From a6b971f14b8233f63b1a4e3270dd8f0c5e600d16 Mon Sep 17 00:00:00 2001 From: Itamar Holder Date: Tue, 21 May 2024 12:54:23 +0300 Subject: [PATCH] Use kubelet owned directories for mounting rather than /tmp Signed-off-by: Itamar Holder --- pkg/kubelet/cm/container_manager_linux.go | 2 +- pkg/kubelet/util/swap/swap_util.go | 21 +++++++++++++-------- pkg/volume/emptydir/empty_dir.go | 2 +- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/pkg/kubelet/cm/container_manager_linux.go b/pkg/kubelet/cm/container_manager_linux.go index dd94b99daae..83c07d68f8c 100644 --- a/pkg/kubelet/cm/container_manager_linux.go +++ b/pkg/kubelet/cm/container_manager_linux.go @@ -214,7 +214,7 @@ func NewContainerManager(mountUtil mount.Interface, cadvisorInterface cadvisor.I return nil, fmt.Errorf("running with swap on is not supported, please disable swap or set --fail-swap-on flag to false") } - if !swap.IsTmpfsNoswapOptionSupported(mountUtil) { + if !swap.IsTmpfsNoswapOptionSupported(mountUtil, nodeConfig.KubeletRootDir) { nodeRef := nodeRefFromNode(string(nodeConfig.NodeName)) recorder.Event(nodeRef, v1.EventTypeWarning, events.PossibleMemoryBackedVolumesOnDisk, "The tmpfs noswap option is not supported. Memory-backed volumes (e.g. secrets, emptyDirs, etc.) "+ diff --git a/pkg/kubelet/util/swap/swap_util.go b/pkg/kubelet/util/swap/swap_util.go index 626e30ebd01..2160820b6f1 100644 --- a/pkg/kubelet/util/swap/swap_util.go +++ b/pkg/kubelet/util/swap/swap_util.go @@ -18,6 +18,7 @@ package swap import ( "bytes" + "errors" "os" sysruntime "runtime" "strings" @@ -39,7 +40,7 @@ var ( const TmpfsNoswapOption = "noswap" -func IsTmpfsNoswapOptionSupported(mounter mount.Interface) bool { +func IsTmpfsNoswapOptionSupported(mounter mount.Interface, mountPath string) bool { isTmpfsNoswapOptionSupportedHelper := func() bool { if sysruntime.GOOS == "windows" { return false @@ -55,28 +56,32 @@ func IsTmpfsNoswapOptionSupported(mounter mount.Interface) bool { return true } - mountDir, err := os.MkdirTemp("", "tmpfs-noswap-test-") + if mountPath == "" { + klog.ErrorS(errors.New("mount path is empty, falling back to /tmp"), "") + } + + mountPath, err = os.MkdirTemp(mountPath, "tmpfs-noswap-test-") if err != nil { - klog.InfoS("error creating dir to test if tmpfs noswap is enabled. Assuming not supported", "mount path", mountDir, "error", err) + klog.InfoS("error creating dir to test if tmpfs noswap is enabled. Assuming not supported", "mount path", mountPath, "error", err) return false } defer func() { - err = os.RemoveAll(mountDir) + err = os.RemoveAll(mountPath) if err != nil { - klog.ErrorS(err, "error removing test tmpfs dir", "mount path", mountDir) + klog.ErrorS(err, "error removing test tmpfs dir", "mount path", mountPath) } }() - err = mounter.MountSensitiveWithoutSystemd("tmpfs", mountDir, "tmpfs", []string{TmpfsNoswapOption}, nil) + err = mounter.MountSensitiveWithoutSystemd("tmpfs", mountPath, "tmpfs", []string{TmpfsNoswapOption}, nil) if err != nil { klog.InfoS("error mounting tmpfs with the noswap option. Assuming not supported", "error", err) return false } - err = mounter.Unmount(mountDir) + err = mounter.Unmount(mountPath) if err != nil { - klog.ErrorS(err, "error unmounting test tmpfs dir", "mount path", mountDir) + klog.ErrorS(err, "error unmounting test tmpfs dir", "mount path", mountPath) } return true diff --git a/pkg/volume/emptydir/empty_dir.go b/pkg/volume/emptydir/empty_dir.go index d4f281a9cab..d4f94213954 100644 --- a/pkg/volume/emptydir/empty_dir.go +++ b/pkg/volume/emptydir/empty_dir.go @@ -328,7 +328,7 @@ func (ed *emptyDir) setupTmpfs(dir string) error { return nil } - options := ed.generateTmpfsMountOptions(swap.IsTmpfsNoswapOptionSupported(ed.mounter)) + options := ed.generateTmpfsMountOptions(swap.IsTmpfsNoswapOptionSupported(ed.mounter, ed.plugin.host.GetPluginDir(emptyDirPluginName))) klog.V(3).Infof("pod %v: mounting tmpfs for volume %v", ed.pod.UID, ed.volName) return ed.mounter.MountSensitiveWithoutSystemd("tmpfs", dir, "tmpfs", options, nil)