
use oci_spec::runtime as oci; use oci_spec::runtime as oci;
@@ -160,10 +160,29 @@ impl FsWatcher {
let inotify = self.inotify.clone(); let inotify = self.inotify.clone();
let monitor_config = self.config.clone(); let monitor_config = self.config.clone();
// Perform a full sync before starting monitoring to ensure that files which exist before monitoring starts are also synced.
let agent_sync = agent.clone();
let src_sync = src.clone();
let dst_sync = dst.clone();
tokio::spawn(async move { tokio::spawn(async move {
let mut buffer = [0u8; 4096]; let mut buffer = [0u8; 4096];
let mut last_event_time = None; let mut last_event_time = None;
// Initial sync: ensure existing contents in the directory are synchronized
{
info!(
sl!(),
"Initial sync from {:?} to {:?}", &src_sync, &dst_sync
);
if let Err(e) =
copy_dir_recursively(&src_sync, &dst_sync.display().to_string(), &agent_sync)
.await
{
error!(sl!(), "Initial sync failed: {:?}", e);
}
}
loop { loop {
// use cloned inotify instance // use cloned inotify instance
match inotify.lock().await.read_events(&mut buffer) { match inotify.lock().await.read_events(&mut buffer) {
@@ -174,7 +193,8 @@ impl FsWatcher {
| EventMask::MODIFY | EventMask::MODIFY
| EventMask::DELETE | EventMask::DELETE
| EventMask::MOVED_FROM | EventMask::MOVED_FROM
| EventMask::MOVED_TO, | EventMask::MOVED_TO
| EventMask::CLOSE_WRITE,
) { ) {
continue; continue;
} }
@@ -776,11 +796,14 @@ pub(crate) fn is_watchable_volume(source_path: &PathBuf) -> bool {
if !source_path.is_dir() { if !source_path.is_dir() {
return false; return false;
} }
// watchable list: { kubernetes.io~projected, kubernetes.io~configmap, kubernetes.io~secret, kubernetes.io~downward-api }
// /var/lib/kubelet/pods/{pod-uid}/volumes/@{k8s-type}/{volume-name}
// watchable list: { kubernetes.io~projected, kubernetes.io~configmap, kubernetes.io~secret, kubernetes.io~downward-api, kubernetes.io~empty-dir }
is_projected(source_path) is_projected(source_path)
|| is_downward_api(source_path) || is_downward_api(source_path)
|| is_secret(source_path) || is_secret(source_path)
|| is_configmap(source_path) || is_configmap(source_path)
|| is_empty_dir(source_path)
} }
#[cfg(test)] #[cfg(test)]