Adds support for attaching GCEPersitentDisks

Adds GCEPersistentDisk volume struct
Adds gce-utils to attach disk to kubelet's VM.
Updates config to give compute-rw to every minion.
Adds GCEPersistentDisk to API
Adds ability to mount attached disks
Generalizes PD and adds tests.
PD now uses an pluggable API interface.
Unit Tests more cleanly separates TearDown and SetUp
Modify boilerplate hook to omit build tags
Adds Mounter interface; mount is now built by OS
TearDown() for PD now detaches disk on final refcount
Un-generalized PD; GCE calls moved to cloudprovider

Address comments.

cluster/gce/config-default.sh

@@ -28,6 +28,6 @@ MASTER_TAG="${INSTANCE_PREFIX}-master"
 MINION_TAG="${INSTANCE_PREFIX}-minion"
 MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${NUM_MINIONS}}))
 MINION_IP_RANGES=($(eval echo "10.244.{1..${NUM_MINIONS}}.0/24"))
-MINION_SCOPES=""
+MINION_SCOPES="compute-rw"
 # Increase the sleep interval value if concerned about API rate limits. 3, in seconds, is the default.
 POLL_SLEEP_INTERVAL=3

pkg/api/types.go

@@ -92,6 +92,9 @@ type VolumeSource struct {
 	HostDir *HostDir `yaml:"hostDir" json:"hostDir"`
 	// EmptyDir represents a temporary directory that shares a pod's lifetime.
 	EmptyDir *EmptyDir `yaml:"emptyDir" json:"emptyDir"`
+	// GCEPersistentDisk represents a GCE Disk resource that is attached to a
+	// kubelet's host machine and then exposed to the pod.
+	GCEPersistentDisk *GCEPersistentDisk `yaml:"persistentDisk" json:"persistentDisk"`
 }
 
 // HostDir represents bare host directory volume.
@@ -111,7 +114,28 @@ const (
 	ProtocolUDP Protocol = "UDP"
 )
 
-// Port represents a network port in a single container.
+// GCEPersistent Disk resource.
+// A GCE PD must exist and be formatted before mounting to a container.
+// The disk must also be in the same GCE project and zone as the kubelet.
+// A GCE PD can only be mounted as read/write once.
+type GCEPersistentDisk struct {
+	// Unique name of the PD resource. Used to identify the disk in GCE
+	PDName string `yaml:"pdName" json:"pdName"`
+	// Required: Filesystem type to mount.
+	// Must be a filesystem type supported by the host operating system.
+	// Ex. "ext4", "xfs", "ntfs"
+	// TODO: how do we prevent errors in the filesystem from compromising the machine
+	FSType string `yaml:"fsType,omitempty" json:"fsType,omitempty"`
+	// Optional: Partition on the disk to mount.
+	// If omitted, kubelet will attempt to mount the device name.
+	// Ex. For /dev/sda1, this field is "1", for /dev/sda, this field is 0 or empty.
+	Partition int `yaml:"partition,omitempty" json:"partition,omitempty"`
+	// Optional: Defaults to false (read/write). ReadOnly here will force
+	// the ReadOnly setting in VolumeMounts.
+	ReadOnly bool `yaml:"readOnly,omitempty" json:"readOnly,omitempty"`
+}
+
+// Port represents a network port in a single container
 type Port struct {
 	// Optional: If specified, this must be a DNS_LABEL.  Each named port
 	// in a pod must have a unique name.

pkg/api/v1beta1/types.go

@@ -90,6 +90,9 @@ type VolumeSource struct {
 	HostDir *HostDir `yaml:"hostDir" json:"hostDir"`
 	// EmptyDir represents a temporary directory that shares a pod's lifetime.
 	EmptyDir *EmptyDir `yaml:"emptyDir" json:"emptyDir"`
+	// GCEPersistentDisk represents a GCE Disk resource that is attached to a
+	// kubelet's host machine and then exposed to the pod.
+	GCEPersistentDisk *GCEPersistentDisk `yaml:"persistentDisk" json:"persistentDisk"`
 }
 
 // HostDir represents bare host directory volume.
@@ -109,7 +112,28 @@ const (
 	ProtocolUDP Protocol = "UDP"
 )
 
-// Port represents a network port in a single container.
+// GCEPersistent Disk resource.
+// A GCE PD must exist before mounting to a container. The disk must
+// also be in the same GCE project and zone as the kubelet.
+// A GCE PD can only be mounted as read/write once.
+type GCEPersistentDisk struct {
+	// Unique name of the PD resource. Used to identify the disk in GCE
+	PDName string `yaml:"pdName" json:"pdName"`
+	// Required: Filesystem type to mount.
+	// Must be a filesystem type supported by the host operating system.
+	// Ex. "ext4", "xfs", "ntfs"
+	// TODO: how do we prevent errors in the filesystem from compromising the machine
+	FSType string `yaml:"fsType,omitempty" json:"fsType,omitempty"`
+	// Optional: Partition on the disk to mount.
+	// If omitted, kubelet will attempt to mount the device name.
+	// Ex. For /dev/sda1, this field is "1", for /dev/sda, this field 0 or empty.
+	Partition int `yaml:"partition,omitempty" json:"partition,omitempty"`
+	// Optional: Defaults to false (read/write). ReadOnly here will force
+	// the ReadOnly setting in VolumeMounts.
+	ReadOnly bool `yaml:"readOnly,omitempty" json:"readOnly,omitempty"`
+}
+
+// Port represents a network port in a single container
 type Port struct {
 	// Optional: If specified, this must be a DNS_LABEL.  Each named port
 	// in a pod must have a unique name.

pkg/api/v1beta2/types.go

@@ -90,6 +90,9 @@ type VolumeSource struct {
 	HostDir *HostDir `yaml:"hostDir" json:"hostDir"`
 	// EmptyDir represents a temporary directory that shares a pod's lifetime.
 	EmptyDir *EmptyDir `yaml:"emptyDir" json:"emptyDir"`
+	// A persistent disk that is mounted to the
+	// kubelet's host machine and then exposed to the pod.
+	GCEPersistentDisk *GCEPersistentDisk `yaml:"persistentDisk" json:"persistentDisk"`
 }
 
 // HostDir represents bare host directory volume.
@@ -124,6 +127,27 @@ type Port struct {
 	HostIP string `yaml:"hostIP,omitempty" json:"hostIP,omitempty"`
 }
 
+// GCEPersistent Disk resource.
+// A GCE PD must exist before mounting to a container. The disk must
+// also be in the same GCE project and zone as the kubelet.
+// A GCE PD can only be mounted as read/write once.
+type GCEPersistentDisk struct {
+	// Unique name of the PD resource. Used to identify the disk in GCE
+	PDName string `yaml:"pdName" json:"pdName"`
+	// Required: Filesystem type to mount.
+	// Must be a filesystem type supported by the host operating system.
+	// Ex. "ext4", "xfs", "ntfs"
+	// TODO: how do we prevent errors in the filesystem from compromising the machine
+	FSType string `yaml:"fsType,omitempty" json:"fsType,omitempty"`
+	// Optional: Partition on the disk to mount.
+	// If omitted, kubelet will attempt to mount the device name.
+	// Ex. For /dev/sda1, this field is "1", for /dev/sda, this field 0 or empty.
+	Partition int `yaml:"partition,omitempty" json:"partition,omitempty"`
+	// Optional: Defaults to false (read/write). ReadOnly here will force
+	// the ReadOnly setting in VolumeMounts.
+	ReadOnly bool `yaml:"readOnly,omitempty" json:"readOnly,omitempty"`
+}
+
 // VolumeMount describes a mounting of a Volume within a container.
 type VolumeMount struct {
 	// Required: This must match the Name of a Volume [above].

pkg/api/v1beta3/types.go

@@ -175,6 +175,9 @@ type VolumeSource struct {
 	HostDir *HostDir `json:"hostDir" yaml:"hostDir"`
 	// EmptyDir represents a temporary directory that shares a pod's lifetime.
 	EmptyDir *EmptyDir `json:"emptyDir" yaml:"emptyDir"`
+	// GCEPersistentDisk represents a GCE Disk resource that is attached to a
+	// kubelet's host machine and then exposed to the pod.
+	GCEPersistentDisk *GCEPersistentDisk `yaml:"persistentDisk" json:"persistentDisk"`
 }
 
 // HostDir represents bare host directory volume.
@@ -194,6 +197,27 @@ const (
 	ProtocolUDP Protocol = "UDP"
 )
 
+// GCEPersistent Disk resource.
+// A GCE PD must exist and be formatted before mounting to a container.
+// The disk must also be in the same GCE project and zone as the kubelet.
+// A GCE PD can only be mounted as read/write once.
+type GCEPersistentDisk struct {
+	// Unique name of the PD resource. Used to identify the disk in GCE
+	PDName string `yaml:"pdName" json:"pdName"`
+	// Required: Filesystem type to mount.
+	// Must be a filesystem type supported by the host operating system.
+	// Ex. "ext4", "xfs", "ntfs"
+	// TODO: how do we prevent errors in the filesystem from compromising the machine
+	FSType string `yaml:"fsType,omitempty" json:"fsType,omitempty"`
+	// Optional: Partition on the disk to mount.
+	// If omitted, kubelet will attempt to mount the device name.
+	// Ex. For /dev/sda1, this field is "1", for /dev/sda, this field is 0 or empty.
+	Partition int `yaml:"partition,omitempty" json:"partition,omitempty"`
+	// Optional: Defaults to false (read/write). ReadOnly here will force
+	// the ReadOnly setting in VolumeMounts.
+	ReadOnly bool `yaml:"readOnly,omitempty" json:"readOnly,omitempty"`
+}
+
 // Port represents a network port in a single container.
 type Port struct {
 	// Optional: If specified, this must be a DNS_LABEL.  Each named port

pkg/api/validation/validation.go

@@ -64,6 +64,10 @@ func validateSource(source *api.VolumeSource) errs.ErrorList {
 		numVolumes++
 		//EmptyDirs have nothing to validate
 	}
+	if source.GCEPersistentDisk != nil {
+		numVolumes++
+		allErrs = append(allErrs, validateGCEPersistentDisk(source.GCEPersistentDisk)...)
+	}
 	if numVolumes != 1 {
 		allErrs = append(allErrs, errs.NewFieldInvalid("", source))
 	}
@@ -80,6 +84,20 @@ func validateHostDir(hostDir *api.HostDir) errs.ErrorList {
 
 var supportedPortProtocols = util.NewStringSet(string(api.ProtocolTCP), string(api.ProtocolUDP))
 
+func validateGCEPersistentDisk(PD *api.GCEPersistentDisk) errs.ErrorList {
+	allErrs := errs.ErrorList{}
+	if PD.PDName == "" {
+		allErrs = append(allErrs, errs.NewFieldInvalid("PD.PDName", PD.PDName))
+	}
+	if PD.FSType == "" {
+		allErrs = append(allErrs, errs.NewFieldInvalid("PD.FSType", PD.FSType))
+	}
+	if PD.Partition < 0 || PD.Partition > 255 {
+		allErrs = append(allErrs, errs.NewFieldInvalid("PD.Partition", PD.Partition))
+	}
+	return allErrs
+}
+
 func validatePorts(ports []api.Port) errs.ErrorList {
 	allErrs := errs.ErrorList{}
 
@@ -373,5 +391,17 @@ func ValidateReplicationControllerState(state *api.ReplicationControllerState) e
 		allErrs = append(allErrs, errs.NewFieldInvalid("replicas", state.Replicas))
 	}
 	allErrs = append(allErrs, ValidateManifest(&state.PodTemplate.DesiredState.Manifest).Prefix("podTemplate.desiredState.manifest")...)
+	allErrs = append(allErrs, ValidateReadOnlyPersistentDisks(state.PodTemplate.DesiredState.Manifest.Volumes).Prefix("podTemplate.desiredState.manifest")...)
+	return allErrs
+}
+func ValidateReadOnlyPersistentDisks(volumes []api.Volume) errs.ErrorList {
+	allErrs := errs.ErrorList{}
+	for _, vol := range volumes {
+		if vol.Source.GCEPersistentDisk != nil {
+			if vol.Source.GCEPersistentDisk.ReadOnly == false {
+				allErrs = append(allErrs, errs.NewFieldInvalid("GCEPersistentDisk.ReadOnly", false))
+			}
+		}
+	}
 	return allErrs
 }

pkg/api/validation/validation_test.go

@@ -40,12 +40,13 @@ func TestValidateVolumes(t *testing.T) {
 		{Name: "123", Source: &api.VolumeSource{HostDir: &api.HostDir{"/mnt/path2"}}},
 		{Name: "abc-123", Source: &api.VolumeSource{HostDir: &api.HostDir{"/mnt/path3"}}},
 		{Name: "empty", Source: &api.VolumeSource{EmptyDir: &api.EmptyDir{}}},
+		{Name: "gcepd", Source: &api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDisk{"my-PD", "ext4", 1, false}}},
 	}
 	names, errs := validateVolumes(successCase)
 	if len(errs) != 0 {
 		t.Errorf("expected success: %v", errs)
 	}
-	if len(names) != 4 || !names.HasAll("abc", "123", "abc-123", "empty") {
+	if len(names) != 5 || !names.HasAll("abc", "123", "abc-123", "empty", "gcepd") {
 		t.Errorf("wrong names result: %v", names)
 	}
 
@@ -552,7 +553,14 @@ func TestValidateReplicationController(t *testing.T) {
 		},
 		Labels: validSelector,
 	}
-
+	invalidVolumePodTemplate := api.PodTemplate{
+		DesiredState: api.PodState{
+			Manifest: api.ContainerManifest{
+				Version: "v1beta1",
+				Volumes: []api.Volume{{Name: "gcepd", Source: &api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDisk{"my-PD", "ext4", 1, false}}}},
+			},
+		},
+	}
 	successCases := []api.ReplicationController{
 		{
 			TypeMeta: api.TypeMeta{ID: "abc", Namespace: api.NamespaceDefault},
@@ -609,6 +617,13 @@ func TestValidateReplicationController(t *testing.T) {
 				ReplicaSelector: validSelector,
 			},
 		},
+		"read-write presistent disk": {
+			TypeMeta: api.TypeMeta{ID: "abc"},
+			DesiredState: api.ReplicationControllerState{
+				ReplicaSelector: validSelector,
+				PodTemplate:     invalidVolumePodTemplate,
+			},
+		},
 		"negative_replicas": {
 			TypeMeta: api.TypeMeta{ID: "abc", Namespace: api.NamespaceDefault},
 			DesiredState: api.ReplicationControllerState{
@@ -628,6 +643,7 @@ func TestValidateReplicationController(t *testing.T) {
 				field != "id" &&
 				field != "namespace" &&
 				field != "desiredState.replicaSelector" &&
+				field != "GCEPersistentDisk.ReadOnly" &&
 				field != "desiredState.replicas" {
 				t.Errorf("%s: missing prefix for: %v", k, errs[i])
 			}

pkg/cloudprovider/gce/gce.go

@@ -23,6 +23,7 @@ import (
 	"net"
 	"net/http"
 	"os/exec"
+	"path"
 	"strconv"
 	"strings"
 	"time"
@@ -41,43 +42,71 @@ type GCECloud struct {
 	service    *compute.Service
 	projectID  string
 	zone       string
-	instanceRE string
+	instanceID string
 }
 
 func init() {
 	cloudprovider.RegisterCloudProvider("gce", func(config io.Reader) (cloudprovider.Interface, error) { return newGCECloud() })
 }
 
-func getProjectAndZone() (string, string, error) {
+func getMetadata(url string) (string, error) {
 	client := http.Client{}
-	url := "http://metadata/computeMetadata/v1/instance/zone"
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}
 	req.Header.Add("X-Google-Metadata-Request", "True")
 	res, err := client.Do(req)
 	if err != nil {
-		return "", "", err
+		return "", err
 	}
 	defer res.Body.Close()
 	data, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return "", err
+	}
+	return string(data), nil
+}
+
+func getProjectAndZone() (string, string, error) {
+	url := "http://metadata/computeMetadata/v1/instance/zone"
+	result, err := getMetadata(url)
 	if err != nil {
 		return "", "", err
 	}
-	parts := strings.Split(string(data), "/")
+	parts := strings.Split(result, "/")
 	if len(parts) != 4 {
-		return "", "", fmt.Errorf("Unexpected response: %s", string(data))
+		return "", "", fmt.Errorf("Unexpected response: %s", result)
 	}
 	return parts[1], parts[3], nil
 }
 
+func getInstanceID() (string, error) {
+	url := "http://metadata/computeMetadata/v1/instance/hostname"
+	result, err := getMetadata(url)
+	if err != nil {
+		return "", err
+	}
+	parts := strings.Split(result, ".")
+	if len(parts) == 0 {
+		return "", fmt.Errorf("Unexpected response: %s", result)
+	}
+	return parts[0], nil
+}
+
 // newGCECloud creates a new instance of GCECloud.
 func newGCECloud() (*GCECloud, error) {
 	projectID, zone, err := getProjectAndZone()
 	if err != nil {
 		return nil, err
 	}
+	// TODO: if we want to use this on a machine that doesn't have the http://metadata server
+	// e.g. on a user's machine (not VM) somewhere, we need to have an alternative for
+	// instance id lookup.
+	instanceID, err := getInstanceID()
+	if err != nil {
+		return nil, err
+	}
 	client, err := serviceaccount.NewClient(&serviceaccount.Options{})
 	if err != nil {
 		return nil, err
@@ -87,9 +116,10 @@ func newGCECloud() (*GCECloud, error) {
 		return nil, err
 	}
 	return &GCECloud{
-		service:   svc,
-		projectID: projectID,
-		zone:      zone,
+		service:    svc,
+		projectID:  projectID,
+		zone:       zone,
+		instanceID: instanceID,
 	}, nil
 }
 
@@ -310,6 +340,29 @@ func (gce *GCECloud) GetZone() (cloudprovider.Zone, error) {
 	}, nil
 }
 
+func (gce *GCECloud) AttachDisk(diskName string, readOnly bool) error {
+	disk, err := gce.getDisk(diskName)
+	if err != nil {
+		return err
+	}
+	readWrite := "READ_WRITE"
+	if readOnly {
+		readWrite = "READ_ONLY"
+	}
+	attachedDisk := gce.convertDiskToAttachedDisk(disk, readWrite)
+	_, err = gce.service.Instances.AttachDisk(gce.projectID, gce.zone, gce.instanceID, attachedDisk).Do()
+	return err
+}
+
+func (gce *GCECloud) DetachDisk(devicePath string) error {
+	_, err := gce.service.Instances.DetachDisk(gce.projectID, gce.zone, gce.instanceID, devicePath).Do()
+	return err
+}
+
+func (gce *GCECloud) getDisk(diskName string) (*compute.Disk, error) {
+	return gce.service.Disks.Get(gce.projectID, gce.zone, diskName).Do()
+}
+
 // getGceRegion returns region of the gce zone. Zone names
 // are of the form: ${region-name}-${ix}.
 // For example "us-central1-b" has a region of "us-central1".
@@ -321,3 +374,14 @@ func getGceRegion(zone string) (string, error) {
 	}
 	return zone[:ix], nil
 }
+
+// Converts a Disk resource to an AttachedDisk resource.
+func (gce *GCECloud) convertDiskToAttachedDisk(disk *compute.Disk, readWrite string) *compute.AttachedDisk {
+	return &compute.AttachedDisk{
+		DeviceName: disk.Name,
+		Kind:       disk.Kind,
+		Mode:       readWrite,
+		Source:     "https://" + path.Join("www.googleapis.com/compute/v1/projects/", gce.projectID, "zones", gce.zone, "disks", disk.Name),
+		Type:       "PERSISTENT",
+	}
+}

pkg/volume/gce_util.go

@@ -0,0 +1,136 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package volume
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path"
+	"path/filepath"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider"
+	"github.com/GoogleCloudPlatform/kubernetes/pkg/cloudprovider/gce"
+)
+
+const partitionRegex = "[a-z][a-z]*(?P<partition>[0-9][0-9]*)?"
+
+var regexMatcher = regexp.MustCompile(partitionRegex)
+
+type GCEDiskUtil struct{}
+
+// Attaches a disk specified by a volume.GCEPersistentDisk to the current kubelet.
+// Mounts the disk to it's global path.
+func (util *GCEDiskUtil) AttachDisk(GCEPD *GCEPersistentDisk) error {
+	gce, err := cloudprovider.GetCloudProvider("gce", nil)
+	if err != nil {
+		return err
+	}
+	flags := uintptr(0)
+	if GCEPD.ReadOnly {
+		flags = MOUNT_MS_RDONLY
+	}
+	if err := gce.(*gce_cloud.GCECloud).AttachDisk(GCEPD.PDName, GCEPD.ReadOnly); err != nil {
+		return err
+	}
+	devicePath := path.Join("/dev/disk/by-id/", "google-"+GCEPD.PDName)
+	if GCEPD.Partition != "" {
+		devicePath = devicePath + "-part" + GCEPD.Partition
+	}
+	//TODO(jonesdl) There should probably be better method than busy-waiting here.
+	numTries := 0
+	for {
+		_, err := os.Stat(devicePath)
+		if err == nil {
+			break
+		}
+		if err != nil && !os.IsNotExist(err) {
+			return err
+		}
+		numTries++
+		if numTries == 10 {
+			return errors.New("Could not attach disk: Timeout after 10s")
+		}
+		time.Sleep(time.Second)
+	}
+	globalPDPath := makeGlobalPDName(GCEPD.RootDir, GCEPD.PDName, GCEPD.ReadOnly)
+	// Only mount the PD globally once.
+	_, err = os.Stat(globalPDPath)
+	if os.IsNotExist(err) {
+		err = os.MkdirAll(globalPDPath, 0750)
+		if err != nil {
+			return err
+		}
+		err = GCEPD.mounter.Mount(devicePath, globalPDPath, GCEPD.FSType, flags, "")
+		if err != nil {
+			os.RemoveAll(globalPDPath)
+			return err
+		}
+	} else if err != nil {
+		return err
+	}
+	return nil
+}
+
+func getDeviceName(devicePath, canonicalDevicePath string) (string, error) {
+	isMatch := regexMatcher.MatchString(path.Base(canonicalDevicePath))
+	if !isMatch {
+		return "", fmt.Errorf("unexpected device: %s", canonicalDevicePath)
+	}
+	if isMatch {
+		result := make(map[string]string)
+		substrings := regexMatcher.FindStringSubmatch(path.Base(canonicalDevicePath))
+		for i, label := range regexMatcher.SubexpNames() {
+			result[label] = substrings[i]
+		}
+		partition := result["partition"]
+		devicePath = strings.TrimSuffix(devicePath, "-part"+partition)
+	}
+	return strings.TrimPrefix(path.Base(devicePath), "google-"), nil
+}
+
+// Unmounts the device and detaches the disk from the kubelet's host machine.
+// Expects a GCE device path symlink. Ex: /dev/disk/by-id/google-mydisk-part1
+func (util *GCEDiskUtil) DetachDisk(GCEPD *GCEPersistentDisk, devicePath string) error {
+	// Follow the symlink to the actual device path.
+	canonicalDevicePath, err := filepath.EvalSymlinks(devicePath)
+	if err != nil {
+		return err
+	}
+	deviceName, err := getDeviceName(devicePath, canonicalDevicePath)
+	if err != nil {
+		return err
+	}
+	globalPDPath := makeGlobalPDName(GCEPD.RootDir, deviceName, GCEPD.ReadOnly)
+	if err := GCEPD.mounter.Unmount(globalPDPath, 0); err != nil {
+		return err
+	}
+	if err := os.RemoveAll(globalPDPath); err != nil {
+		return err
+	}
+	gce, err := cloudprovider.GetCloudProvider("gce", nil)
+	if err != nil {
+		return err
+	}
+	if err := gce.(*gce_cloud.GCECloud).DetachDisk(deviceName); err != nil {
+		return err
+	}
+	return nil
+}

pkg/volume/gce_util_test.go

@@ -0,0 +1,55 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package volume
+
+import (
+	"testing"
+)
+
+func TestGetDeviceName(t *testing.T) {
+	tests := []struct {
+		deviceName    string
+		canonicalName string
+		expectedName  string
+		expectError   bool
+	}{
+		{
+			deviceName:    "/dev/google-sd0-part0",
+			canonicalName: "/dev/google/sd0P1",
+			expectedName:  "sd0",
+		},
+		{
+			canonicalName: "0123456",
+			expectError:   true,
+		},
+	}
+	for _, test := range tests {
+		name, err := getDeviceName(test.deviceName, test.canonicalName)
+		if test.expectError {
+			if err == nil {
+				t.Error("unexpected non-error")
+			}
+			continue
+		}
+		if err != nil {
+			t.Errorf("unexpected error: %v", err)
+		}
+		if name != test.expectedName {
+			t.Errorf("expected: %s, got %s", test.expectedName, name)
+		}
+	}
+}

pkg/volume/mounter_linux.go

@@ -0,0 +1,86 @@
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package volume
+
+import (
+	"bufio"
+	"io"
+	"os"
+	"regexp"
+	"strings"
+	"syscall"
+)
+
+const MOUNT_MS_BIND = syscall.MS_BIND
+const MOUNT_MS_RDONLY = syscall.MS_RDONLY
+
+type DiskMounter struct{}
+
+// Wraps syscall.Mount()
+func (mounter *DiskMounter) Mount(source string, target string, fstype string, flags uintptr, data string) error {
+	return syscall.Mount(source, target, fstype, flags, data)
+}
+
+// Wraps syscall.Unmount()
+func (mounter *DiskMounter) Unmount(target string, flags int) error {
+	return syscall.Unmount(target, flags)
+}
+
+// Examines /proc/mounts to find the source device of the PD resource and the
+// number of references to that device. Returns both the full device path under
+// the /dev tree and the number of references.
+func (mounter *DiskMounter) RefCount(mount Interface) (string, int, error) {
+	// TODO(jonesdl) This can be split up into two procedures, finding the device path
+	// and finding the number of references. The parsing could also be separated and another
+	// utility could determine if a volume's path is an active mount point.
+	file, err := os.Open("/proc/mounts")
+	if err != nil {
+		return "", -1, err
+	}
+	defer file.Close()
+	scanner := bufio.NewReader(file)
+	refCount := 0
+	var deviceName string
+	// Find the actual device path.
+	for {
+		line, err := scanner.ReadString('\n')
+		if err == io.EOF {
+			break
+		}
+		success, err := regexp.MatchString(mount.GetPath(), line)
+		if err != nil {
+			return "", -1, err
+		}
+		if success {
+			deviceName = strings.Split(line, " ")[0]
+		}
+	}
+	file.Close()
+	file, err = os.Open("/proc/mounts")
+	scanner.Reset(bufio.NewReader(file))
+	// Find the number of references to the device.
+	for {
+		line, err := scanner.ReadString('\n')
+		if err == io.EOF {
+			break
+		}
+		if strings.Split(line, " ")[0] == deviceName {
+			refCount++
+		}
+	}
+	return deviceName, refCount, nil
+}

pkg/volume/mounter_unsupported.go

@@ -0,0 +1,36 @@
+// +build !linux
+
+/*
+Copyright 2014 Google Inc. All rights reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package volume
+
+const MOUNT_MS_BIND = 0
+const MOUNT_MS_RDONLY = 0
+
+type DiskMounter struct{}
+
+func (mounter *DiskMounter) Mount(source string, target string, fstype string, flags uintptr, data string) error {
+	return nil
+}
+
+func (mounter *DiskMounter) Unmount(target string, flags int) error {
+	return nil
+}
+
+func (mounter *DiskMounter) RefCount(PD Interface) (string, int, error) {
+	return "", 0, nil
+}

pkg/volume/volume.go

@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"strconv"
 
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/golang/glog"
@@ -49,6 +50,22 @@ type Cleaner interface {
 	TearDown() error
 }
 
+type gcePersistentDiskUtil interface {
+	// Attaches the disk to the kubelet's host machine.
+	AttachDisk(PD *GCEPersistentDisk) error
+	// Detaches the disk from the kubelet's host machine.
+	DetachDisk(PD *GCEPersistentDisk, devicePath string) error
+}
+
+// Mounters wrap os/system specific calls to perform mounts.
+type mounter interface {
+	Mount(source string, target string, fstype string, flags uintptr, data string) error
+	Unmount(target string, flags int) error
+	// RefCount returns the device path for the source disk of a volume, and
+	// the number of references to that target disk.
+	RefCount(vol Interface) (string, int, error)
+}
+
 // HostDir volumes represent a bare host directory mount.
 // The directory in Path will be directly exposed to the container.
 type HostDir struct {
@@ -118,11 +135,128 @@ func createHostDir(volume *api.Volume) *HostDir {
 	return &HostDir{volume.Source.HostDir.Path}
 }
 
+// GCEPersistentDisk volumes are disk resources provided by Google Compute Engine
+// that are attached to the kubelet's host machine and exposed to the pod.
+type GCEPersistentDisk struct {
+	Name    string
+	PodID   string
+	RootDir string
+	// Unique identifier of the PD, used to find the disk resource in the provider.
+	PDName string
+	// Filesystem type, optional.
+	FSType string
+	// Specifies the partition to mount
+	Partition string
+	// Specifies whether the disk will be attached as ReadOnly.
+	ReadOnly bool
+	// Utility interface that provides API calls to the provider to attach/detach disks.
+	util gcePersistentDiskUtil
+	// Mounter interface that provides system calls to mount the disks.
+	mounter mounter
+}
+
+func (PD *GCEPersistentDisk) GetPath() string {
+	return path.Join(PD.RootDir, PD.PodID, "volumes", "gce-pd", PD.Name)
+}
+
+// Attaches the disk and bind mounts to the volume path.
+func (PD *GCEPersistentDisk) SetUp() error {
+	// TODO: handle failed mounts here.
+	if _, err := os.Stat(PD.GetPath()); !os.IsNotExist(err) {
+		return nil
+	}
+	err := PD.util.AttachDisk(PD)
+	if err != nil {
+		return err
+	}
+	flags := uintptr(0)
+	if PD.ReadOnly {
+		flags = MOUNT_MS_RDONLY
+	}
+	//Perform a bind mount to the full path to allow duplicate mounts of the same PD.
+	if _, err = os.Stat(PD.GetPath()); os.IsNotExist(err) {
+		err = os.MkdirAll(PD.GetPath(), 0750)
+		if err != nil {
+			return err
+		}
+		globalPDPath := makeGlobalPDName(PD.RootDir, PD.PDName, PD.ReadOnly)
+		err = PD.mounter.Mount(globalPDPath, PD.GetPath(), "", MOUNT_MS_BIND|flags, "")
+		if err != nil {
+			os.RemoveAll(PD.GetPath())
+			return err
+		}
+	}
+	return nil
+}
+
+// Unmounts the bind mount, and detaches the disk only if the PD
+// resource was the last reference to that disk on the kubelet.
+func (PD *GCEPersistentDisk) TearDown() error {
+	devicePath, refCount, err := PD.mounter.RefCount(PD)
+	if err != nil {
+		return err
+	}
+	if err := PD.mounter.Unmount(PD.GetPath(), 0); err != nil {
+		return err
+	}
+	refCount--
+	if err := os.RemoveAll(PD.GetPath()); err != nil {
+		return err
+	}
+	if err != nil {
+		return err
+	}
+	// If refCount is 1, then all bind mounts have been removed, and the
+	// remaining reference is the global mount. It is safe to detach.
+	if refCount == 1 {
+		if err := PD.util.DetachDisk(PD, devicePath); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+//TODO(jonesdl) prevent name collisions by using designated pod space as well.
+// Ex. (ROOT_DIR)/pods/...
+func makeGlobalPDName(rootDir, devName string, readOnly bool) string {
+	var mode string
+	if readOnly {
+		mode = "ro"
+	} else {
+		mode = "rw"
+	}
+	return path.Join(rootDir, "global", "pd", mode, devName)
+}
+
 // createEmptyDir interprets API volume as an EmptyDir.
 func createEmptyDir(volume *api.Volume, podID string, rootDir string) *EmptyDir {
 	return &EmptyDir{volume.Name, podID, rootDir}
 }
 
+// Interprets API volume as a PersistentDisk
+func createGCEPersistentDisk(volume *api.Volume, podID string, rootDir string) (*GCEPersistentDisk, error) {
+	PDName := volume.Source.GCEPersistentDisk.PDName
+	FSType := volume.Source.GCEPersistentDisk.FSType
+	partition := strconv.Itoa(volume.Source.GCEPersistentDisk.Partition)
+	if partition == "0" {
+		partition = ""
+	}
+	readOnly := volume.Source.GCEPersistentDisk.ReadOnly
+	// TODO: move these up into the Kubelet.
+	util := &GCEDiskUtil{}
+	mounter := &DiskMounter{}
+	return &GCEPersistentDisk{
+		Name:      volume.Name,
+		PodID:     podID,
+		RootDir:   rootDir,
+		PDName:    PDName,
+		FSType:    FSType,
+		Partition: partition,
+		ReadOnly:  readOnly,
+		util:      util,
+		mounter:   mounter}, nil
+}
+
 // CreateVolumeBuilder returns a Builder capable of mounting a volume described by an
 // *api.Volume, or an error.
 func CreateVolumeBuilder(volume *api.Volume, podID string, rootDir string) (Builder, error) {
@@ -133,12 +267,18 @@ func CreateVolumeBuilder(volume *api.Volume, podID string, rootDir string) (Buil
 		return nil, nil
 	}
 	var vol Builder
+	var err error
 	// TODO(jonesdl) We should probably not check every pointer and directly
 	// resolve these types instead.
 	if source.HostDir != nil {
 		vol = createHostDir(volume)
 	} else if source.EmptyDir != nil {
 		vol = createEmptyDir(volume, podID, rootDir)
+	} else if source.GCEPersistentDisk != nil {
+		vol, err = createGCEPersistentDisk(volume, podID, rootDir)
+		if err != nil {
+			return nil, err
+		}
 	} else {
 		return nil, ErrUnsupportedVolumeType
 	}
@@ -150,6 +290,13 @@ func CreateVolumeCleaner(kind string, name string, podID string, rootDir string)
 	switch kind {
 	case "empty":
 		return &EmptyDir{name, podID, rootDir}, nil
+	case "gce-pd":
+		return &GCEPersistentDisk{
+			Name:    name,
+			PodID:   podID,
+			RootDir: rootDir,
+			util:    &GCEDiskUtil{},
+			mounter: &DiskMounter{}}, nil
 	default:
 		return nil, ErrUnsupportedVolumeType
 	}
@@ -159,10 +306,9 @@ func CreateVolumeCleaner(kind string, name string, podID string, rootDir string)
 // presently active and mounted. Returns a map of Cleaner types.
 func GetCurrentVolumes(rootDirectory string) map[string]Cleaner {
 	currentVolumes := make(map[string]Cleaner)
-	mountPath := rootDirectory
-	podIDDirs, err := ioutil.ReadDir(mountPath)
+	podIDDirs, err := ioutil.ReadDir(rootDirectory)
 	if err != nil {
-		glog.Errorf("Could not read directory: %s, (%s)", mountPath, err)
+		glog.Errorf("Could not read directory: %s, (%s)", rootDirectory, err)
 	}
 	// Volume information is extracted from the directory structure:
 	// (ROOT_DIR)/(POD_ID)/volumes/(VOLUME_KIND)/(VOLUME_NAME)
@@ -171,7 +317,10 @@ func GetCurrentVolumes(rootDirectory string) map[string]Cleaner {
 			continue
 		}
 		podID := podIDDir.Name()
-		podIDPath := path.Join(mountPath, podID, "volumes")
+		podIDPath := path.Join(rootDirectory, podID, "volumes")
+		if _, err := os.Stat(podIDPath); os.IsNotExist(err) {
+			continue
+		}
 		volumeKindDirs, err := ioutil.ReadDir(podIDPath)
 		if err != nil {
 			glog.Errorf("Could not read directory: %s, (%s)", podIDPath, err)
@@ -189,7 +338,7 @@ func GetCurrentVolumes(rootDirectory string) map[string]Cleaner {
 				// TODO(thockin) This should instead return a reference to an extant volume object
 				cleaner, err := CreateVolumeCleaner(volumeKind, volumeName, podID, rootDirectory)
 				if err != nil {
-					glog.Errorf("Could not create volume cleaner: %s, (%s)", volumeNameDirs, err)
+					glog.Errorf("Could not create volume cleaner: %s, (%s)", volumeNameDir.Name(), err)
 					continue
 				}
 				currentVolumes[identifier] = cleaner

pkg/volume/volume_test.go

@@ -20,22 +20,52 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"reflect"
 	"testing"
 
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 )
 
-func TestCreateVolumeBuilders(t *testing.T) {
-	tempDir, err := ioutil.TempDir("", "CreateVolumes")
+type MockDiskUtil struct{}
+
+// TODO(jonesdl) To fully test this, we could create a loopback device
+// and mount that instead.
+func (util *MockDiskUtil) AttachDisk(PD *GCEPersistentDisk) error {
+	err := os.MkdirAll(path.Join(PD.RootDir, "global", "pd", PD.PDName), 0750)
 	if err != nil {
-		t.Errorf("Unexpected error: %v", err)
+		return err
 	}
-	defer os.RemoveAll(tempDir)
+	return nil
+}
+
+func (util *MockDiskUtil) DetachDisk(PD *GCEPersistentDisk, devicePath string) error {
+	err := os.RemoveAll(path.Join(PD.RootDir, "global", "pd", PD.PDName))
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+type MockMounter struct{}
+
+func (mounter *MockMounter) Mount(source string, target string, fstype string, flags uintptr, data string) error {
+	return nil
+}
+
+func (mounter *MockMounter) Unmount(target string, flags int) error {
+	return nil
+}
+
+func (mounter *MockMounter) RefCount(vol Interface) (string, int, error) {
+	return "", 0, nil
+}
+
+func TestCreateVolumeBuilders(t *testing.T) {
+	tempDir := "CreateVolumes"
 	createVolumesTests := []struct {
 		volume api.Volume
 		path   string
 		podID  string
-		kind   string
 	}{
 		{
 			api.Volume{
@@ -45,7 +75,6 @@ func TestCreateVolumeBuilders(t *testing.T) {
 				},
 			},
 			"/dir/path",
-			"my-id",
 			"",
 		},
 		{
@@ -57,9 +86,18 @@ func TestCreateVolumeBuilders(t *testing.T) {
 			},
 			path.Join(tempDir, "/my-id/volumes/empty/empty-dir"),
 			"my-id",
-			"empty",
 		},
-		{api.Volume{}, "", "", ""},
+		{
+			api.Volume{
+				Name: "gce-pd",
+				Source: &api.VolumeSource{
+					GCEPersistentDisk: &api.GCEPersistentDisk{"my-disk", "ext4", 0, false},
+				},
+			},
+			path.Join(tempDir, "/my-id/volumes/gce-pd/gce-pd"),
+			"my-id",
+		},
+		{api.Volume{}, "", ""},
 		{
 			api.Volume{
 				Name:   "empty-dir",
@@ -67,7 +105,6 @@ func TestCreateVolumeBuilders(t *testing.T) {
 			},
 			"",
 			"",
-			"",
 		},
 	}
 	for _, createVolumesTest := range createVolumesTests {
@@ -79,7 +116,7 @@ func TestCreateVolumeBuilders(t *testing.T) {
 			}
 			continue
 		}
-		if tt.volume.Source.HostDir == nil && tt.volume.Source.EmptyDir == nil {
+		if tt.volume.Source.HostDir == nil && tt.volume.Source.EmptyDir == nil && tt.volume.Source.GCEPersistentDisk == nil {
 			if err != ErrUnsupportedVolumeType {
 				t.Errorf("Unexpected error: %v", err)
 			}
@@ -88,22 +125,68 @@ func TestCreateVolumeBuilders(t *testing.T) {
 		if err != nil {
 			t.Errorf("Unexpected error: %v", err)
 		}
-		err = vb.SetUp()
-		if err != nil {
-			t.Errorf("Unexpected error: %v", err)
-		}
 		path := vb.GetPath()
 		if path != tt.path {
 			t.Errorf("Unexpected bind path. Expected %v, got %v", tt.path, path)
 		}
-		vc, err := CreateVolumeCleaner(tt.kind, tt.volume.Name, tt.podID, tempDir)
-		if tt.kind == "" {
-			if err != ErrUnsupportedVolumeType {
-				t.Errorf("Unexpected error: %v", err)
-			}
+	}
+}
+
+func TestCreateVolumeCleaners(t *testing.T) {
+	tempDir := "CreateVolumeCleaners"
+	createVolumeCleanerTests := []struct {
+		kind  string
+		name  string
+		podID string
+	}{
+		{"empty", "empty-vol", "my-id"},
+		{"", "", ""},
+		{"gce-pd", "gce-pd-vol", "my-id"},
+	}
+	for _, tt := range createVolumeCleanerTests {
+		vol, err := CreateVolumeCleaner(tt.kind, tt.name, tt.podID, tempDir)
+		if tt.kind == "" && err != nil && vol == nil {
 			continue
 		}
-		err = vc.TearDown()
+		if err != nil {
+			t.Errorf("Unexpected error occured: %s", err)
+		}
+		actualKind := reflect.TypeOf(vol).Elem().Name()
+		if tt.kind == "empty" && actualKind != "EmptyDir" {
+			t.Errorf("CreateVolumeCleaner returned invalid type. Expected EmptyDirectory, got %v, %v", tt.kind, actualKind)
+		}
+		if tt.kind == "gce-pd" && actualKind != "GCEPersistentDisk" {
+			t.Errorf("CreateVolumeCleaner returned invalid type. Expected PersistentDisk, got %v, %v", tt.kind, actualKind)
+		}
+	}
+}
+
+func TestSetUpAndTearDown(t *testing.T) {
+	tempDir, err := ioutil.TempDir("", "CreateVolumes")
+	if err != nil {
+		t.Errorf("Unexpected error: %v", err)
+	}
+	defer os.RemoveAll(tempDir)
+	fakeID := "my-id"
+	type VolumeTester interface {
+		Builder
+		Cleaner
+	}
+	volumes := []VolumeTester{
+		&EmptyDir{"empty", fakeID, tempDir},
+		&GCEPersistentDisk{"pd", fakeID, tempDir, "pd-disk", "ext4", "", false, &MockDiskUtil{}, &MockMounter{}},
+	}
+
+	for _, vol := range volumes {
+		err = vol.SetUp()
+		path := vol.GetPath()
+		if err != nil {
+			t.Errorf("Unexpected error: %v", err)
+		}
+		if _, err := os.Stat(path); os.IsNotExist(err) {
+			t.Errorf("SetUp() failed, volume path not created: %v", path)
+		}
+		err = vol.TearDown()
 		if err != nil {
 			t.Errorf("Unexpected error: %v", err)
 		}