github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #123678 from kinvolk/userns-use-kubelet-user-mappings

Browse Source 
kubelet: Add logs for userns custom mappings parsing
This commit is contained in:
Kubernetes Prow Robot 2024-07-20 19:59:57 -07:00 committed by GitHub
commit 558c9536a1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/kubelet/kubelet.go
View File

@ -944,7 +944,7 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
klet.shutdownManager = shutdownManager klet.shutdownManager = shutdownManager
klet.usernsManager, err = userns.MakeUserNsManager(klet) klet.usernsManager, err = userns.MakeUserNsManager(klet)
if err != nil { if err != nil {
return nil, err return nil, fmt.Errorf("create user namespace manager: %w", err)
} }
klet.admitHandlers.AddPodAdmitHandler(shutdownAdmitHandler) klet.admitHandlers.AddPodAdmitHandler(shutdownAdmitHandler)

6
pkg/kubelet/kubelet_pods.go
View File

@ -148,6 +148,7 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) {
var unknownUserErr user.UnknownUserError var unknownUserErr user.UnknownUserError
if goerrors.As(err, &unknownUserErr) { if goerrors.As(err, &unknownUserErr) {
// if the user is not found, we assume that the user is not configured // if the user is not found, we assume that the user is not configured
klog.V(5).InfoS("user namespaces: user not found, using default mappings", "user", kubeletUser)
return defaultFirstID, defaultLen, nil return defaultFirstID, defaultLen, nil
} }
return 0, 0, err return 0, 0, err
@ -157,14 +158,14 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) {
cmd, err := exec.LookPath(execName) cmd, err := exec.LookPath(execName)
if err != nil { if err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
klog.V(2).InfoS("Could not find executable, default mappings will be used for the user namespaces", "executable", execName, "err", err) klog.V(2).InfoS("user namespaces: executable not found, using default mappings", "executable", execName, "err", err)
return defaultFirstID, defaultLen, nil return defaultFirstID, defaultLen, nil
} }
return 0, 0, err return 0, 0, err
} }
outUids, err := exec.Command(cmd, kubeletUser).Output() outUids, err := exec.Command(cmd, kubeletUser).Output()
if err != nil { if err != nil {
return 0, 0, fmt.Errorf("error retrieving additional ids for user %q", kubeletUser) return 0, 0, fmt.Errorf("error retrieving additional uids for user %q: %w", kubeletUser, err)
} }
outGids, err := exec.Command(cmd, "-g", kubeletUser).Output() outGids, err := exec.Command(cmd, "-g", kubeletUser).Output()
if err != nil { if err != nil {
@ -173,6 +174,7 @@ func (kl *Kubelet) getKubeletMappings() (uint32, uint32, error) {
if string(outUids) != string(outGids) { if string(outUids) != string(outGids) {
return 0, 0, fmt.Errorf("mismatched subuids and subgids for user %q", kubeletUser) return 0, 0, fmt.Errorf("mismatched subuids and subgids for user %q", kubeletUser)
} }
klog.V(5).InfoS("user namespaces: user found, using mappings from getsubids", "user", kubeletUser)
return parseGetSubIdsOutput(string(outUids)) return parseGetSubIdsOutput(string(outUids))
} }