From 55881f2fc4b8dacdba32a317d92e4ca1f1013512 Mon Sep 17 00:00:00 2001 From: John Strunk Date: Thu, 10 Oct 2019 13:51:50 -0400 Subject: [PATCH] Improve efficiency of csiMountMgr.GetAttributes GetAttributes is called repeatedly while setting the fsGroup of a volume. Previously, it recalculated whether SELinux was supported during each call. This resulted in volume.SetVolumeOwnership taking a long time, delaying pod startup for high file count volumes. This change checks the SELinux status once, right after node publish, allowing GetAttributes to simply build and return a struct. Signed-off-by: John Strunk --- pkg/volume/csi/csi_mounter.go | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/pkg/volume/csi/csi_mounter.go b/pkg/volume/csi/csi_mounter.go index b14476a4c1f..2cce6de579c 100644 --- a/pkg/volume/csi/csi_mounter.go +++ b/pkg/volume/csi/csi_mounter.go @@ -67,6 +67,7 @@ type csiMountMgr struct { volumeID string specVolumeID string readOnly bool + supportsSELinux bool spec *volume.Spec pod *api.Pod podUID types.UID @@ -259,6 +260,11 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error return errors.New(log("mounter.SetupAt failed: %v", err)) } + c.supportsSELinux, err = c.kubeVolHost.GetHostUtil().GetSELinuxSupport(dir) + if err != nil { + klog.V(2).Info(log("error checking for SELinux support: %s", err)) + } + // apply volume ownership // The following logic is derived from https://github.com/kubernetes/kubernetes/issues/66323 // if fstype is "", then skip fsgroup (could be indication of non-block filesystem) @@ -328,18 +334,10 @@ func (c *csiMountMgr) podAttributes() (map[string]string, error) { } func (c *csiMountMgr) GetAttributes() volume.Attributes { - path := c.GetPath() - hu := c.kubeVolHost.GetHostUtil() - supportSelinux, err := hu.GetSELinuxSupport(path) - if err != nil { - klog.V(2).Info(log("error checking for SELinux support: %s", err)) - // Best guess - supportSelinux = false - } return volume.Attributes{ ReadOnly: c.readOnly, Managed: !c.readOnly, - SupportsSELinux: supportSelinux, + SupportsSELinux: c.supportsSELinux, } }