-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow unmounting bind-mounted directories. #49118
Conversation
Hi @adelton. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@kubernetes/sig-storage-pr-reviews |
Definitely needs an accompanying test. Does everything except unmounting already work for bindmounted files? |
/ok-to-test |
I should note that even with bind-mounted directory (not file), things are currently broken and the error would be
|
Alternatively, we could walk |
What should such a test do? We cannot run
I cannot guarantee that "everything". With this change, I'm able to use flexVolumes to bind-mount (and unmount) files and directories to my containers, that's what I was after. |
Yeah, exercise the data you expect to see plumbed through to the flex plugin, to make sure nothing in between blocks it with an error.
Just for posterity, can you include the config (pod spec and flex plugin) you used to do this? Separately, that would be great to include in documentation/examples. |
test-flex-pod.json:
/usr/libexec/kubernetes/kubelet-plugins/volume/exec/example~bash/bash:
|
if err != nil { | ||
return err | ||
} | ||
} | ||
|
||
// Flexvolume driver may remove the directory. Ignore if it does. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this assuming it is a directory as well? is that going to be problematic if the flex plugin was mounting a file or dir that should not be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't add any removal here, do we?
The file / directory which was mounted is not really worked with in this function, the dir
is the mountpoint. And the goal here is to just run the driver to do the unmount, without checking whether the mountpoint seems mounted.
Of course, the driver can do whatever checks it needs to do to be extra safe.
If you are worried about this check being removed, what we could do is check whether during mounting, the mountpoint started to look like mountpoint (== the filesystem id of the mountpoint and of its parent got different). But I'm not sure if we'd be able to store/persist that check result until the unmount time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant the existing os.Remove(dir)
call below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah. Well, it's a directory / location that was created in the pod's directory by the driver during mounting, to have the mountpoint exist, in https://github.com/kubernetes/kubernetes/blob/master/pkg/volume/flexvolume/util.go#L71. It's per-driver per-mountpoint named.
I can't think of use-case when leaving it behind might be useful. It's not like this was the location where any other software might expect for the data to keep on living.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
About the tests: looking into In
running I think I'm trying to asses the general state of the tests before extending them (or bringing back tests that used to be there). |
Another question about the
Is that expected that after the first failure, things can just SIGSEGV, or should even the tests be defensive and something like
is called for? |
in a table test, depends how fatal the error is... if you can clean up inside the loop and run other tests and get useful info, just t.Errorf() and continue |
The rest of
plugin is used in every call, so if it's nil , nothing else in TestCanSupport can pass, really.
|
Filed #49203 for that now. |
Currently Kubernetes expects that a volume is mounted as a file system to a pod. For example, Flex documentation says:
It's not a |
Do you say that bind-mounting in general (even directory) is not expected to work, or just bind-mounting files? Can you point me to the discussion? |
Bind-mounting directories should work. Block storage discussion: https://docs.google.com/document/d/1XeNFxc89C54psYqz4RErk1xcso0wMrKtSfWqI6POvaU/edit#heading=h.54andwjaz4be |
Testing that now, clearing a bind-mounted dir fails because @adelton, are you interested in bind-mounted dirs in flex volumes? Edit the commit message to add support for bound directories, the code itself is OK. |
/assign |
Mounting works, unmounting bind-mounted directory fails though, with
because the code does not detect the bind-mountpoint where the filesystem id is the same both for the mountpoint and for the parent directory -- and that's the logic that the check uses to find out if something is mounted on a directory or not. This patch obviously fixes that issue as well. Will you be willing to consider this change if commit message was fixed to talk about directories, not files? |
Ah, I've added comment along the same lines as you. Will fix the commit message. Any opinion about the state of the tests there, namely the |
We had this issue with directories (not mount points) for local volumes too. We fixed it by adding a new IsNotMountPoint() that has to iterate through all the mounts on the system. Performance could be slow if there are a lot of mounts on the system, but we decided to take that hit for now, and can look into caching later. |
PR #48402 added the new unmount method. |
@msau42, IMO a flex volume plugin does not need to mount anything at all, it can mimic Secrets or ConfigMap with magic files, just with source of the files outside of Kubernetes control. |
For bind-mounted directories, the isNotMounted which calls IsLikelyNotMountPoint fails because the filesystem of the mounted location and the parent directory are the same. Addressing: unmounter.go:59] Warning: Path: /path/.../test-dir already unmounted
Fixed the commit message to only talk about bind-mounted directories, rebase on master -> 6b7d4b7. |
/retest |
/lgtm |
/approve no-issue |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adelton, jsafrane Associated issue requirement bypassed by: jsafrane The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/retest |
1 similar comment
/retest |
Automatic merge from submit-queue (batch tested with PRs 49444, 47864, 48584, 49395, 49118) |
@jsafrane Will this be cherry picked into 1.7, or it targets to 1.8? Currently, I have to mount a tmpfs into hostPath to fool |
I've filed #50596 cherry pick for 1.7 now. |
Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
What this PR does / why we need it:
For files, we cannot use
path/..
;we could use
filepath.Dir
but for bind-mounted,isNotMounted
which callsIsLikelyNotMountPoint
would not work anyway.Let's just have the driver do the work.
Addressing
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close that issue when PR gets merged): fixes #N/A
Special notes for your reviewer:
N/A
Release note: