mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 04:06:03 +00:00
Merge pull request #70495 from rosti/writable-to-readonly-volumes
kubeadm: Writable to ReadOnly in HostPathMount
This commit is contained in:
commit
474e27f914
@ -369,8 +369,8 @@ type HostPathMount struct {
|
||||
HostPath string
|
||||
// MountPath is the path inside the pod where hostPath will be mounted.
|
||||
MountPath string
|
||||
// Writable controls write access to the volume
|
||||
Writable bool
|
||||
// ReadOnly controls write access to the volume
|
||||
ReadOnly bool
|
||||
// PathType is the type of the HostPath.
|
||||
PathType v1.HostPathType
|
||||
}
|
||||
|
@ -17,8 +17,6 @@ limitations under the License.
|
||||
package v1alpha3
|
||||
|
||||
import (
|
||||
"unsafe"
|
||||
|
||||
"k8s.io/apimachinery/pkg/conversion"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
)
|
||||
@ -85,14 +83,20 @@ func Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in *C
|
||||
}
|
||||
|
||||
out.APIServer.ExtraArgs = in.APIServerExtraArgs
|
||||
out.APIServer.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.APIServerExtraVolumes))
|
||||
out.APIServer.CertSANs = in.APIServerCertSANs
|
||||
if err := convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&in.APIServerExtraVolumes, &out.APIServer.ExtraVolumes, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
out.ControllerManager.ExtraArgs = in.ControllerManagerExtraArgs
|
||||
out.ControllerManager.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.ControllerManagerExtraVolumes))
|
||||
if err := convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&in.ControllerManagerExtraVolumes, &out.ControllerManager.ExtraVolumes, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
out.Scheduler.ExtraArgs = in.SchedulerExtraArgs
|
||||
out.Scheduler.ExtraVolumes = *(*[]kubeadm.HostPathMount)(unsafe.Pointer(&in.SchedulerExtraVolumes))
|
||||
if err := convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&in.SchedulerExtraVolumes, &out.Scheduler.ExtraVolumes, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@ -103,14 +107,66 @@ func Convert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in *k
|
||||
}
|
||||
|
||||
out.APIServerExtraArgs = in.APIServer.ExtraArgs
|
||||
out.APIServerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.APIServer.ExtraVolumes))
|
||||
out.APIServerCertSANs = in.APIServer.CertSANs
|
||||
if err := convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&in.APIServer.ExtraVolumes, &out.APIServerExtraVolumes, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
out.ControllerManagerExtraArgs = in.ControllerManager.ExtraArgs
|
||||
out.ControllerManagerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.ControllerManager.ExtraVolumes))
|
||||
if err := convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&in.ControllerManager.ExtraVolumes, &out.ControllerManagerExtraVolumes, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
out.SchedulerExtraArgs = in.Scheduler.ExtraArgs
|
||||
out.SchedulerExtraVolumes = *(*[]HostPathMount)(unsafe.Pointer(&in.Scheduler.ExtraVolumes))
|
||||
if err := convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&in.Scheduler.ExtraVolumes, &out.SchedulerExtraVolumes, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMount, out *kubeadm.HostPathMount, s conversion.Scope) error {
|
||||
if err := autoConvert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in, out, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
out.ReadOnly = !in.Writable
|
||||
return nil
|
||||
}
|
||||
|
||||
func Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *kubeadm.HostPathMount, out *HostPathMount, s conversion.Scope) error {
|
||||
if err := autoConvert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in, out, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
out.Writable = !in.ReadOnly
|
||||
return nil
|
||||
}
|
||||
|
||||
func convertSlice_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *[]HostPathMount, out *[]kubeadm.HostPathMount, s conversion.Scope) error {
|
||||
if *in != nil {
|
||||
*out = make([]kubeadm.HostPathMount, len(*in))
|
||||
for i := range *in {
|
||||
if err := Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(&(*in)[i], &(*out)[i], s); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
} else {
|
||||
*out = nil
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func convertSlice_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *[]kubeadm.HostPathMount, out *[]HostPathMount, s conversion.Scope) error {
|
||||
if *in != nil {
|
||||
*out = make([]HostPathMount, len(*in))
|
||||
for i := range *in {
|
||||
if err := Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(&(*in)[i], &(*out)[i], s); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
} else {
|
||||
*out = nil
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -182,6 +182,11 @@ func RegisterConversions(s *runtime.Scheme) error {
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddConversionFunc((*kubeadm.HostPathMount)(nil), (*HostPathMount)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(a.(*kubeadm.HostPathMount), b.(*HostPathMount), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddConversionFunc((*kubeadm.JoinConfiguration)(nil), (*JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_kubeadm_JoinConfiguration_To_v1alpha3_JoinConfiguration(a.(*kubeadm.JoinConfiguration), b.(*JoinConfiguration), scope)
|
||||
}); err != nil {
|
||||
@ -192,6 +197,11 @@ func RegisterConversions(s *runtime.Scheme) error {
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddConversionFunc((*HostPathMount)(nil), (*kubeadm.HostPathMount)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(a.(*HostPathMount), b.(*kubeadm.HostPathMount), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddConversionFunc((*JoinConfiguration)(nil), (*kubeadm.JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_v1alpha3_JoinConfiguration_To_kubeadm_JoinConfiguration(a.(*JoinConfiguration), b.(*kubeadm.JoinConfiguration), scope)
|
||||
}); err != nil {
|
||||
@ -422,30 +432,20 @@ func autoConvert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMou
|
||||
out.Name = in.Name
|
||||
out.HostPath = in.HostPath
|
||||
out.MountPath = in.MountPath
|
||||
out.Writable = in.Writable
|
||||
// WARNING: in.Writable requires manual conversion: does not exist in peer-type
|
||||
out.PathType = corev1.HostPathType(in.PathType)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount is an autogenerated conversion function.
|
||||
func Convert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMount, out *kubeadm.HostPathMount, s conversion.Scope) error {
|
||||
return autoConvert_v1alpha3_HostPathMount_To_kubeadm_HostPathMount(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *kubeadm.HostPathMount, out *HostPathMount, s conversion.Scope) error {
|
||||
out.Name = in.Name
|
||||
out.HostPath = in.HostPath
|
||||
out.MountPath = in.MountPath
|
||||
out.Writable = in.Writable
|
||||
// WARNING: in.ReadOnly requires manual conversion: does not exist in peer-type
|
||||
out.PathType = corev1.HostPathType(in.PathType)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount is an autogenerated conversion function.
|
||||
func Convert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in *kubeadm.HostPathMount, out *HostPathMount, s conversion.Scope) error {
|
||||
return autoConvert_kubeadm_HostPathMount_To_v1alpha3_HostPathMount(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_v1alpha3_InitConfiguration_To_kubeadm_InitConfiguration(in *InitConfiguration, out *kubeadm.InitConfiguration, s conversion.Scope) error {
|
||||
if err := Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(&in.ClusterConfiguration, &out.ClusterConfiguration, s); err != nil {
|
||||
return err
|
||||
|
@ -207,7 +207,7 @@ limitations under the License.
|
||||
// - name: "some-volume"
|
||||
// hostPath: "/etc/some-path"
|
||||
// mountPath: "/etc/some-pod-path"
|
||||
// writable: true
|
||||
// readOnly: false
|
||||
// pathType: File
|
||||
// certSANs:
|
||||
// - "10.100.1.1"
|
||||
@ -219,7 +219,7 @@ limitations under the License.
|
||||
// - name: "some-volume"
|
||||
// hostPath: "/etc/some-path"
|
||||
// mountPath: "/etc/some-pod-path"
|
||||
// writable: true
|
||||
// readOnly: false
|
||||
// pathType: File
|
||||
// scheduler:
|
||||
// extraArgs:
|
||||
@ -228,7 +228,7 @@ limitations under the License.
|
||||
// - name: "some-volume"
|
||||
// hostPath: "/etc/some-path"
|
||||
// mountPath: "/etc/some-pod-path"
|
||||
// writable: true
|
||||
// readOnly: false
|
||||
// pathType: File
|
||||
// certificatesDir: "/etc/kubernetes/pki"
|
||||
// imageRepository: "k8s.gcr.io"
|
||||
|
@ -336,8 +336,8 @@ type HostPathMount struct {
|
||||
HostPath string `json:"hostPath"`
|
||||
// MountPath is the path inside the pod where hostPath will be mounted.
|
||||
MountPath string `json:"mountPath"`
|
||||
// Writable controls write access to the volume
|
||||
Writable bool `json:"writable,omitempty"`
|
||||
// ReadOnly controls write access to the volume
|
||||
ReadOnly bool `json:"readOnly,omitempty"`
|
||||
// PathType is the type of the HostPath.
|
||||
PathType v1.HostPathType `json:"pathType,omitempty"`
|
||||
}
|
||||
|
@ -590,7 +590,7 @@ func autoConvert_v1beta1_HostPathMount_To_kubeadm_HostPathMount(in *HostPathMoun
|
||||
out.Name = in.Name
|
||||
out.HostPath = in.HostPath
|
||||
out.MountPath = in.MountPath
|
||||
out.Writable = in.Writable
|
||||
out.ReadOnly = in.ReadOnly
|
||||
out.PathType = corev1.HostPathType(in.PathType)
|
||||
return nil
|
||||
}
|
||||
@ -604,7 +604,7 @@ func autoConvert_kubeadm_HostPathMount_To_v1beta1_HostPathMount(in *kubeadm.Host
|
||||
out.Name = in.Name
|
||||
out.HostPath = in.HostPath
|
||||
out.MountPath = in.MountPath
|
||||
out.Writable = in.Writable
|
||||
out.ReadOnly = in.ReadOnly
|
||||
out.PathType = corev1.HostPathType(in.PathType)
|
||||
return nil
|
||||
}
|
||||
|
@ -151,7 +151,7 @@ func (c *controlPlaneHostPathMounts) AddExtraHostPathMounts(component string, ex
|
||||
for _, extraVol := range extraVols {
|
||||
fmt.Printf("[controlplane] Adding extra host path mount %q to %q\n", extraVol.Name, component)
|
||||
hostPathType := extraVol.PathType
|
||||
c.NewHostPathMount(component, extraVol.Name, extraVol.HostPath, extraVol.MountPath, !extraVol.Writable, &hostPathType)
|
||||
c.NewHostPathMount(component, extraVol.Name, extraVol.HostPath, extraVol.MountPath, extraVol.ReadOnly, &hostPathType)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -621,28 +621,28 @@ func TestAddExtraHostPathMounts(t *testing.T) {
|
||||
Name: "foo-0",
|
||||
HostPath: "/tmp/qux-0",
|
||||
MountPath: "/tmp/qux-0",
|
||||
Writable: false,
|
||||
ReadOnly: true,
|
||||
PathType: v1.HostPathFile,
|
||||
},
|
||||
{
|
||||
Name: "bar-0",
|
||||
HostPath: "/tmp/asd-0",
|
||||
MountPath: "/tmp/asd-0",
|
||||
Writable: true,
|
||||
ReadOnly: false,
|
||||
PathType: v1.HostPathDirectory,
|
||||
},
|
||||
{
|
||||
Name: "foo-1",
|
||||
HostPath: "/tmp/qux-1",
|
||||
MountPath: "/tmp/qux-1",
|
||||
Writable: false,
|
||||
ReadOnly: true,
|
||||
PathType: v1.HostPathFileOrCreate,
|
||||
},
|
||||
{
|
||||
Name: "bar-1",
|
||||
HostPath: "/tmp/asd-1",
|
||||
MountPath: "/tmp/asd-1",
|
||||
Writable: true,
|
||||
ReadOnly: false,
|
||||
PathType: v1.HostPathDirectoryOrCreate,
|
||||
},
|
||||
}
|
||||
@ -672,8 +672,8 @@ func TestAddExtraHostPathMounts(t *testing.T) {
|
||||
if volMount.MountPath != hostMount.MountPath {
|
||||
t.Errorf("Expected container path %q", hostMount.MountPath)
|
||||
}
|
||||
if volMount.ReadOnly != !hostMount.Writable {
|
||||
t.Errorf("Expected volume writable setting %t", hostMount.Writable)
|
||||
if volMount.ReadOnly != hostMount.ReadOnly {
|
||||
t.Errorf("Expected volume readOnly setting %t", hostMount.ReadOnly)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -5,7 +5,17 @@ APIServer:
|
||||
CertSANs: null
|
||||
ExtraArgs:
|
||||
authorization-mode: Node,RBAC,Webhook
|
||||
ExtraVolumes: null
|
||||
ExtraVolumes:
|
||||
- HostPath: /host/read-only
|
||||
MountPath: /mount/read-only
|
||||
Name: ReadOnlyVolume
|
||||
PathType: ""
|
||||
ReadOnly: true
|
||||
- HostPath: /host/writable
|
||||
MountPath: /mount/writable
|
||||
Name: WritableVolume
|
||||
PathType: ""
|
||||
ReadOnly: false
|
||||
AuditPolicyConfiguration:
|
||||
LogDir: /var/log/kubernetes/audit
|
||||
LogMaxAge: 2
|
||||
|
@ -20,6 +20,14 @@ nodeRegistration:
|
||||
---
|
||||
apiServerExtraArgs:
|
||||
authorization-mode: Node,RBAC,Webhook
|
||||
apiServerExtraVolumes:
|
||||
- hostPath: /host/read-only
|
||||
mountPath: /mount/read-only
|
||||
name: ReadOnlyVolume
|
||||
- hostPath: /host/writable
|
||||
mountPath: /mount/writable
|
||||
name: WritableVolume
|
||||
writable: true
|
||||
apiVersion: kubeadm.k8s.io/v1alpha3
|
||||
auditPolicy:
|
||||
logDir: /var/log/kubernetes/audit
|
||||
|
@ -21,6 +21,14 @@ nodeRegistration:
|
||||
apiServer:
|
||||
extraArgs:
|
||||
authorization-mode: Node,RBAC,Webhook
|
||||
extraVolumes:
|
||||
- hostPath: /host/read-only
|
||||
mountPath: /mount/read-only
|
||||
name: ReadOnlyVolume
|
||||
readOnly: true
|
||||
- hostPath: /host/writable
|
||||
mountPath: /mount/writable
|
||||
name: WritableVolume
|
||||
apiVersion: kubeadm.k8s.io/v1beta1
|
||||
auditPolicy:
|
||||
logDir: /var/log/kubernetes/audit
|
||||
|
Loading…
Reference in New Issue
Block a user