diff --git a/cmd/kubelet/app/server.go b/cmd/kubelet/app/server.go index f486213ac8d..a42dc75ad65 100644 --- a/cmd/kubelet/app/server.go +++ b/cmd/kubelet/app/server.go @@ -55,8 +55,6 @@ import ( "k8s.io/kubernetes/pkg/kubelet/server" kubetypes "k8s.io/kubernetes/pkg/kubelet/types" "k8s.io/kubernetes/pkg/util" - "k8s.io/kubernetes/pkg/util/chmod" - "k8s.io/kubernetes/pkg/util/chown" "k8s.io/kubernetes/pkg/util/io" "k8s.io/kubernetes/pkg/util/mount" nodeutil "k8s.io/kubernetes/pkg/util/node" @@ -133,9 +131,6 @@ func UnsecuredKubeletConfig(s *options.KubeletServer) (*KubeletConfig, error) { writer = &io.NsenterWriter{} } - chmodRunner := chmod.New() - chownRunner := chown.New() - tlsOptions, err := InitializeTLS(s) if err != nil { return nil, err @@ -210,8 +205,6 @@ func UnsecuredKubeletConfig(s *options.KubeletServer) (*KubeletConfig, error) { MaxPods: s.MaxPods, MinimumGCAge: s.MinimumGCAge, Mounter: mounter, - ChownRunner: chownRunner, - ChmodRunner: chmodRunner, NetworkPluginName: s.NetworkPluginName, NetworkPlugins: ProbeNetworkPlugins(s.NetworkPluginDir), NodeLabels: s.NodeLabels, @@ -503,8 +496,6 @@ func SimpleKubelet(client *client.Client, MaxPods: maxPods, MinimumGCAge: minimumGCAge, Mounter: mount.New(), - ChownRunner: chown.New(), - ChmodRunner: chmod.New(), NodeStatusUpdateFrequency: nodeStatusUpdateFrequency, OOMAdjuster: oom.NewFakeOOMAdjuster(), OSInterface: osInterface, @@ -687,8 +678,6 @@ type KubeletConfig struct { MaxPods int MinimumGCAge time.Duration Mounter mount.Interface - ChownRunner chown.Interface - ChmodRunner chmod.Interface NetworkPluginName string NetworkPlugins []network.NetworkPlugin NodeName string @@ -793,8 +782,6 @@ func CreateAndInitKubelet(kc *KubeletConfig) (k KubeletBootstrap, pc *config.Pod kc.RktStage1Image, kc.Mounter, kc.Writer, - kc.ChownRunner, - kc.ChmodRunner, kc.DockerDaemonContainer, kc.SystemContainer, kc.ConfigureCBR0, diff --git a/pkg/kubelet/kubelet.go b/pkg/kubelet/kubelet.go index 84823f984ea..2a94b508737 100644 --- a/pkg/kubelet/kubelet.go +++ b/pkg/kubelet/kubelet.go @@ -69,8 +69,6 @@ import ( "k8s.io/kubernetes/pkg/util" "k8s.io/kubernetes/pkg/util/atomic" "k8s.io/kubernetes/pkg/util/bandwidth" - "k8s.io/kubernetes/pkg/util/chmod" - "k8s.io/kubernetes/pkg/util/chown" utilerrors "k8s.io/kubernetes/pkg/util/errors" kubeio "k8s.io/kubernetes/pkg/util/io" "k8s.io/kubernetes/pkg/util/mount" @@ -179,8 +177,6 @@ func NewMainKubelet( rktStage1Image string, mounter mount.Interface, writer kubeio.Writer, - chownRunner chown.Interface, - chmodRunner chmod.Interface, dockerDaemonContainer string, systemContainer string, configureCBR0 bool, @@ -299,8 +295,6 @@ func NewMainKubelet( oomWatcher: oomWatcher, cgroupRoot: cgroupRoot, mounter: mounter, - chmodRunner: chmodRunner, - chownRunner: chownRunner, writer: writer, configureCBR0: configureCBR0, reconcileCIDR: reconcileCIDR, @@ -596,10 +590,6 @@ type Kubelet struct { // Mounter to use for volumes. mounter mount.Interface - // chown.Interface implementation to use - chownRunner chown.Interface - // chmod.Interface implementation to use - chmodRunner chmod.Interface // Writer interface to use for volumes. writer kubeio.Writer diff --git a/pkg/kubelet/volumes.go b/pkg/kubelet/volumes.go index 06ae6d4681a..697b437aa59 100644 --- a/pkg/kubelet/volumes.go +++ b/pkg/kubelet/volumes.go @@ -119,10 +119,8 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap, podVolumes := make(kubecontainer.VolumeMap) for i := range pod.Spec.Volumes { volSpec := &pod.Spec.Volumes[i] - hasFSGroup := false var fsGroup *int64 if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.FSGroup != nil { - hasFSGroup = true fsGroup = pod.Spec.SecurityContext.FSGroup } @@ -145,17 +143,6 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap, if err != nil { return nil, err } - if hasFSGroup && - builder.GetAttributes().Managed && - builder.GetAttributes().SupportsOwnershipManagement { - err := kl.manageVolumeOwnership(pod, internal, builder, fsGroup) - if err != nil { - glog.Errorf("Error managing ownership of volume %v for pod %v/%v: %v", internal.Name(), pod.Namespace, pod.Name, err) - return nil, err - } else { - glog.V(3).Infof("Managed ownership of volume %v for pod %v/%v", internal.Name(), pod.Namespace, pod.Name) - } - } podVolumes[volSpec.Name] = kubecontainer.VolumeInfo{Builder: builder} } return podVolumes, nil diff --git a/pkg/kubelet/volumes_linux.go b/pkg/kubelet/volumes_linux.go deleted file mode 100644 index 3f20a0a10bb..00000000000 --- a/pkg/kubelet/volumes_linux.go +++ /dev/null @@ -1,71 +0,0 @@ -// +build linux - -/* -Copyright 2014 The Kubernetes Authors All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kubelet - -import ( - "os" - "path/filepath" - "syscall" - - "github.com/golang/glog" - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/volume" -) - -// Bitmasks to OR with current ownership of volumes that allow ownership management by the Kubelet -const ( - rwMask = os.FileMode(0660) - roMask = os.FileMode(0440) -) - -// manageVolumeOwnership modifies the given volume to be owned by fsGroup. -func (kl *Kubelet) manageVolumeOwnership(pod *api.Pod, volSpec *volume.Spec, builder volume.Builder, fsGroup int64) error { - return filepath.Walk(builder.GetPath(), func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - - stat, ok := info.Sys().(*syscall.Stat_t) - if !ok { - return nil - } - - if stat == nil { - glog.Errorf("Got nil stat_t for path %v while managing ownership of volume %v for pod %s/%s", path, volSpec.Name, pod.Namespace, pod.Name) - return nil - } - - err = kl.chownRunner.Chown(path, int(stat.Uid), int(fsGroup)) - if err != nil { - glog.Errorf("Chown failed on %v: %v", path, err) - } - - mask := rwMask - if builder.GetAttributes().ReadOnly { - mask = roMask - } - - err = kl.chmodRunner.Chmod(path, info.Mode()|mask|os.ModeSetgid) - if err != nil { - glog.Errorf("Chmod failed on %v: %v", path, err) - } - - return nil - }) -} diff --git a/pkg/kubelet/volumes_unsupported.go b/pkg/kubelet/volumes_unsupported.go deleted file mode 100644 index 7590e0a8979..00000000000 --- a/pkg/kubelet/volumes_unsupported.go +++ /dev/null @@ -1,28 +0,0 @@ -// +build !linux - -/* -Copyright 2014 The Kubernetes Authors All rights reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kubelet - -import ( - "k8s.io/kubernetes/pkg/api" - "k8s.io/kubernetes/pkg/volume" -) - -func (_ *Kubelet) manageVolumeOwnership(pod *api.Pod, volSpec *volume.Spec, builder volume.Builder, fsGroup int64) error { - return nil -}