For some reason the CI didn't fail when we open the PR. But when you run
"go test" as root, with all the capabilities, tests that exercise
permission errors will never work. As the capabilities makes them always
bypass the permission checks.
For some reason it seems that:
* Not all our CI was run when the PR was open
* The CI was changed to run as root now
* _Some_ CI was added and it runs as root
If it wasn't one of that, or a combination, I don't see how this could
have happened. If any of that indeed happened, it can break more tests
outside the userns package too.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This adds a test for the just added wrapping error message, as well as
for the other already present error messages that initialization can
fail with.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
These tests will create the userns record mapping file, so let's use a
temporal directory for that.
Without specifying one, by mistake we were using the
"/tmp/non-existant-dir.This-is-not-used-in-tests/" directory.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
The error we are wrapping is already verbose, let's just use minimal
wrapping as it is usually the case in go code.
Note that the error on parseUserNsFileAndRecord() can be returned to the
user, so we added some context about user namespace. Otherwise, an error
to parse the json would not be clear to which of all the json the kubelet
parses it refers to.
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Most error messages are properly wrapped already, but this was missing.
The kubelet logs will show something like this now:
E0201 12:00:03.505680 3007049 run.go:74] "command failed" err="failed to run Kubelet: failed to create kubelet: record pod mappings: create user namespace store: mkdir XXX: permission denied"
Before this commit, the message was not so clear:
E0120 16:02:40.484404 474711 run.go:74] "command failed" err="failed to run Kubelet: failed to create kubelet: mkdir XXX: permission denied"
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This fixes the race condition that could happen because
resize controller just finished volume expansiona and has only
finished marking PV and yet to mark PVC.
The workaround proposed here should not be necessary once
RecoverVolumeExpansionFailure goes GA/beta.
Allow kubelet orphan cleanup to delete both files and empty directories as
subpath mount points.
A pod does not need to use a directory as a subpath, it can use a file
(unix domain socket, pipe, ...) too. Therefore the cleanup should use
`os.Remove` that deletes both files and empty directories.
This replaces the klog formatting and message routing with a simpler
implementation that uses less code. The main difference is that we skip the
entire unused message routing.
Instead, the same split output streams as for JSON gets implemented in the
io.Writer implementation that gets passed to the textlogger.
