From d04ee0b012be5b3cb8b0f9c00d14457754507d76 Mon Sep 17 00:00:00 2001 From: Sergey Aksenov Date: Fri, 29 Sep 2023 16:00:31 +0200 Subject: [PATCH] Support of read only mount added --- .gitignore | 1 + pkg/controllers/repositoryserver/handler.go | 2 +- pkg/kube/job.go | 29 ++++++++++++++++----- pkg/kube/pod.go | 8 +++--- 4 files changed, 30 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index 608bec7637e..10a721012bf 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /bin /dist **/*.swp +/.idea \ No newline at end of file diff --git a/pkg/controllers/repositoryserver/handler.go b/pkg/controllers/repositoryserver/handler.go index 347831dc448..e9dc8576929 100644 --- a/pkg/controllers/repositoryserver/handler.go +++ b/pkg/controllers/repositoryserver/handler.go @@ -267,7 +267,7 @@ func (h *RepoServerHandler) setCredDataFromSecretInPod(ctx context.Context, podO h.Logger.Info("Setting credentials data from secret as env variables") podOptions.EnvironmentVariables = envVars } - pod, err = kube.GetPodObjectFromPodOptions(h.KubeCli, podOptions) + pod, err = kube.GetPodObjectFromPodOptions(ctx, h.KubeCli, podOptions) if err != nil { return nil, nil, err } diff --git a/pkg/kube/job.go b/pkg/kube/job.go index bd46702190f..e09b8e27855 100644 --- a/pkg/kube/job.go +++ b/pkg/kube/job.go @@ -73,7 +73,8 @@ func NewJob(clientset kubernetes.Interface, jobName string, namespace string, se // Create creates the Job in Kubernetes. func (job *Job) Create() error { falseVal := false - volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(job.vols) + ctx := context.TODO() + volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(ctx, job.clientset, job.namespace, job.vols) if err != nil { return errors.Wrapf(err, "Failed to create volume spec for job %s", job.name) } @@ -115,7 +116,7 @@ func (job *Job) Create() error { batchClient := job.clientset.BatchV1() jobsClient := batchClient.Jobs(job.namespace) - newJob, err := jobsClient.Create(context.TODO(), k8sJob, metav1.CreateOptions{}) + newJob, err := jobsClient.Create(ctx, k8sJob, metav1.CreateOptions{}) if err != nil { return errors.Wrapf(err, "Failed to create job %s", job.name) } @@ -125,21 +126,37 @@ func (job *Job) Create() error { return nil } -func createFilesystemModeVolumeSpecs(vols map[string]string) (volumeMounts []v1.VolumeMount, podVolumes []v1.Volume, error error) { +func createFilesystemModeVolumeSpecs(ctx context.Context, cli kubernetes.Interface, namespace string, vols map[string]string) (volumeMounts []v1.VolumeMount, podVolumes []v1.Volume, error error) { // Build filesystem mode volume specs - for pvc, mountPath := range vols { + for pvcName, mountPath := range vols { id, err := uuid.NewV1() if err != nil { return nil, nil, err } + + pvc, err := cli.CoreV1().PersistentVolumeClaims(namespace).Get(ctx, pvcName, metav1.GetOptions{}) + if err != nil { + return nil, nil, err + } + + isReadOnly := false + for _, accessMode := range pvc.Spec.AccessModes { + if accessMode == v1.ReadOnlyMany { + isReadOnly = true + log.Debug().WithContext(ctx).Print("PVC will be mounted in read-only mode", field.M{"pvcName": pvcName}) + break + } + } + podVolName := fmt.Sprintf("vol-%s", id.String()) - volumeMounts = append(volumeMounts, v1.VolumeMount{Name: podVolName, MountPath: mountPath}) + volumeMounts = append(volumeMounts, v1.VolumeMount{Name: podVolName, MountPath: mountPath, ReadOnly: isReadOnly}) podVolumes = append(podVolumes, v1.Volume{ Name: podVolName, VolumeSource: v1.VolumeSource{ PersistentVolumeClaim: &v1.PersistentVolumeClaimVolumeSource{ - ClaimName: pvc, + ClaimName: pvcName, + ReadOnly: isReadOnly, }, }, }, diff --git a/pkg/kube/pod.go b/pkg/kube/pod.go index 641b42ea71d..a2598d90567 100644 --- a/pkg/kube/pod.go +++ b/pkg/kube/pod.go @@ -76,7 +76,7 @@ type PodOptions struct { Lifecycle *v1.Lifecycle } -func GetPodObjectFromPodOptions(cli kubernetes.Interface, opts *PodOptions) (*v1.Pod, error) { +func GetPodObjectFromPodOptions(ctx context.Context, cli kubernetes.Interface, opts *PodOptions) (*v1.Pod, error) { // If Namespace is not specified, use the controller Namespace. cns, err := GetControllerNamespace() if err != nil { @@ -101,7 +101,7 @@ func GetPodObjectFromPodOptions(cli kubernetes.Interface, opts *PodOptions) (*v1 opts.RestartPolicy = v1.RestartPolicyNever } - volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(opts.Volumes) + volumeMounts, podVolumes, err := createFilesystemModeVolumeSpecs(ctx, cli, opts.Namespace, opts.Volumes) if err != nil { return nil, errors.Wrapf(err, "Failed to create volume spec") } @@ -207,11 +207,13 @@ func ContainerNameFromPodOptsOrDefault(po *PodOptions) string { // CreatePod creates a pod with a single container based on the specified image func CreatePod(ctx context.Context, cli kubernetes.Interface, opts *PodOptions) (*v1.Pod, error) { - pod, err := GetPodObjectFromPodOptions(cli, opts) + pod, err := GetPodObjectFromPodOptions(ctx, cli, opts) if err != nil { return nil, errors.Wrapf(err, "Failed to get pod from podOptions. Namespace: %s, NameFmt: %s", opts.Namespace, opts.GenerateName) } + log.Debug().WithContext(ctx).Print("Creating POD", field.M{"podSpec": pod.Spec}) + pod, err = cli.CoreV1().Pods(pod.Namespace).Create(ctx, pod, metav1.CreateOptions{}) if err != nil { return nil, errors.Wrapf(err, "Failed to create pod. Namespace: %s, NameFmt: %s", opts.Namespace, opts.GenerateName)