Merge pull request #28691 from wongma7/pv-gid-squash2

Automatic merge from submit-queue Remove pod mutation for PVs with supplemental GIDs Continuation of https://github.com/kubernetes/kubernetes/pull/27571 to bring the feature back without pod mutation
2026-01-04 23:17:50 +00:00 · 2016-07-14 11:22:04 -07:00
parent bea382c124 58f973d8e7
commit be3175611c
13 changed files with 457 additions and 100 deletions
--- a/pkg/kubelet/dockertools/docker_manager.go
+++ b/pkg/kubelet/dockertools/docker_manager.go
@@ -54,6 +54,7 @@ import (
 	"k8s.io/kubernetes/pkg/kubelet/types"
 	"k8s.io/kubernetes/pkg/kubelet/util/cache"
 	"k8s.io/kubernetes/pkg/kubelet/util/format"
+	"k8s.io/kubernetes/pkg/kubelet/volumemanager"
 	"k8s.io/kubernetes/pkg/runtime"
 	"k8s.io/kubernetes/pkg/securitycontext"
 	kubetypes "k8s.io/kubernetes/pkg/types"
@@ -138,6 +139,9 @@ type DockerManager struct {
 	// Network plugin.
 	networkPlugin network.NetworkPlugin

+	// Kubelet Volume Manager.
+	volumeManager volumemanager.VolumeManager
+
 	// Health check results.
 	livenessManager proberesults.Manager

@@ -210,6 +214,7 @@ func NewDockerManager(
 	containerLogsDir string,
 	osInterface kubecontainer.OSInterface,
 	networkPlugin network.NetworkPlugin,
+	volumeManager volumemanager.VolumeManager,
 	runtimeHelper kubecontainer.RuntimeHelper,
 	httpClient types.HttpGetter,
 	execHandler ExecHandler,
@@ -248,6 +253,7 @@ func NewDockerManager(
 		dockerRoot:             dockerRoot,
 		containerLogsDir:       containerLogsDir,
 		networkPlugin:          networkPlugin,
+		volumeManager:          volumeManager,
 		livenessManager:        livenessManager,
 		runtimeHelper:          runtimeHelper,
 		execHandler:            execHandler,
@@ -690,9 +696,12 @@ func (dm *DockerManager) runContainer(

 	glog.V(3).Infof("Container %v/%v/%v: setting entrypoint \"%v\" and command \"%v\"", pod.Namespace, pod.Name, container.Name, dockerOpts.Config.Entrypoint, dockerOpts.Config.Cmd)

+	// todo: query volume manager for supplemental GIDs
+	supplementalGids := dm.volumeManager.GetExtraSupplementalGroupsForPod(pod)
+
 	securityContextProvider := securitycontext.NewSimpleSecurityContextProvider()
 	securityContextProvider.ModifyContainerConfig(pod, container, dockerOpts.Config)
-	securityContextProvider.ModifyHostConfig(pod, container, dockerOpts.HostConfig)
+	securityContextProvider.ModifyHostConfig(pod, container, dockerOpts.HostConfig, supplementalGids)
 	createResp, err := dm.client.CreateContainer(dockerOpts)
 	if err != nil {
 		dm.recorder.Eventf(ref, api.EventTypeWarning, kubecontainer.FailedToCreateContainer, "Failed to create docker container with error: %v", err)