The field in fact says that the container runtime should relabel a volume
when running a container with it, it does not say that the volume supports
SELinux. For example, NFS can support SELinux, but we don't want NFS
volumes relabeled, because they can be shared among several Pods.
iSCSI and FC volume plugins do not implement real 3rd party attach/detach.
If reconstruction fails with an error on a FC or iSCSI volume, it will not
be unmounted from the volume global dir and at the same time it will be
marked as unused, to be available to be mounted on another node.
The volume can then be mounted on several nodes, resulting in volume
corruption.
The other block based volume plugins implement attach/detach that either
makes the volume stuck (can't be detached) or will be force-detached from a
node before attaching it somewhere else.
Volumes that are provisioned with `VolumeMode: Block` often have a
MetrucsProvider interface declared in their type. However, the
MetricsProvider should implement a GetMetrics() function. In the cases
where the storage drivers do not implement GetMetrics(), a panic can
occur.
Usual type-assertions are not sufficient in this case. All assertions
assume the interface is present. There is no straight forward way to
verify that a valid GetMetrics() function is provided.
By adding SupportsMetrics(), storage driver implementations require
careful reviewing for metrics support.
PR #97972 added support for gathering metrics for Block PVCs provided by
CSI drivers. The in-tree drivers can support at leas the most basic
metric; Capacity.
iSCSI volume plugin persists volume metadata into global mount directory,
before it is mounted. Content of the directory is shadowed by the volume
mount. Therefore kubelet should not write metadata to the directory when a
second pod uses the same volume on the same node.
1. The metadata were already persisted before mounting the volume for the
first pod.
2. The global mount directory has the volume mounted, so any write there
would write to the volume, which is undesirable.
Errors from staticcheck:
pkg/volume/azure_dd/azure_common.go:68:2: var winDiskNumFormat is unused (U1000)
pkg/volume/csi/csi_block.go:97:2: field volumeInfo is unused (U1000)
pkg/volume/csi/csi_block_test.go:56:6: func prepareBlockUnmapperTest is unused (U1000)
pkg/volume/csi/csi_client.go:108:2: const initialDuration is unused (U1000)
pkg/volume/csi/csi_client.go:109:2: const factor is unused (U1000)
pkg/volume/csi/csi_client.go:110:2: const steps is unused (U1000)
pkg/volume/csi/csi_client_test.go:83:8: this value of err is never used (SA4006)
pkg/volume/csi/csi_mounter.go:76:2: field options is unused (U1000)
pkg/volume/csi/csi_mounter_test.go:454:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:766:16: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:861:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:1186:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_plugin_test.go:1249:13: this value of err is never used (SA4006)
pkg/volume/csi/csi_test.go:305:5: the goroutine calls T.Fatalf, which must be called in the same goroutine as the test (SA2002)
pkg/volume/flexvolume/probe_test.go:67:10: this value of err is never used (SA4006)
pkg/volume/iscsi/iscsi_test.go:95:2: field attachCalled is unused (U1000)
pkg/volume/iscsi/iscsi_test.go:96:2: field detachCalled is unused (U1000)
pkg/volume/iscsi/iscsi_test.go:501:24: this value of err is never used (SA4006)
pkg/volume/iscsi/iscsi_util_test.go:159:2: this value of exist is never used (SA4006)
pkg/volume/local/local.go:351:57: argument devicePath is overwritten before first use (SA4009)
pkg/volume/plugins_test.go:119:2: this value of plug is never used (SA4006)
pkg/volume/plugins_test.go:125:2: this value of plug is never used (SA4006)
pkg/volume/quobyte/quobyte.go:474:23: this result of append is never used, except maybe in other appends (SA4010)
pkg/volume/quobyte/quobyte.go:477:23: this result of append is never used, except maybe in other appends (SA4010)
pkg/volume/quobyte/quobyte.go:480:23: this result of append is never used, except maybe in other appends (SA4010)
pkg/volume/rbd/rbd.go:886:2: field adminSecret is unused (U1000)
pkg/volume/rbd/rbd.go:887:2: field adminID is unused (U1000)
pkg/volume/rbd/rbd.go:888:2: field imageFormat is unused (U1000)
pkg/volume/rbd/rbd.go:889:2: field imageFeatures is unused (U1000)
pkg/volume/storageos/storageos.go:302:2: field secretName is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:43:2: field apiAddr is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:44:2: field apiUser is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:45:2: field apiPass is unused (U1000)
pkg/volume/storageos/storageos_util_test.go:46:2: field apiVersion is unused (U1000)
pkg/volume/util/atomic_writer_test.go:756:49: argument err is overwritten before first use (SA4009)
pkg/volume/util/fsquota/common/quota_linux_common.go:37:2: const acct is unused (U1000)
pkg/volume/util/fsquota/common/quota_linux_common.go:38:2: const enforcing is unused (U1000)
pkg/volume/util/fsquota/project.go:168:31: identical expressions on the left and right side of the '==' operator (SA4000)
pkg/volume/util/fsquota/quota_linux.go:306:50: argument poduid is overwritten before first use (SA4009)
pkg/volume/util/fsquota/quota_linux_test.go:558:16: this value of err is never used (SA4006)
pkg/volume/util/subpath/subpath_linux.go:232:81: argument err is overwritten before first use (SA4009)
pkg/volume/util/subpath/subpath_linux_test.go:579:73: argument err is overwritten before first use (SA4009)
This patch removes pkg/util/mount completely, and replaces it with the
mount package now located at k8s.io/utils/mount. The code found at
k8s.io/utils/mount was moved there from pkg/util/mount, so the code is
identical, just no longer in-tree to k/k.
- Rename MapDevice to MapPodDevice in BlockVolumeMapper
- Add UnmapPodDevice in BlockVolumeUnmapper (This will be used by csi driver later)
- Add CustomBlockVolumeMapper and CustomBlockVolumeUnmapper interface
- Move SetUpDevice and MapPodDevice to CustomBlockVolumeMapper
- Move TearDownDevice and UnmapPodDevice to CustomBlockVolumeUnmapper
- Implement CustomBlockVolumeMapper only in local and csi plugin
- Implement CustomBlockVolumeUnmapper only in fc, iscsi, rbd, and csi plugin
- Change MapPodDevice to return path and SetUpDevice not to return path
