github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 19:31:44 +00:00
Code Issues Projects Releases Wiki Activity

volume: FeatureGate access to GetHostIDsForPod()

Browse Source 
After the userns PR got merged:
	https://github.com/kubernetes/kubernetes/pull/111090

gnufied decided it might be safer if we feature gate this part of the
code, due to the kubelet volume host type assertion.

That is a great catch and this patch just moves the code inside the
feature gate if.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos 2022-08-04 13:46:09 +02:00
parent ef7fc10460
commit 4267f2ee0c
1 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
pkg/volume/util/operationexecutor/operation_generator.go
View File

@ -669,17 +669,29 @@ func (og *operationGenerator) GenerateMountVolumeFunc(
resizeOptions.DeviceStagePath = deviceMountPath
}
kvh, ok := og.GetVolumePluginMgr().Host.(volume.KubeletVolumeHost)
if !ok {
eventErr, detailedErr := volumeToMount.GenerateError("MountVolume type assertion error", fmt.Errorf("volume host does not implement KubeletVolumeHost interface"))
return volumetypes.NewOperationContext(eventErr, detailedErr, migrated)
}
uid := util.FsUserFrom(volumeToMount.Pod)
hostUID, hostGID, err := kvh.GetHostIDsForPod(volumeToMount.Pod, uid, fsGroup)
if err != nil {
msg := fmt.Sprintf("MountVolume.GetHostIDsForPod failed to find host ID in user namespace (UID: %v GID: %v)", uid, fsGroup)
eventErr, detailedErr := volumeToMount.GenerateError(msg, err)
return volumetypes.NewOperationContext(eventErr, detailedErr, migrated)
// No mapping is needed for hostUID/hostGID if userns is not used.
// Therefore, just assign the container users to host UID/GID.
hostUID := util.FsUserFrom(volumeToMount.Pod)
hostGID := fsGroup
if utilfeature.DefaultFeatureGate.Enabled(features.UserNamespacesStatelessPodsSupport) {
// Without userns hostUID/GID was the user inside the container too.
containerUID, containerGID := hostUID, hostGID
kvh, ok := og.GetVolumePluginMgr().Host.(volume.KubeletVolumeHost)
if !ok {
msg := fmt.Errorf("volume host does not implement KubeletVolumeHost interface")
eventErr, detailedErr := volumeToMount.GenerateError("MountVolume type assertion error", msg)
return volumetypes.NewOperationContext(eventErr, detailedErr, migrated)
}
// This pod _might_ use userns. GetHostIDsForPod() will give us the right
// UID/GID to use for this pod (no matter if the pod uses userns or not).
hostUID, hostGID, err = kvh.GetHostIDsForPod(volumeToMount.Pod, containerUID, containerGID)
if err != nil {
msg := fmt.Sprintf("MountVolume.GetHostIDsForPod failed to find host ID in user namespace (UID: %v GID: %v)", containerUID, containerGID)
eventErr, detailedErr := volumeToMount.GenerateError(msg, err)
return volumetypes.NewOperationContext(eventErr, detailedErr, migrated)
}
}
// Execute mount