From a910d830706323be30066ca8df2af7014079d81d Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Wed, 26 Oct 2022 14:05:23 +0200 Subject: [PATCH] Reduce log noise on SELinux mount mismatch The Desired State of World can require a different SELinux mount context than is in the Actual State of World and it's perfectly OK. For example when user changes SELinux context of Pods or when the context is reconstructed after kubelet restart. Don't spam log and don't report errors to the user as event - reconciler will do the right thing and unmount the old volume (with wrong context) and mount a new one in the next reconciliation. It's not an error, it's expected workflow. --- pkg/kubelet/volumemanager/reconciler/reconciler.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/kubelet/volumemanager/reconciler/reconciler.go b/pkg/kubelet/volumemanager/reconciler/reconciler.go index 35c14a54c8e..14b4a660c46 100644 --- a/pkg/kubelet/volumemanager/reconciler/reconciler.go +++ b/pkg/kubelet/volumemanager/reconciler/reconciler.go @@ -220,10 +220,10 @@ func (rc *reconciler) mountOrAttachVolumes() { volMounted, devicePath, err := rc.actualStateOfWorld.PodExistsInVolume(volumeToMount.PodName, volumeToMount.VolumeName, volumeToMount.PersistentVolumeSize, volumeToMount.SELinuxLabel) volumeToMount.DevicePath = devicePath if cache.IsSELinuxMountMismatchError(err) { - // TODO: check error message + lower frequency, this can be noisy - klog.ErrorS(err, volumeToMount.GenerateErrorDetailed("mount precondition failed, please report this error in https://github.com/kubernetes/enhancements/issues/1710, together with full Pod yaml file", err).Error(), "pod", klog.KObj(volumeToMount.Pod)) - // TODO: report error better, this may be too noisy - rc.desiredStateOfWorld.AddErrorToPod(volumeToMount.PodName, err.Error()) + // The volume is mounted, but with an unexpected SELinux context. + // It will get unmounted in unmountVolumes / unmountDetachDevices and + // then removed from actualStateOfWorld. + continue } else if cache.IsVolumeNotAttachedError(err) { rc.waitForVolumeAttach(volumeToMount) } else if !volMounted || cache.IsRemountRequiredError(err) {