Merge pull request #49388 from HotelsDotCom/feature/Dynamic-env-in-subpath

Automatic merge from submit-queue (batch tested with PRs 58920, 58327, 60577, 49388, 62306). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Dynamic env in subpath - Fixes Issue 48677 **What this PR does / why we need it**: **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #48677 **Special notes for your reviewer**: **Release note**: ```release-note Adds the VolumeSubpathEnvExpansion alpha feature to support environment variable expansion Sub-paths cannot be mounted with a dynamic volume mount name. This fix provides environment variable expansion to sub paths This reduces the need to manage symbolic linking within sidecar init containers to achieve the same goal ```
2026-01-29 21:29:24 +00:00 · 2018-05-30 16:09:31 -07:00
parent 5cf652d899 b2d4426f09
commit 6b2fc7cb75
7 changed files with 328 additions and 12 deletions
--- a/test/e2e/common/expansion.go
+++ b/test/e2e/common/expansion.go
@@ -19,8 +19,13 @@ package common
 import (
 	"k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/util/uuid"
 	"k8s.io/kubernetes/test/e2e/framework"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"time"
 )

 // These tests exercise the Kubernetes expansion syntax $(VAR).
@@ -144,4 +149,188 @@ var _ = framework.KubeDescribe("Variable Expansion", func() {
 			"test-value",
 		})
 	})
+
+	/*
+		    Testname: var-expansion-subpath
+		    Description: Make sure a container's subpath can be set using an
+			expansion of environment variables.
+	*/
+	It("should allow substituting values in a volume subpath [Feature:VolumeSubpathEnvExpansion][NodeAlphaFeature:VolumeSubpathEnvExpansion]", func() {
+		podName := "var-expansion-" + string(uuid.NewUUID())
+		pod := &v1.Pod{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:   podName,
+				Labels: map[string]string{"name": podName},
+			},
+			Spec: v1.PodSpec{
+				Containers: []v1.Container{
+					{
+						Name:    "dapi-container",
+						Image:   busyboxImage,
+						Command: []string{"sh", "-c", "test -d /testcontainer/" + podName + ";echo $?"},
+						Env: []v1.EnvVar{
+							{
+								Name:  "POD_NAME",
+								Value: podName,
+							},
+						},
+						VolumeMounts: []v1.VolumeMount{
+							{
+								Name:      "workdir1",
+								MountPath: "/logscontainer",
+								SubPath:   "$(POD_NAME)",
+							},
+							{
+								Name:      "workdir2",
+								MountPath: "/testcontainer",
+							},
+						},
+					},
+				},
+				RestartPolicy: v1.RestartPolicyNever,
+				Volumes: []v1.Volume{
+					{
+						Name: "workdir1",
+						VolumeSource: v1.VolumeSource{
+							HostPath: &v1.HostPathVolumeSource{Path: "/tmp"},
+						},
+					},
+					{
+						Name: "workdir2",
+						VolumeSource: v1.VolumeSource{
+							HostPath: &v1.HostPathVolumeSource{Path: "/tmp"},
+						},
+					},
+				},
+			},
+		}
+
+		f.TestContainerOutput("substitution in volume subpath", pod, 0, []string{
+			"0",
+		})
+	})
+
+	/*
+		    Testname: var-expansion-subpath-with-backticks
+		    Description: Make sure a container's subpath can not be set using an
+			expansion of environment variables when backticks are supplied.
+	*/
+	It("should fail substituting values in a volume subpath with backticks [Feature:VolumeSubpathEnvExpansion][NodeAlphaFeature:VolumeSubpathEnvExpansion][Slow]", func() {
+
+		podName := "var-expansion-" + string(uuid.NewUUID())
+		pod := &v1.Pod{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:   podName,
+				Labels: map[string]string{"name": podName},
+			},
+			Spec: v1.PodSpec{
+				Containers: []v1.Container{
+					{
+						Name:  "dapi-container",
+						Image: busyboxImage,
+						Env: []v1.EnvVar{
+							{
+								Name:  "POD_NAME",
+								Value: "..",
+							},
+						},
+						VolumeMounts: []v1.VolumeMount{
+							{
+								Name:      "workdir1",
+								MountPath: "/logscontainer",
+								SubPath:   "$(POD_NAME)",
+							},
+						},
+					},
+				},
+				RestartPolicy: v1.RestartPolicyNever,
+				Volumes: []v1.Volume{
+					{
+						Name: "workdir1",
+						VolumeSource: v1.VolumeSource{
+							EmptyDir: &v1.EmptyDirVolumeSource{},
+						},
+					},
+				},
+			},
+		}
+
+		// Pod should fail
+		testPodFailSubpath(f, pod, "SubPath `..`: must not contain '..'")
+	})
+
+	/*
+		    Testname: var-expansion-subpath-with-absolute-path
+		    Description: Make sure a container's subpath can not be set using an
+			expansion of environment variables when absoluete path is supplied.
+	*/
+	It("should fail substituting values in a volume subpath with absolute path [Feature:VolumeSubpathEnvExpansion][NodeAlphaFeature:VolumeSubpathEnvExpansion][Slow]", func() {
+
+		podName := "var-expansion-" + string(uuid.NewUUID())
+		pod := &v1.Pod{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:   podName,
+				Labels: map[string]string{"name": podName},
+			},
+			Spec: v1.PodSpec{
+				Containers: []v1.Container{
+					{
+						Name:  "dapi-container",
+						Image: busyboxImage,
+						Env: []v1.EnvVar{
+							{
+								Name:  "POD_NAME",
+								Value: "/tmp",
+							},
+						},
+						VolumeMounts: []v1.VolumeMount{
+							{
+								Name:      "workdir1",
+								MountPath: "/logscontainer",
+								SubPath:   "$(POD_NAME)",
+							},
+						},
+					},
+				},
+				RestartPolicy: v1.RestartPolicyNever,
+				Volumes: []v1.Volume{
+					{
+						Name: "workdir1",
+						VolumeSource: v1.VolumeSource{
+							EmptyDir: &v1.EmptyDirVolumeSource{},
+						},
+					},
+				},
+			},
+		}
+
+		// Pod should fail
+		testPodFailSubpath(f, pod, "SubPath `/tmp` must not be an absolute path")
+	})
 })
+
+func testPodFailSubpath(f *framework.Framework, pod *v1.Pod, errorText string) {
+
+	pod, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(pod)
+	Expect(err).ToNot(HaveOccurred(), "while creating pod")
+
+	defer func() {
+		framework.DeletePodWithWait(f, f.ClientSet, pod)
+	}()
+
+	err = framework.WaitTimeoutForPodRunningInNamespace(f.ClientSet, pod.Name, pod.Namespace, 30*time.Second)
+	Expect(err).To(HaveOccurred(), "while waiting for pod to be running")
+
+	selector := fields.Set{
+		"involvedObject.kind":      "Pod",
+		"involvedObject.name":      pod.Name,
+		"involvedObject.namespace": f.Namespace.Name,
+		"reason":                   "Failed",
+	}.AsSelector().String()
+
+	options := metav1.ListOptions{FieldSelector: selector}
+	events, err := f.ClientSet.CoreV1().Events(f.Namespace.Name).List(options)
+	Expect(err).NotTo(HaveOccurred(), "while getting pod events")
+	Expect(len(events.Items)).NotTo(Equal(0), "no events found")
+	Expect(events.Items[0].Message).To(ContainSubstring(errorText), "subpath error not found")
+}