Use FilteredDialContext with quobyte API

This injects the filtered DialContext behavior from VolumeHost into the quobyte plugin, which allows us to configure a host deny list for the plugin. There should be no change in timeouts, because we are able to use the same default transport settings as before.
2025-07-23 11:50:44 +00:00 · 2020-09-30 17:16:31 -07:00 · 2020-09-30 17:16:31 -07:00 · dfe6ea6df6
commit dfe6ea6df6
parent 40bb82a5b8
3 changed files with 35 additions and 9 deletions
--- a/pkg/volume/quobyte/BUILD
+++ b/pkg/volume/quobyte/BUILD
@ -15,6 +15,7 @@ go_library(
    ],
    importpath = "k8s.io/kubernetes/pkg/volume/quobyte",
    deps = [
+        "//pkg/proxy/util:go_default_library",
        "//pkg/volume:go_default_library",
        "//pkg/volume/util:go_default_library",
        "//staging/src/k8s.io/api/core/v1:go_default_library",
--- a/pkg/volume/quobyte/quobyte.go
+++ b/pkg/volume/quobyte/quobyte.go
@ -32,6 +32,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
+	proxyutil "k8s.io/kubernetes/pkg/proxy/util"
 	"k8s.io/kubernetes/pkg/volume"
 	"k8s.io/kubernetes/pkg/volume/util"
 )
@ -65,6 +66,9 @@ const (
 )

 func (plugin *quobytePlugin) Init(host volume.VolumeHost) error {
+	if host == nil {
+		return errors.New("host must not be nil")
+	}
 	plugin.host = host
 	return nil
 }
@ -304,7 +308,8 @@ func (unmounter *quobyteUnmounter) TearDownAt(dir string) error {

 type quobyteVolumeDeleter struct {
 	*quobyteMounter
-	pv *v1.PersistentVolume
+	pv          *v1.PersistentVolume
+	dialOptions *proxyutil.FilteredDialOptions
 }

 func (plugin *quobytePlugin) NewDeleter(spec *volume.Spec) (volume.Deleter, error) {
@ -320,6 +325,9 @@ func (plugin *quobytePlugin) newDeleterInternal(spec *volume.Spec) (volume.Delet
 	if err != nil {
 		return nil, err
 	}
+	if plugin.host == nil {
+		return nil, errors.New("host must not be nil")
+	}

 	return &quobyteVolumeDeleter{
 		quobyteMounter: &quobyteMounter{
@ -334,7 +342,8 @@ func (plugin *quobytePlugin) newDeleterInternal(spec *volume.Spec) (volume.Delet
 			registry: source.Registry,
 			readOnly: readOnly,
 		},
-		pv: spec.PersistentVolume,
+		pv:          spec.PersistentVolume,
+		dialOptions: plugin.host.GetFilteredDialOptions(),
 	}, nil
 }

@ -343,19 +352,24 @@ func (plugin *quobytePlugin) NewProvisioner(options volume.VolumeOptions) (volum
 }

 func (plugin *quobytePlugin) newProvisionerInternal(options volume.VolumeOptions) (volume.Provisioner, error) {
+	if plugin.host == nil {
+		return nil, errors.New("host must not be nil")
+	}
 	return &quobyteVolumeProvisioner{
 		quobyteMounter: &quobyteMounter{
 			quobyte: &quobyte{
 				plugin: plugin,
 			},
 		},
-		options: options,
+		options:     options,
+		dialOptions: plugin.host.GetFilteredDialOptions(),
 	}, nil
 }

 type quobyteVolumeProvisioner struct {
 	*quobyteMounter
-	options volume.VolumeOptions
+	options     volume.VolumeOptions
+	dialOptions *proxyutil.FilteredDialOptions
 }

 func (provisioner *quobyteVolumeProvisioner) Provision(selectedNode *v1.Node, allowedTopologies []v1.TopologySelectorTerm) (*v1.PersistentVolume, error) {
@ -409,7 +423,8 @@ func (provisioner *quobyteVolumeProvisioner) Provision(selectedNode *v1.Node, al
 	provisioner.volume = fmt.Sprintf("kubernetes-dynamic-pvc-%s", uuid.New().String())

 	manager := &quobyteVolumeManager{
-		config: cfg,
+		config:      cfg,
+		dialOptions: provisioner.dialOptions,
 	}

 	vol, sizeGB, err := manager.createVolume(provisioner, createQuota)
@ -449,7 +464,8 @@ func (deleter *quobyteVolumeDeleter) Delete() error {
 		return err
 	}
 	manager := &quobyteVolumeManager{
-		config: cfg,
+		config:      cfg,
+		dialOptions: deleter.dialOptions,
 	}
 	err = manager.deleteVolume(deleter)
 	if err != nil {
--- a/pkg/volume/quobyte/quobyte_util.go
+++ b/pkg/volume/quobyte/quobyte_util.go
@ -18,19 +18,22 @@ package quobyte

 import (
 	"net"
+	"net/http"
 	"os"
 	"path/filepath"
 	"strings"

-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	volumehelpers "k8s.io/cloud-provider/volume/helpers"
+	proxyutil "k8s.io/kubernetes/pkg/proxy/util"

 	quobyteapi "github.com/quobyte/api"
 	"k8s.io/klog/v2"
 )

 type quobyteVolumeManager struct {
-	config *quobyteAPIConfig
+	config      *quobyteAPIConfig
+	dialOptions *proxyutil.FilteredDialOptions
 }

 func (manager *quobyteVolumeManager) createVolume(provisioner *quobyteVolumeProvisioner, createQuota bool) (quobyte *v1.QuobyteVolumeSource, size int, err error) {
@ -77,11 +80,17 @@ func (manager *quobyteVolumeManager) deleteVolume(deleter *quobyteVolumeDeleter)
 }

 func (manager *quobyteVolumeManager) createQuobyteClient() *quobyteapi.QuobyteClient {
-	return quobyteapi.NewQuobyteClient(
+	client := quobyteapi.NewQuobyteClient(
 		manager.config.quobyteAPIServer,
 		manager.config.quobyteUser,
 		manager.config.quobytePassword,
 	)
+	// quobyte client library @v0.1.7 uses a zero-value http.Client with a nil
+	// transport which is equivalent to using http.DefaultTransport.
+	rt := http.DefaultTransport.(*http.Transport).Clone()
+	rt.DialContext = proxyutil.NewFilteredDialContext(rt.DialContext, nil, manager.dialOptions)
+	client.SetTransport(rt)
+	return client
 }

 func (mounter *quobyteMounter) pluginDirIsMounted(pluginDir string) (bool, error) {