Merge pull request #660 from mrunalp/volumes_bind

Add ImagesVolumesBind option
This commit is contained in:
Antonio Murdaca 2017-07-15 10:47:10 +02:00 committed by GitHub
commit f16113a627
4 changed files with 73 additions and 20 deletions

View file

@ -26,6 +26,7 @@ func validateConfig(config *server.Config) error {
switch config.ImageVolumes { switch config.ImageVolumes {
case server.ImageVolumesMkdir: case server.ImageVolumesMkdir:
case server.ImageVolumesIgnore: case server.ImageVolumesIgnore:
case server.ImageVolumesBind:
default: default:
return fmt.Errorf("Unrecognized image volume type specified") return fmt.Errorf("Unrecognized image volume type specified")

View file

@ -41,6 +41,8 @@ const (
ImageVolumesMkdir ImageVolumesType = "mkdir" ImageVolumesMkdir ImageVolumesType = "mkdir"
// ImageVolumesIgnore option is for ignoring image volumes altogether // ImageVolumesIgnore option is for ignoring image volumes altogether
ImageVolumesIgnore ImageVolumesType = "ignore" ImageVolumesIgnore ImageVolumesType = "ignore"
// ImageVolumesBind option is for using bind mounted volumes
ImageVolumesBind ImageVolumesType = "bind"
) )
const ( const (

View file

@ -12,9 +12,11 @@ import (
"time" "time"
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/docker/docker/pkg/stringid"
"github.com/docker/docker/pkg/symlink" "github.com/docker/docker/pkg/symlink"
"github.com/kubernetes-incubator/cri-o/oci" "github.com/kubernetes-incubator/cri-o/oci"
"github.com/kubernetes-incubator/cri-o/pkg/annotations" "github.com/kubernetes-incubator/cri-o/pkg/annotations"
"github.com/kubernetes-incubator/cri-o/pkg/storage"
"github.com/kubernetes-incubator/cri-o/server/apparmor" "github.com/kubernetes-incubator/cri-o/server/apparmor"
"github.com/kubernetes-incubator/cri-o/server/seccomp" "github.com/kubernetes-incubator/cri-o/server/seccomp"
"github.com/opencontainers/image-spec/specs-go/v1" "github.com/opencontainers/image-spec/specs-go/v1"
@ -72,6 +74,41 @@ func addOCIBindMounts(sb *sandbox, containerConfig *pb.ContainerConfig, specgen
return nil return nil
} }
func addImageVolumes(rootfs string, s *Server, containerInfo *storage.ContainerInfo, specgen *generate.Generator, mountLabel string) error {
for dest := range containerInfo.Config.Config.Volumes {
fp, err := symlink.FollowSymlinkInScope(filepath.Join(rootfs, dest), rootfs)
if err != nil {
return err
}
switch s.config.ImageVolumes {
case ImageVolumesMkdir:
if err1 := os.MkdirAll(fp, 0644); err1 != nil {
return err1
}
case ImageVolumesBind:
volumeDirName := stringid.GenerateNonCryptoID()
src := filepath.Join(containerInfo.RunDir, "mounts", volumeDirName)
if err1 := os.MkdirAll(src, 0644); err1 != nil {
return err1
}
// Label the source with the sandbox selinux mount label
if mountLabel != "" {
if err1 := label.Relabel(src, mountLabel, true); err1 != nil && err1 != unix.ENOTSUP {
return fmt.Errorf("relabel failed %s: %v", src, err1)
}
}
logrus.Debugf("Adding bind mounted volume: %s to %s", src, dest)
specgen.AddBindMount(src, dest, []string{"rw"})
case ImageVolumesIgnore:
logrus.Debugf("Ignoring volume %v", dest)
default:
logrus.Fatalf("Unrecognized image volumes setting")
}
}
return nil
}
func addDevices(sb *sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) error { func addDevices(sb *sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) error {
sp := specgen.Spec() sp := specgen.Spec()
for _, device := range containerConfig.GetDevices() { for _, device := range containerConfig.GetDevices() {
@ -601,27 +638,10 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
specgen.AddAnnotation("org.opencontainers.image.stopSignal", containerImageConfig.Config.StopSignal) specgen.AddAnnotation("org.opencontainers.image.stopSignal", containerImageConfig.Config.StopSignal)
} }
// TODO: volume handling in CRI-O // Add image volumes
// right now, we do just an mkdir in the container rootfs because we if err := addImageVolumes(mountPoint, s, &containerInfo, &specgen, sb.mountLabel); err != nil {
// know kube manages volumes its own way and we don't need to behave
// like docker.
// For instance gcr.io/k8s-testimages/redis:e2e now work with CRI-O
for dest := range containerImageConfig.Config.Volumes {
fp, err := symlink.FollowSymlinkInScope(filepath.Join(mountPoint, dest), mountPoint)
if err != nil {
return nil, err return nil, err
} }
switch s.config.ImageVolumes {
case ImageVolumesMkdir:
if err1 := os.MkdirAll(fp, 0644); err1 != nil {
return nil, err1
}
case ImageVolumesIgnore:
logrus.Debugf("Ignoring volume %v", dest)
default:
logrus.Fatalf("Unrecognized image volumes setting")
}
}
processArgs, err := buildOCIProcessArgs(containerConfig, containerImageConfig) processArgs, err := buildOCIProcessArgs(containerConfig, containerImageConfig)
if err != nil { if err != nil {

View file

@ -36,3 +36,33 @@ function teardown() {
cleanup_pods cleanup_pods
stop_crio stop_crio
} }
@test "image volume bind" {
IMAGE_VOLUMES=bind start_crio
run crioctl pod run --config "$TESTDATA"/sandbox_config.json
echo "$output"
[ "$status" -eq 0 ]
pod_id="$output"
image_volume_config=$(cat "$TESTDATA"/container_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["image"]["image"] = "mrunalp/image-volume-test"; obj["command"] = ["/bin/sleep", "600"]; json.dump(obj, sys.stdout)')
echo "$image_volume_config" > "$TESTDIR"/container_image_volume.json
run crioctl ctr create --config "$TESTDIR"/container_image_volume.json --pod "$pod_id"
echo "$output"
[ "$status" -eq 0 ]
ctr_id="$output"
run crioctl ctr start --id "$ctr_id"
echo "$output"
[ "$status" -eq 0 ]
run crioctl ctr execsync --id "$ctr_id" touch /imagevolume/test_file
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "Exit code: 0" ]]
run crioctl pod stop --id "$pod_id"
echo "$output"
[ "$status" -eq 0 ]
run crioctl pod remove --id "$pod_id"
echo "$output"
[ "$status" -eq 0 ]
cleanup_ctrs
cleanup_pods
stop_crio
}