Merge pull request #51296 from kokhang/kubeadm-flexvolume

Automatic merge from submit-queue (batch tested with PRs 51054, 51101, 50031, 51296, 51173) Add host mountpath to controller-manager for flexvolume dir Controller manager needs access to Flexvolume plugin when using attach-detach controller interface. This PR adds the host mount path for the default directory of flexvolume plugins Fixes https://github.com/kubernetes/kubeadm/issues/410
2025-07-24 12:15:52 +00:00 · 2017-08-26 02:05:36 -07:00 · 2017-08-26 02:05:36 -07:00 · 25a2177a95
commit 25a2177a95
parent 932e07af53 c682d7cd74
2 changed files with 36 additions and 3 deletions
--- a/cmd/kubeadm/app/phases/controlplane/volumes.go
+++ b/cmd/kubeadm/app/phases/controlplane/volumes.go
@ -30,9 +30,11 @@ import (
 )

 const (
-	caCertsVolumeName    = "ca-certs"
-	caCertsVolumePath    = "/etc/ssl/certs"
-	caCertsPkiVolumeName = "ca-certs-etc-pki"
+	caCertsVolumeName       = "ca-certs"
+	caCertsVolumePath       = "/etc/ssl/certs"
+	caCertsPkiVolumeName    = "ca-certs-etc-pki"
+	flexvolumeDirVolumeName = "flexvolume-dir"
+	flexvolumeDirVolumePath = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec"
 )

 // caCertsPkiVolumePath specifies the path that can be conditionally mounted into the apiserver and controller-manager containers
@ -68,6 +70,9 @@ func getHostPathVolumesForTheControlPlane(cfg *kubeadmapi.MasterConfiguration) c
 	// Read-only mount for the controller manager kubeconfig file
 	controllerManagerKubeConfigFile := filepath.Join(kubeadmconstants.KubernetesDir, kubeadmconstants.ControllerManagerKubeConfigFileName)
 	mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, kubeadmconstants.KubeConfigVolumeName, controllerManagerKubeConfigFile, controllerManagerKubeConfigFile, true, &hostPathFileOrCreate)
+	// Mount for the flexvolume directory (/usr/libexec/kubernetes/kubelet-plugins/volume/exec) directory
+	// Flexvolume dir must NOT be readonly as it is used for third-party plugins to integrate with their storage backends via unix domain socket.
+	mounts.NewHostPathMount(kubeadmconstants.KubeControllerManager, flexvolumeDirVolumeName, flexvolumeDirVolumePath, flexvolumeDirVolumePath, false, &hostPathDirectoryOrCreate)

 	// HostPath volumes for the scheduler
 	// Read-only mount for the scheduler kubeconfig file
--- a/cmd/kubeadm/app/phases/controlplane/volumes_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/volumes_test.go
@ -309,6 +309,15 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
 							},
 						},
 					},
+					{
+						Name: "flexvolume-dir",
+						VolumeSource: v1.VolumeSource{
+							HostPath: &v1.HostPathVolumeSource{
+								Path: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec",
+								Type: &hostPathDirectoryOrCreate,
+							},
+						},
+					},
 				},
 				kubeadmconstants.KubeScheduler: {
 					{
@ -351,6 +360,11 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
 						MountPath: "/etc/kubernetes/controller-manager.conf",
 						ReadOnly:  true,
 					},
+					{
+						Name:      "flexvolume-dir",
+						MountPath: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec",
+						ReadOnly:  false,
+					},
 				},
 				kubeadmconstants.KubeScheduler: {
 					{
@ -439,6 +453,15 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
 							},
 						},
 					},
+					{
+						Name: "flexvolume-dir",
+						VolumeSource: v1.VolumeSource{
+							HostPath: &v1.HostPathVolumeSource{
+								Path: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec",
+								Type: &hostPathDirectoryOrCreate,
+							},
+						},
+					},
 				},
 				kubeadmconstants.KubeScheduler: {
 					{
@ -491,6 +514,11 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
 						MountPath: "/etc/kubernetes/controller-manager.conf",
 						ReadOnly:  true,
 					},
+					{
+						Name:      "flexvolume-dir",
+						MountPath: "/usr/libexec/kubernetes/kubelet-plugins/volume/exec",
+						ReadOnly:  false,
+					},
 				},
 				kubeadmconstants.KubeScheduler: {
 					{