Merge pull request #113405 from jsafrane/reduce-log-noise-on-selinux

Reduce log noise on SELinux mount mismatch

pkg/kubelet/volumemanager/cache/actual_state_of_world.go

@@ -1185,7 +1185,7 @@ type seLinuxMountMismatchError struct {
 
 func (err seLinuxMountMismatchError) Error() string {
 	return fmt.Sprintf(
-		"volumeName %q is already mounted to a different pod with a different SELinux label",
+		"waiting for unmount of volume %q, because it is already mounted to a different pod with a different SELinux label",
 		err.volumeName)
 }
 

pkg/kubelet/volumemanager/reconciler/reconciler.go

@@ -220,10 +220,11 @@ func (rc *reconciler) mountOrAttachVolumes() {
 		volMounted, devicePath, err := rc.actualStateOfWorld.PodExistsInVolume(volumeToMount.PodName, volumeToMount.VolumeName, volumeToMount.PersistentVolumeSize, volumeToMount.SELinuxLabel)
 		volumeToMount.DevicePath = devicePath
 		if cache.IsSELinuxMountMismatchError(err) {
-			// TODO: check error message + lower frequency, this can be noisy
-			klog.ErrorS(err, volumeToMount.GenerateErrorDetailed("mount precondition failed, please report this error in https://github.com/kubernetes/enhancements/issues/1710, together with full Pod yaml file", err).Error(), "pod", klog.KObj(volumeToMount.Pod))
-			// TODO: report error better, this may be too noisy
+			// The volume is mounted, but with an unexpected SELinux context.
+			// It will get unmounted in unmountVolumes / unmountDetachDevices and
+			// then removed from actualStateOfWorld.
 			rc.desiredStateOfWorld.AddErrorToPod(volumeToMount.PodName, err.Error())
+			continue
 		} else if cache.IsVolumeNotAttachedError(err) {
 			rc.waitForVolumeAttach(volumeToMount)
 		} else if !volMounted || cache.IsRemountRequiredError(err) {