github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 18:00:08 +00:00
Code Issues Projects Releases Wiki Activity

Simplify the code

Browse Source
This commit is contained in:
Hemant Kumar 2020-07-08 15:25:03 -04:00 committed by Christian Huffman
parent 9a7b073f4d
commit ade2f83685
1 changed files with 25 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
pkg/volume/csi/csi_mounter.go
View File

@ -28,7 +28,6 @@ import (
"k8s.io/klog/v2" "k8s.io/klog/v2"
api "k8s.io/api/core/v1" api "k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
storage "k8s.io/api/storage/v1" storage "k8s.io/api/storage/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
@ -278,23 +277,8 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error
klog.V(2).Info(log("error checking for SELinux support: %s", err)) klog.V(2).Info(log("error checking for SELinux support: %s", err))
} }
fsGroupFeatureGateEnabled := utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) if c.supportsFSGroup(fsType, mounterArgs.FsGroup, c.fsGroupPolicy) {
// If the feature gate isn't enabled, then adjust the CSIDriver to use the ReadWriteOnceWithFSTypeFSGroupPolicy err := volume.SetVolumeOwnership(c, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy)
// policy. This keeps the default behavior.
if !fsGroupFeatureGateEnabled {
c.fsGroupPolicy = storage.ReadWriteOnceWithFSTypeFSGroupPolicy
}
// If the the FSGroupPolicy isn't NoneFSGroupPolicy, then we should attempt to modify
// the fsGroup. At this point the feature gate is enabled, so we should proceed,
// or it's disabled, at which point we should evaluate the fstype and pv.AccessMode
// and update the fsGroup appropriately.
if c.fsGroupPolicy != storage.NoneFSGroupPolicy {
// The following logic is derived from https://github.com/kubernetes/kubernetes/issues/66323
// if fstype is "", then skip fsgroup (could be indication of non-block filesystem)
// if fstype is provided and pv.AccessMode == ReadWriteOnly, then apply fsgroup
err = c.applyFSGroup(fsType, mounterArgs.FsGroup, mounterArgs.FSGroupChangePolicy)
if err != nil { if err != nil {
// At this point mount operation is successful: // At this point mount operation is successful:
// 1. Since volume can not be used by the pod because of invalid permissions, we must return error // 1. Since volume can not be used by the pod because of invalid permissions, we must return error
@ -302,6 +286,7 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error
// cleaned up. // cleaned up.
return volumetypes.NewUncertainProgressError(fmt.Sprintf("applyFSGroup failed for vol %s: %v", c.volumeID, err)) return volumetypes.NewUncertainProgressError(fmt.Sprintf("applyFSGroup failed for vol %s: %v", c.volumeID, err))
} }
klog.V(4).Info(log("mounter.SetupAt fsGroup [%d] applied successfully to %s", *mounterArgs.FsGroup, c.volumeID))
} }
klog.V(4).Infof(log("mounter.SetUp successfully requested NodePublish [%s]", dir)) klog.V(4).Infof(log("mounter.SetUp successfully requested NodePublish [%s]", dir))
@ -386,48 +371,30 @@ func (c *csiMountMgr) TearDownAt(dir string) error {
return nil return nil
} }
// applyFSGroup applies the volume ownership it derives its logic func (c *csiMountMgr) supportsFSGroup(fsType string, fsGroup *int64, driverPolicy storage.FSGroupPolicy) bool {
// from https://github.com/kubernetes/kubernetes/issues/66323 if fsGroup == nil || driverPolicy == storage.NoneFSGroupPolicy || c.readOnly {
// 1) if fstype is "", then skip fsgroup (could be indication of non-block filesystem) return false
// 2) if fstype is provided and pv.AccessMode == ReadWriteOnly and !c.spec.ReadOnly then apply fsgroup
func (c *csiMountMgr) applyFSGroup(fsType string, fsGroup *int64, fsGroupChangePolicy *v1.PodFSGroupChangePolicy) error {
if c.fsGroupPolicy == storage.FileFSGroupPolicy || fsGroup != nil {
// If the FSGroupPolicy is ReadWriteOnceWithFSTypeFSGroupPolicy perform additional checks
// to determine if we should proceed with modifying the fsGroup.
if c.fsGroupPolicy == storage.ReadWriteOnceWithFSTypeFSGroupPolicy {
if fsType == "" {
klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, fsType not provided"))
return nil
}
accessModes := c.spec.PersistentVolume.Spec.AccessModes
if c.spec.PersistentVolume.Spec.AccessModes == nil {
klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, access modes not provided"))
return nil
}
if !hasReadWriteOnce(accessModes) {
klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, only support ReadWriteOnce access mode"))
return nil
}
if c.readOnly {
klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, volume is readOnly"))
return nil
}
}
err := volume.SetVolumeOwnership(c, fsGroup, fsGroupChangePolicy)
if err != nil {
return err
}
if fsGroup != nil {
klog.V(4).Info(log("mounter.SetupAt fsGroup [%d] applied successfully to %s", *fsGroup, c.volumeID))
}
} }
return nil if driverPolicy == storage.FileFSGroupPolicy {
return true
}
if fsType == "" {
klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, fsType not provided"))
return false
}
accessModes := c.spec.PersistentVolume.Spec.AccessModes
if c.spec.PersistentVolume.Spec.AccessModes == nil {
klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, access modes not provided"))
return false
}
if !hasReadWriteOnce(accessModes) {
klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, only support ReadWriteOnce access mode"))
return false
}
return true
} }
// isDirMounted returns the !notMounted result from IsLikelyNotMountPoint check // isDirMounted returns the !notMounted result from IsLikelyNotMountPoint check