diff --git a/pkg/cmd/server/kubernetes/node/node.go b/pkg/cmd/server/kubernetes/node/node.go index 5ff85540e808..b4b375559b36 100644 --- a/pkg/cmd/server/kubernetes/node/node.go +++ b/pkg/cmd/server/kubernetes/node/node.go @@ -1,20 +1,13 @@ package node import ( - "errors" "fmt" "os" "path/filepath" "github.com/golang/glog" - kapiv1 "k8s.io/api/core/v1" - "k8s.io/kubernetes/cmd/kubelet/app" - "k8s.io/kubernetes/pkg/volume" - - configapi "github.com/openshift/origin/pkg/cmd/server/apis/config" cmdutil "github.com/openshift/origin/pkg/cmd/util" - "github.com/openshift/origin/pkg/volume/emptydir" ) // TODO this is a best effort check at the moment that should either move to kubelet or be removed entirely @@ -83,60 +76,3 @@ func initializeVolumeDir(rootDirectory string) error { } return nil } - -// TODO this needs to move into the forked kubelet with a `--openshift-config` flag -// PatchUpstreamVolumePluginsForLocalQuota checks if the node config specifies a local storage -// perFSGroup quota, and if so will test that the volumeDirectory is on a -// filesystem suitable for quota enforcement. If checks pass the k8s emptyDir -// volume plugin will be replaced with a wrapper version which adds quota -// functionality. -func PatchUpstreamVolumePluginsForLocalQuota(nodeConfig configapi.NodeConfig) func() []volume.VolumePlugin { - // This looks a little weird written this way but it allows straight lifting from here to kube at a future time - // and will allow us to wrap the exec. - - existingProbeVolumePlugins := app.ProbeVolumePlugins - return func() []volume.VolumePlugin { - if nodeConfig.VolumeConfig.LocalQuota.PerFSGroup == nil { - return existingProbeVolumePlugins() - } - - glog.V(4).Info("Replacing empty-dir volume plugin with quota wrapper") - wrappedEmptyDirPlugin := false - - quotaApplicator, err := emptydir.NewQuotaApplicator(nodeConfig.VolumeDirectory) - if err != nil { - glog.Fatalf("Could not set up local quota, %s", err) - } - - // Create a volume spec with emptyDir we can use to search for the - // emptyDir plugin with CanSupport: - emptyDirSpec := &volume.Spec{ - Volume: &kapiv1.Volume{ - VolumeSource: kapiv1.VolumeSource{ - EmptyDir: &kapiv1.EmptyDirVolumeSource{}, - }, - }, - } - - ret := existingProbeVolumePlugins() - for idx, plugin := range ret { - // Can't really do type checking or use a constant here as they are not exported: - if plugin.CanSupport(emptyDirSpec) { - wrapper := emptydir.EmptyDirQuotaPlugin{ - VolumePlugin: plugin, - Quota: *nodeConfig.VolumeConfig.LocalQuota.PerFSGroup, - QuotaApplicator: quotaApplicator, - } - ret[idx] = &wrapper - wrappedEmptyDirPlugin = true - } - } - // Because we can't look for the k8s emptyDir plugin by any means that would - // survive a refactor, error out if we couldn't find it: - if !wrappedEmptyDirPlugin { - glog.Fatal(errors.New("No plugin handling EmptyDir was found, unable to apply local quotas")) - } - - return ret - } -} diff --git a/pkg/cmd/server/start/start_node.go b/pkg/cmd/server/start/start_node.go index f56a46c1aa6e..0de0bb00d30e 100644 --- a/pkg/cmd/server/start/start_node.go +++ b/pkg/cmd/server/start/start_node.go @@ -484,8 +484,6 @@ func StartNode(nodeConfig configapi.NodeConfig, components *utilflags.ComponentF node.EnsureKubeletAccess() // TODO perform this "ensure" in ansible and skip it entirely. node.EnsureVolumeDir(nodeConfig.VolumeDirectory) - // TODO accept an --openshift-config in our fork. This overwrites the volume creation patch for the node. - kubeletapp.ProbeVolumePlugins = node.PatchUpstreamVolumePluginsForLocalQuota(nodeConfig) go func() { glog.Fatal(runKubeletInProcess(kubeletArgs)) diff --git a/test/extended/localquota/local_fsgroup_quota.go b/test/extended/localquota/local_fsgroup_quota.go index dc16aefb754a..8e5a4db21ce1 100644 --- a/test/extended/localquota/local_fsgroup_quota.go +++ b/test/extended/localquota/local_fsgroup_quota.go @@ -11,8 +11,8 @@ import ( g "github.com/onsi/ginkgo" o "github.com/onsi/gomega" + "k8s.io/kubernetes/pkg/volume/emptydirquota" - "github.com/openshift/origin/pkg/volume/emptydir" exutil "github.com/openshift/origin/test/extended/util" ) @@ -58,7 +58,7 @@ func lookupFSGroup(oc *exutil.CLI, project string) (int, error) { func lookupXFSQuota(oc *exutil.CLI, fsGroup int, volDir string) (int, error) { // First lookup the filesystem device the volumeDir resides on: - fsDevice, err := emptydir.GetFSDevice(volDir) + fsDevice, err := emptydirquota.GetFSDevice(volDir) if err != nil { return 0, err } diff --git a/vendor/k8s.io/kubernetes/cmd/kubelet/app/patch_volumequota.go b/vendor/k8s.io/kubernetes/cmd/kubelet/app/patch_volumequota.go new file mode 100644 index 000000000000..32ca528f65e7 --- /dev/null +++ b/vendor/k8s.io/kubernetes/cmd/kubelet/app/patch_volumequota.go @@ -0,0 +1,113 @@ +package app + +import ( + "errors" + "fmt" + "io/ioutil" + "os" + "path" + + "github.com/golang/glog" + yaml "gopkg.in/yaml.v2" + "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + "k8s.io/kubernetes/pkg/volume" + "k8s.io/kubernetes/pkg/volume/emptydirquota" +) + +var ( + volumeConfigKind = "VolumeConfig" + volumeConfigAPIVersion = "kubelet.config.openshift.io/v1" +) + +// Miror the TypeMeta from k8s since it doesn't have yaml tags. +// We don't really use this right now anyway. We just want +// the on-disk format of the config to be right in case we +// do want to version/parse the config in the k8s way later. +type TypeMeta struct { + Kind string `yaml:"kind"` + APIVersion string `yaml:"apiVersion"` +} + +// VolumeConfig contains options for configuring volumes on the node. +type VolumeConfig struct { + TypeMeta `yaml:"typeMeta,inline"` + + // LocalQuota contains options for controlling local volume quota on the node. + LocalQuota LocalQuota `yaml:"localQuota"` +} + +// LocalQuota contains options for controlling local volume quota on the node. +type LocalQuota struct { + // perFSGroupInGiB can be specified to enable a quota on local storage use in GiB per unique FSGroup ID. + // At present this is only implemented for emptyDir volumes, and if the underlying + // volumeDirectory is on an XFS filesystem. + PerFSGroupInGiB int64 `yaml:"perFSGroupInGiB"` +} + +// THIS IS PART OF AN OPENSHIFT CARRY PATCH +// PatchVolumePluginsForLocalQuota checks if the node config specifies a local storage +// perFSGroup quota, and if so will test that the volumeDirectory is on a +// filesystem suitable for quota enforcement. If checks pass the k8s emptyDir +// volume plugin will be replaced with a wrapper version which adds quota +// functionality. +func PatchVolumePluginsForLocalQuota(rootdir string, plugins *[]volume.VolumePlugin) error { + volumeConfigFilePath := path.Join(rootdir, "volume-config.yaml") + + if _, err := os.Stat(volumeConfigFilePath); os.IsNotExist(err) { + return nil + } + + volumeConfigFile, err := ioutil.ReadFile(volumeConfigFilePath) + if err != nil { + return fmt.Errorf("failed to read %s: %v", volumeConfigFilePath, err) + } + + var volumeConfig VolumeConfig + err = yaml.Unmarshal(volumeConfigFile, &volumeConfig) + if err != nil { + return fmt.Errorf("failed to unmarshal %s: %v", volumeConfigFilePath, err) + } + + if volumeConfig.Kind != volumeConfigKind || volumeConfig.APIVersion != volumeConfigAPIVersion { + return fmt.Errorf("expected kind \"%s\" and apiVersion \"%s\" for volume config file", volumeConfigKind, volumeConfigAPIVersion) + } + + glog.V(2).Info("replacing empty-dir volume plugin with quota wrapper") + + quotaApplicator, err := emptydirquota.NewQuotaApplicator(rootdir) + if err != nil { + return fmt.Errorf("could not set local quota: %v", err) + } + + // Create a volume spec with emptyDir we can use to search for the + // emptyDir plugin with CanSupport() + emptyDirSpec := &volume.Spec{ + Volume: &v1.Volume{ + VolumeSource: v1.VolumeSource{ + EmptyDir: &v1.EmptyDirVolumeSource{}, + }, + }, + } + + quota := resource.NewQuantity(volumeConfig.LocalQuota.PerFSGroupInGiB*1024*1024*1024, resource.BinarySI) + wrappedEmptyDirPlugin := false + for idx, plugin := range *plugins { + // Can't really do type checking or use a constant here as they are not exported: + if plugin.CanSupport(emptyDirSpec) { + wrapper := emptydirquota.EmptyDirQuotaPlugin{ + VolumePlugin: plugin, + Quota: *quota, + QuotaApplicator: quotaApplicator, + } + (*plugins)[idx] = &wrapper + wrappedEmptyDirPlugin = true + } + } + + if !wrappedEmptyDirPlugin { + glog.Fatal(errors.New("no plugin handling EmptyDir was found, unable to apply local quotas")) + } + + return nil +} diff --git a/vendor/k8s.io/kubernetes/cmd/kubelet/app/patch_volumes.go b/vendor/k8s.io/kubernetes/cmd/kubelet/app/patch_volumes.go deleted file mode 100644 index d7b2bf5a31a1..000000000000 --- a/vendor/k8s.io/kubernetes/cmd/kubelet/app/patch_volumes.go +++ /dev/null @@ -1,3 +0,0 @@ -package app - -var ProbeVolumePlugins = probeVolumePlugins diff --git a/vendor/k8s.io/kubernetes/cmd/kubelet/app/plugins.go b/vendor/k8s.io/kubernetes/cmd/kubelet/app/plugins.go index 4f8555879cca..ef41bb8e9098 100644 --- a/vendor/k8s.io/kubernetes/cmd/kubelet/app/plugins.go +++ b/vendor/k8s.io/kubernetes/cmd/kubelet/app/plugins.go @@ -64,9 +64,8 @@ import ( "k8s.io/kubernetes/pkg/features" ) - // ProbeVolumePlugins collects all volume plugins into an easy to use list. -func probeVolumePlugins() []volume.VolumePlugin { +func ProbeVolumePlugins() []volume.VolumePlugin { allPlugins := []volume.VolumePlugin{} // The list of plugins to probe is decided by the kubelet binary, not diff --git a/vendor/k8s.io/kubernetes/cmd/kubelet/app/server.go b/vendor/k8s.io/kubernetes/cmd/kubelet/app/server.go index ebdd31d040a6..9c85cac7bb95 100644 --- a/vendor/k8s.io/kubernetes/cmd/kubelet/app/server.go +++ b/vendor/k8s.io/kubernetes/cmd/kubelet/app/server.go @@ -347,7 +347,7 @@ func UnsecuredDependencies(s *options.KubeletServer) (*kubelet.Dependencies, err } } - return &kubelet.Dependencies{ + deps := &kubelet.Dependencies{ Auth: nil, // default does not enforce auth[nz] CAdvisorInterface: nil, // cadvisor.New launches background processes (bg http.ListenAndServe, and some bg cleaners), not set here Cloud: nil, // cloud provider might start background processes @@ -364,7 +364,14 @@ func UnsecuredDependencies(s *options.KubeletServer) (*kubelet.Dependencies, err Writer: writer, VolumePlugins: ProbeVolumePlugins(), DynamicPluginProber: GetDynamicPluginProber(s.VolumePluginDir), - TLSOptions: tlsOptions}, nil + TLSOptions: tlsOptions, + } + + if err := PatchVolumePluginsForLocalQuota(s.RootDirectory, &deps.VolumePlugins); err != nil { + return nil, fmt.Errorf("Local quota setup failed: %v", err) + } + + return deps, nil } // Run runs the specified KubeletServer with the given Dependencies. This should never exit. diff --git a/pkg/volume/emptydir/empty_dir_quota.go b/vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/empty_dir_quota.go similarity index 99% rename from pkg/volume/emptydir/empty_dir_quota.go rename to vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/empty_dir_quota.go index 6e0bb8d1b7ad..e7fc24606b9b 100644 --- a/pkg/volume/emptydir/empty_dir_quota.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/empty_dir_quota.go @@ -1,4 +1,4 @@ -package emptydir +package emptydirquota import ( "k8s.io/api/core/v1" diff --git a/pkg/volume/emptydir/quota.go b/vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/quota.go similarity index 99% rename from pkg/volume/emptydir/quota.go rename to vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/quota.go index c91240ea0f0d..b00d00a9a1ed 100644 --- a/pkg/volume/emptydir/quota.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/quota.go @@ -1,4 +1,4 @@ -package emptydir +package emptydirquota import ( "bytes" diff --git a/pkg/volume/emptydir/quota_test.go b/vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/quota_test.go similarity index 99% rename from pkg/volume/emptydir/quota_test.go rename to vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/quota_test.go index 6cb84386cdc0..ed599b3e7d04 100644 --- a/pkg/volume/emptydir/quota_test.go +++ b/vendor/k8s.io/kubernetes/pkg/volume/emptydirquota/quota_test.go @@ -1,4 +1,4 @@ -package emptydir +package emptydirquota import ( "errors"