Remove manageVolumeOwnership from kubelet

2025-08-05 02:09:56 +00:00 · 2015-12-18 14:02:48 -05:00 · 2015-12-18 14:02:48 -05:00 · 125295ba40
commit 125295ba40
parent f650648aae
5 changed files with 0 additions and 135 deletions
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@ -55,8 +55,6 @@ import (
 	"k8s.io/kubernetes/pkg/kubelet/server"
 	kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
 	"k8s.io/kubernetes/pkg/util"
-	"k8s.io/kubernetes/pkg/util/chmod"
-	"k8s.io/kubernetes/pkg/util/chown"
 	"k8s.io/kubernetes/pkg/util/io"
 	"k8s.io/kubernetes/pkg/util/mount"
 	nodeutil "k8s.io/kubernetes/pkg/util/node"
@ -133,9 +131,6 @@ func UnsecuredKubeletConfig(s *options.KubeletServer) (*KubeletConfig, error) {
 		writer = &io.NsenterWriter{}
 	}

-	chmodRunner := chmod.New()
-	chownRunner := chown.New()
-
 	tlsOptions, err := InitializeTLS(s)
 	if err != nil {
 		return nil, err
@ -210,8 +205,6 @@ func UnsecuredKubeletConfig(s *options.KubeletServer) (*KubeletConfig, error) {
 		MaxPods:                   s.MaxPods,
 		MinimumGCAge:              s.MinimumGCAge,
 		Mounter:                   mounter,
-		ChownRunner:               chownRunner,
-		ChmodRunner:               chmodRunner,
 		NetworkPluginName:         s.NetworkPluginName,
 		NetworkPlugins:            ProbeNetworkPlugins(s.NetworkPluginDir),
 		NodeLabels:                s.NodeLabels,
@ -503,8 +496,6 @@ func SimpleKubelet(client *client.Client,
 		MaxPods:                   maxPods,
 		MinimumGCAge:              minimumGCAge,
 		Mounter:                   mount.New(),
-		ChownRunner:               chown.New(),
-		ChmodRunner:               chmod.New(),
 		NodeStatusUpdateFrequency: nodeStatusUpdateFrequency,
 		OOMAdjuster:               oom.NewFakeOOMAdjuster(),
 		OSInterface:               osInterface,
@ -687,8 +678,6 @@ type KubeletConfig struct {
 	MaxPods                        int
 	MinimumGCAge                   time.Duration
 	Mounter                        mount.Interface
-	ChownRunner                    chown.Interface
-	ChmodRunner                    chmod.Interface
 	NetworkPluginName              string
 	NetworkPlugins                 []network.NetworkPlugin
 	NodeName                       string
@ -793,8 +782,6 @@ func CreateAndInitKubelet(kc *KubeletConfig) (k KubeletBootstrap, pc *config.Pod
 		kc.RktStage1Image,
 		kc.Mounter,
 		kc.Writer,
-		kc.ChownRunner,
-		kc.ChmodRunner,
 		kc.DockerDaemonContainer,
 		kc.SystemContainer,
 		kc.ConfigureCBR0,
--- a/pkg/kubelet/kubelet.go
+++ b/pkg/kubelet/kubelet.go
@ -69,8 +69,6 @@ import (
 	"k8s.io/kubernetes/pkg/util"
 	"k8s.io/kubernetes/pkg/util/atomic"
 	"k8s.io/kubernetes/pkg/util/bandwidth"
-	"k8s.io/kubernetes/pkg/util/chmod"
-	"k8s.io/kubernetes/pkg/util/chown"
 	utilerrors "k8s.io/kubernetes/pkg/util/errors"
 	kubeio "k8s.io/kubernetes/pkg/util/io"
 	"k8s.io/kubernetes/pkg/util/mount"
@ -179,8 +177,6 @@ func NewMainKubelet(
 	rktStage1Image string,
 	mounter mount.Interface,
 	writer kubeio.Writer,
-	chownRunner chown.Interface,
-	chmodRunner chmod.Interface,
 	dockerDaemonContainer string,
 	systemContainer string,
 	configureCBR0 bool,
@ -299,8 +295,6 @@ func NewMainKubelet(
 		oomWatcher:                     oomWatcher,
 		cgroupRoot:                     cgroupRoot,
 		mounter:                        mounter,
-		chmodRunner:                    chmodRunner,
-		chownRunner:                    chownRunner,
 		writer:                         writer,
 		configureCBR0:                  configureCBR0,
 		reconcileCIDR:                  reconcileCIDR,
@ -596,10 +590,6 @@ type Kubelet struct {

 	// Mounter to use for volumes.
 	mounter mount.Interface
-	// chown.Interface implementation to use
-	chownRunner chown.Interface
-	// chmod.Interface implementation to use
-	chmodRunner chmod.Interface

 	// Writer interface to use for volumes.
 	writer kubeio.Writer
--- a/pkg/kubelet/volumes.go
+++ b/pkg/kubelet/volumes.go
@ -119,10 +119,8 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap,
 	podVolumes := make(kubecontainer.VolumeMap)
 	for i := range pod.Spec.Volumes {
 		volSpec := &pod.Spec.Volumes[i]
-		hasFSGroup := false
 		var fsGroup *int64
 		if pod.Spec.SecurityContext != nil && pod.Spec.SecurityContext.FSGroup != nil {
-			hasFSGroup = true
 			fsGroup = pod.Spec.SecurityContext.FSGroup
 		}

@ -145,17 +143,6 @@ func (kl *Kubelet) mountExternalVolumes(pod *api.Pod) (kubecontainer.VolumeMap,
 		if err != nil {
 			return nil, err
 		}
-		if hasFSGroup &&
-			builder.GetAttributes().Managed &&
-			builder.GetAttributes().SupportsOwnershipManagement {
-			err := kl.manageVolumeOwnership(pod, internal, builder, fsGroup)
-			if err != nil {
-				glog.Errorf("Error managing ownership of volume %v for pod %v/%v: %v", internal.Name(), pod.Namespace, pod.Name, err)
-				return nil, err
-			} else {
-				glog.V(3).Infof("Managed ownership of volume %v for pod %v/%v", internal.Name(), pod.Namespace, pod.Name)
-			}
-		}
 		podVolumes[volSpec.Name] = kubecontainer.VolumeInfo{Builder: builder}
 	}
 	return podVolumes, nil
--- a/pkg/kubelet/volumes_linux.go
+++ b/pkg/kubelet/volumes_linux.go
@ -1,71 +0,0 @@
-// +build linux
-
-/*
-Copyright 2014 The Kubernetes Authors All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package kubelet
-
-import (
-	"os"
-	"path/filepath"
-	"syscall"
-
-	"github.com/golang/glog"
-	"k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/volume"
-)
-
-// Bitmasks to OR with current ownership of volumes that allow ownership management by the Kubelet
-const (
-	rwMask = os.FileMode(0660)
-	roMask = os.FileMode(0440)
-)
-
-// manageVolumeOwnership modifies the given volume to be owned by fsGroup.
-func (kl *Kubelet) manageVolumeOwnership(pod *api.Pod, volSpec *volume.Spec, builder volume.Builder, fsGroup int64) error {
-	return filepath.Walk(builder.GetPath(), func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-
-		stat, ok := info.Sys().(*syscall.Stat_t)
-		if !ok {
-			return nil
-		}
-
-		if stat == nil {
-			glog.Errorf("Got nil stat_t for path %v while managing ownership of volume %v for pod %s/%s", path, volSpec.Name, pod.Namespace, pod.Name)
-			return nil
-		}
-
-		err = kl.chownRunner.Chown(path, int(stat.Uid), int(fsGroup))
-		if err != nil {
-			glog.Errorf("Chown failed on %v: %v", path, err)
-		}
-
-		mask := rwMask
-		if builder.GetAttributes().ReadOnly {
-			mask = roMask
-		}
-
-		err = kl.chmodRunner.Chmod(path, info.Mode()|mask|os.ModeSetgid)
-		if err != nil {
-			glog.Errorf("Chmod failed on %v: %v", path, err)
-		}
-
-		return nil
-	})
-}
--- a/pkg/kubelet/volumes_unsupported.go
+++ b/pkg/kubelet/volumes_unsupported.go
@ -1,28 +0,0 @@
-// +build !linux
-
-/*
-Copyright 2014 The Kubernetes Authors All rights reserved.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-package kubelet
-
-import (
-	"k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/volume"
-)
-
-func (_ *Kubelet) manageVolumeOwnership(pod *api.Pod, volSpec *volume.Spec, builder volume.Builder, fsGroup int64) error {
-	return nil
-}