mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-14 13:45:06 +00:00
Pass Nsenter to NsenterMounter and NsenterWriter
So Nsenter is initialized only once and with the right parameters.
This commit is contained in:
Jan Safranek
@@ -110,6 +110,7 @@ go_library(
|
|||||||
"//pkg/util/io:go_default_library",
|
"//pkg/util/io:go_default_library",
|
||||||
"//pkg/util/mount:go_default_library",
|
"//pkg/util/mount:go_default_library",
|
||||||
"//pkg/util/node:go_default_library",
|
"//pkg/util/node:go_default_library",
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
"//pkg/util/oom:go_default_library",
|
"//pkg/util/oom:go_default_library",
|
||||||
"//pkg/util/rlimit:go_default_library",
|
"//pkg/util/rlimit:go_default_library",
|
||||||
"//pkg/version:go_default_library",
|
"//pkg/version:go_default_library",
|
||||||
@@ -170,6 +171,7 @@ go_library(
|
|||||||
"//vendor/k8s.io/client-go/tools/record:go_default_library",
|
"//vendor/k8s.io/client-go/tools/record:go_default_library",
|
||||||
"//vendor/k8s.io/client-go/util/cert:go_default_library",
|
"//vendor/k8s.io/client-go/util/cert:go_default_library",
|
||||||
"//vendor/k8s.io/client-go/util/certificate:go_default_library",
|
"//vendor/k8s.io/client-go/util/certificate:go_default_library",
|
||||||
|
"//vendor/k8s.io/utils/exec:go_default_library",
|
||||||
] + select({
|
] + select({
|
||||||
"@io_bazel_rules_go//go/platform:linux": [
|
"@io_bazel_rules_go//go/platform:linux": [
|
||||||
"//vendor/golang.org/x/exp/inotify:go_default_library",
|
"//vendor/golang.org/x/exp/inotify:go_default_library",
|
||||||
|
|||||||
@@ -91,10 +91,12 @@ import (
|
|||||||
kubeio "k8s.io/kubernetes/pkg/util/io"
|
kubeio "k8s.io/kubernetes/pkg/util/io"
|
||||||
"k8s.io/kubernetes/pkg/util/mount"
|
"k8s.io/kubernetes/pkg/util/mount"
|
||||||
nodeutil "k8s.io/kubernetes/pkg/util/node"
|
nodeutil "k8s.io/kubernetes/pkg/util/node"
|
||||||
|
"k8s.io/kubernetes/pkg/util/nsenter"
|
||||||
"k8s.io/kubernetes/pkg/util/oom"
|
"k8s.io/kubernetes/pkg/util/oom"
|
||||||
"k8s.io/kubernetes/pkg/util/rlimit"
|
"k8s.io/kubernetes/pkg/util/rlimit"
|
||||||
"k8s.io/kubernetes/pkg/version"
|
"k8s.io/kubernetes/pkg/version"
|
||||||
"k8s.io/kubernetes/pkg/version/verflag"
|
"k8s.io/kubernetes/pkg/version/verflag"
|
||||||
|
"k8s.io/utils/exec"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@@ -360,11 +362,12 @@ func UnsecuredDependencies(s *options.KubeletServer) (*kubelet.Dependencies, err
|
|||||||
var writer kubeio.Writer = &kubeio.StdWriter{}
|
var writer kubeio.Writer = &kubeio.StdWriter{}
|
||||||
if s.Containerized {
|
if s.Containerized {
|
||||||
glog.V(2).Info("Running kubelet in containerized mode")
|
glog.V(2).Info("Running kubelet in containerized mode")
|
||||||
mounter, err = mount.NewNsenterMounter(s.RootDirectory)
|
ne, err := nsenter.NewNsenter(nsenter.DefaultHostRootFsPath, exec.New())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
writer = &kubeio.NsenterWriter{}
|
mounter = mount.NewNsenterMounter(s.RootDirectory, ne)
|
||||||
|
writer = kubeio.NewNsenterWriter(ne)
|
||||||
}
|
}
|
||||||
|
|
||||||
var dockerClientConfig *dockershim.ClientConfig
|
var dockerClientConfig *dockershim.ClientConfig
|
||||||
|
|||||||
@@ -50,18 +50,24 @@ func (writer *StdWriter) WriteFile(filename string, data []byte, perm os.FileMod
|
|||||||
// it will not see the mounted device in its own namespace. To work around this
|
// it will not see the mounted device in its own namespace. To work around this
|
||||||
// limitation one has to first enter hosts namespace (by using 'nsenter') and
|
// limitation one has to first enter hosts namespace (by using 'nsenter') and
|
||||||
// only then write data.
|
// only then write data.
|
||||||
type NsenterWriter struct{}
|
type NsenterWriter struct {
|
||||||
|
ne *nsenter.Nsenter
|
||||||
|
}
|
||||||
|
|
||||||
|
// NewNsenterWriter creates a new Writer that allows writing data to file using
|
||||||
|
// nsenter command.
|
||||||
|
func NewNsenterWriter(ne *nsenter.Nsenter) *NsenterWriter {
|
||||||
|
return &NsenterWriter{
|
||||||
|
ne: ne,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// WriteFile calls 'nsenter cat - > <the file>' and 'nsenter chmod' to create a
|
// WriteFile calls 'nsenter cat - > <the file>' and 'nsenter chmod' to create a
|
||||||
// file on the host.
|
// file on the host.
|
||||||
func (writer *NsenterWriter) WriteFile(filename string, data []byte, perm os.FileMode) error {
|
func (writer *NsenterWriter) WriteFile(filename string, data []byte, perm os.FileMode) error {
|
||||||
ne, err := nsenter.NewNsenter()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
echoArgs := []string{"-c", fmt.Sprintf("cat > %s", filename)}
|
echoArgs := []string{"-c", fmt.Sprintf("cat > %s", filename)}
|
||||||
glog.V(5).Infof("nsenter: write data to file %s by nsenter", filename)
|
glog.V(5).Infof("nsenter: write data to file %s by nsenter", filename)
|
||||||
command := ne.Exec("sh", echoArgs)
|
command := writer.ne.Exec("sh", echoArgs)
|
||||||
command.SetStdin(bytes.NewBuffer(data))
|
command.SetStdin(bytes.NewBuffer(data))
|
||||||
outputBytes, err := command.CombinedOutput()
|
outputBytes, err := command.CombinedOutput()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -71,7 +77,7 @@ func (writer *NsenterWriter) WriteFile(filename string, data []byte, perm os.Fil
|
|||||||
|
|
||||||
chmodArgs := []string{fmt.Sprintf("%o", perm), filename}
|
chmodArgs := []string{fmt.Sprintf("%o", perm), filename}
|
||||||
glog.V(5).Infof("nsenter: change permissions of file %s to %s", filename, chmodArgs[0])
|
glog.V(5).Infof("nsenter: change permissions of file %s to %s", filename, chmodArgs[0])
|
||||||
outputBytes, err = ne.Exec("chmod", chmodArgs).CombinedOutput()
|
outputBytes, err = writer.ne.Exec("chmod", chmodArgs).CombinedOutput()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
glog.Errorf("Output from chmod command: %v", string(outputBytes))
|
glog.Errorf("Output from chmod command: %v", string(outputBytes))
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -71,6 +71,18 @@ go_library(
|
|||||||
"//vendor/github.com/golang/glog:go_default_library",
|
"//vendor/github.com/golang/glog:go_default_library",
|
||||||
"//vendor/k8s.io/utils/exec:go_default_library",
|
"//vendor/k8s.io/utils/exec:go_default_library",
|
||||||
] + select({
|
] + select({
|
||||||
|
"@io_bazel_rules_go//go/platform:android": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:darwin": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:dragonfly": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:freebsd": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
"@io_bazel_rules_go//go/platform:linux": [
|
"@io_bazel_rules_go//go/platform:linux": [
|
||||||
"//pkg/util/file:go_default_library",
|
"//pkg/util/file:go_default_library",
|
||||||
"//pkg/util/io:go_default_library",
|
"//pkg/util/io:go_default_library",
|
||||||
@@ -78,8 +90,24 @@ go_library(
|
|||||||
"//vendor/golang.org/x/sys/unix:go_default_library",
|
"//vendor/golang.org/x/sys/unix:go_default_library",
|
||||||
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
"//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
||||||
],
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:nacl": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:netbsd": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:openbsd": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:plan9": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
|
"@io_bazel_rules_go//go/platform:solaris": [
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
|
],
|
||||||
"@io_bazel_rules_go//go/platform:windows": [
|
"@io_bazel_rules_go//go/platform:windows": [
|
||||||
"//pkg/util/file:go_default_library",
|
"//pkg/util/file:go_default_library",
|
||||||
|
"//pkg/util/nsenter:go_default_library",
|
||||||
],
|
],
|
||||||
"//conditions:default": [],
|
"//conditions:default": [],
|
||||||
}),
|
}),
|
||||||
|
|||||||
@@ -48,15 +48,11 @@ type NsenterMounter struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// NewNsenterMounter creates a new mounter for kubelet that runs as a container.
|
// NewNsenterMounter creates a new mounter for kubelet that runs as a container.
|
||||||
// rootDir is location of /var/lib/kubelet directory (in case it's not on the
|
func NewNsenterMounter(rootDir string, ne *nsenter.Nsenter) *NsenterMounter {
|
||||||
// default place). This directory must be available in the container
|
return &NsenterMounter{
|
||||||
// on the same place as it's on the host.
|
rootDir: rootDir,
|
||||||
func NewNsenterMounter(rootDir string) (*NsenterMounter, error) {
|
ne: ne,
|
||||||
ne, err := nsenter.NewNsenter()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
}
|
||||||
return &NsenterMounter{ne: ne}, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// NsenterMounter implements mount.Interface
|
// NsenterMounter implements mount.Interface
|
||||||
|
|||||||
@@ -21,12 +21,14 @@ package mount
|
|||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
|
"k8s.io/kubernetes/pkg/util/nsenter"
|
||||||
)
|
)
|
||||||
|
|
||||||
type NsenterMounter struct{}
|
type NsenterMounter struct{}
|
||||||
|
|
||||||
func NewNsenterMounter(rootDir string) (*NsenterMounter, error) {
|
func NewNsenterMounter(rootDir string, ne *nsenter.Nsenter) *NsenterMounter {
|
||||||
return &NsenterMounter{}, nil
|
return &NsenterMounter{}
|
||||||
}
|
}
|
||||||
|
|
||||||
var _ = Interface(&NsenterMounter{})
|
var _ = Interface(&NsenterMounter{})
|
||||||
|
|||||||
Reference in New Issue
Block a user