From 6a02d3bc19134952bec5b0a6f2990eb5d9aec7d1 Mon Sep 17 00:00:00 2001 From: jiuyu Date: Wed, 25 Dec 2024 17:43:27 +0800 Subject: [PATCH] remove unused files Signed-off-by: jiuyu --- pkg/application/inject/fuse/injector_test.go | 1429 ----------------- .../inject/fuse/mutator/mutator.go | 3 +- .../inject/fuse/mutator/mutator_default.go | 43 - .../fuse/mutator/mutator_unprivileged.go | 168 -- .../fuse/poststart/check_fuse_unprivileged.go | 57 - 5 files changed, 1 insertion(+), 1699 deletions(-) delete mode 100644 pkg/application/inject/fuse/mutator/mutator_unprivileged.go delete mode 100644 pkg/application/inject/fuse/poststart/check_fuse_unprivileged.go diff --git a/pkg/application/inject/fuse/injector_test.go b/pkg/application/inject/fuse/injector_test.go index 6a7fac49b15..1126e3d6695 100644 --- a/pkg/application/inject/fuse/injector_test.go +++ b/pkg/application/inject/fuse/injector_test.go @@ -22,7 +22,6 @@ import ( "strings" "testing" - "github.com/fluid-cloudnative/fluid/pkg/utils" "github.com/google/go-cmp/cmp" "k8s.io/apimachinery/pkg/api/resource" @@ -2912,1394 +2911,6 @@ func TestInjectPodWithDatasetSubPath(t *testing.T) { } } -func TestInjectPodUnprivileged(t *testing.T) { - type runtimeInfo struct { - name string - namespace string - runtimeType string - } - type testCase struct { - name string - in *corev1.Pod - dataset []*datav1alpha1.Dataset - pv []*corev1.PersistentVolume - pvc []*corev1.PersistentVolumeClaim - fuse []*appsv1.DaemonSet - infos map[string]runtimeInfo - want *corev1.Pod - wantErr error - } - - hostPathCharDev := corev1.HostPathCharDev - hostPathDirectoryOrCreate := corev1.HostPathDirectoryOrCreate - mountPropagationHostToContainer := corev1.MountPropagationHostToContainer - bTrue := true - bFalse := false - var mode int32 = 0755 - - testcases := []testCase{ - { - name: "inject_pod_unprivileged", - dataset: []*datav1alpha1.Dataset{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset", - Namespace: "big-data", - }, - }, - }, - pv: []*corev1.PersistentVolume{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "big-data-dataset", - }, - Spec: corev1.PersistentVolumeSpec{ - PersistentVolumeSource: corev1.PersistentVolumeSource{ - CSI: &corev1.CSIPersistentVolumeSource{ - Driver: "fuse.csi.fluid.io", - VolumeAttributes: map[string]string{ - common.VolumeAttrFluidPath: "/runtime-mnt/jindo/big-data/dataset/jindofs-fuse", - common.VolumeAttrMountType: common.JindoRuntime, - }, - }, - }, - }, - }, - }, - pvc: []*corev1.PersistentVolumeClaim{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset", - Namespace: "big-data", - }, Spec: corev1.PersistentVolumeClaimSpec{ - VolumeName: "big-data-dataset", - }, - }, - }, - in: &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: "unprivileged-pvc-pod", - Namespace: "big-data", - Labels: map[string]string{ - common.InjectFuseSidecar: common.True, - common.InjectUnprivilegedFuseSidecar: common.True, - }, - }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Image: "unprivileged-pvc-pod", - Name: "unprivileged-pvc-pod", - VolumeMounts: []corev1.VolumeMount{ - { - Name: "dataset", - MountPath: "/data", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "dataset", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: "dataset", - ReadOnly: true, - }, - }, - }, - }, - }, - }, - fuse: []*appsv1.DaemonSet{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset-jindofs-fuse", - Namespace: "big-data", - }, - Spec: appsv1.DaemonSetSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "fuse", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bTrue, - }, VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir", - MountPath: "/mnt/disk1", - }, { - Name: "jindofs-fuse-device", - MountPath: "/dev/fuse", - }, { - Name: "jindofs-fuse-mount", - MountPath: "/jfs", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "cachedir", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk1", - Type: &hostPathDirectoryOrCreate, - }, - }}, - { - Name: "jindofs-fuse-device", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/dev/fuse", - Type: &hostPathCharDev, - }, - }, - }, - { - Name: "jindofs-fuse-mount", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - }, - }, - }, - }, - }, - }, - infos: map[string]runtimeInfo{ - "dataset": { - name: "dataset", - namespace: "big-data", - runtimeType: common.JindoRuntime, - }, - }, - want: &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: "unprivileged-pvc-pod", - Namespace: "big-data", - Labels: map[string]string{ - common.InjectFuseSidecar: common.True, - common.InjectUnprivilegedFuseSidecar: common.True, - fmt.Sprintf("%s%s", common.LabelContainerDatasetMappingKeyPrefix, "fluid-fuse-0"): fmt.Sprintf("%s_%s", "big-data", "dataset"), - }, - }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: common.FuseContainerName + "-0", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Lifecycle: &corev1.Lifecycle{ - PostStart: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ - Command: []string{ - // "/check-mount.sh", - // "/jfs", - // "jindo", - "bash", - "-c", - "time /check-mount.sh >> /proc/1/fd/1", - }, - }, - }, - }, - Resources: corev1.ResourceRequirements{ - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bFalse, - }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir-0", - MountPath: "/mnt/disk1", - }, - { - Name: "check-mount-unprivileged-0", - ReadOnly: true, - MountPath: "/check-mount.sh", - SubPath: "check-mount.sh", - }, - }, - }, - { - Image: "unprivileged-pvc-pod", - Name: "unprivileged-pvc-pod", - VolumeMounts: []corev1.VolumeMount{ - { - Name: "dataset", - MountPath: "/data", - MountPropagation: &mountPropagationHostToContainer, - }, - { - Name: "check-fluid-mount-ready", - ReadOnly: true, - MountPath: "/check-fluid-mount-ready.sh", - SubPath: "check-fluid-mount-ready.sh", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "dataset", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset/jindofs-fuse", - }, - }, - }, - { - Name: "check-fluid-mount-ready", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "check-fluid-mount-ready", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - { - Name: "cachedir-0", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk1", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - { - Name: "check-mount-unprivileged-0", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "dataset-jindo-check-mount-unprivileged", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - }, - }, - }, - wantErr: nil, - }, - { - name: "inject_pod_unprivileged_multiple_pvc", - dataset: []*datav1alpha1.Dataset{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset1", - Namespace: "big-data", - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset2", - Namespace: "big-data", - }, - }, - }, - pv: []*corev1.PersistentVolume{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "big-data-dataset1", - }, - Spec: corev1.PersistentVolumeSpec{ - PersistentVolumeSource: corev1.PersistentVolumeSource{ - CSI: &corev1.CSIPersistentVolumeSource{ - Driver: "fuse.csi.fluid.io", - VolumeAttributes: map[string]string{ - common.VolumeAttrFluidPath: "/runtime-mnt/jindo/big-data/dataset1/jindofs-fuse", - common.VolumeAttrMountType: common.JindoRuntime, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "big-data-dataset2", - }, - Spec: corev1.PersistentVolumeSpec{ - PersistentVolumeSource: corev1.PersistentVolumeSource{ - CSI: &corev1.CSIPersistentVolumeSource{ - Driver: "fuse.csi.fluid.io", - VolumeAttributes: map[string]string{ - common.VolumeAttrFluidPath: "/runtime-mnt/jindo/big-data/dataset2/jindofs-fuse", - common.VolumeAttrMountType: common.JindoRuntime, - }, - }, - }, - }, - }, - }, - pvc: []*corev1.PersistentVolumeClaim{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset1", - Namespace: "big-data", - }, - Spec: corev1.PersistentVolumeClaimSpec{ - VolumeName: "big-data-dataset1", - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset2", - Namespace: "big-data", - }, - Spec: corev1.PersistentVolumeClaimSpec{ - VolumeName: "big-data-dataset2", - }, - }, - }, - in: &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: "unprivileged-pvc-pod", - Namespace: "big-data", - Labels: map[string]string{ - common.InjectFuseSidecar: common.True, - common.InjectUnprivilegedFuseSidecar: common.True, - }, - }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Image: "unprivileged-pvc-pod", - Name: "unprivileged-pvc-pod", - VolumeMounts: []corev1.VolumeMount{ - { - Name: "dataset1", - MountPath: "/data1", - }, - { - Name: "dataset2", - MountPath: "/data2", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "dataset1", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: "dataset1", - ReadOnly: true, - }, - }, - }, - { - Name: "dataset2", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: "dataset2", - ReadOnly: true, - }, - }, - }, - }, - }, - }, - fuse: []*appsv1.DaemonSet{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset1-jindofs-fuse", - Namespace: "big-data", - }, - Spec: appsv1.DaemonSetSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "fuse", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bTrue, - }, VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir", - MountPath: "/mnt/disk", - }, { - Name: "jindofs-fuse-device", - MountPath: "/dev/fuse", - }, { - Name: "jindofs-fuse-mount", - MountPath: "/jfs", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "cachedir", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }}, - { - Name: "jindofs-fuse-device", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/dev/fuse", - Type: &hostPathCharDev, - }, - }, - }, - { - Name: "jindofs-fuse-mount", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset1", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset2-jindofs-fuse", - Namespace: "big-data", - }, - Spec: appsv1.DaemonSetSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "fuse", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bTrue, - }, VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir", - MountPath: "/mnt/disk", - }, { - Name: "jindofs-fuse-device", - MountPath: "/dev/fuse", - }, { - Name: "jindofs-fuse-mount", - MountPath: "/jfs", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "cachedir", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }}, - { - Name: "jindofs-fuse-device", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/dev/fuse", - Type: &hostPathCharDev, - }, - }, - }, - { - Name: "jindofs-fuse-mount", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset2", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - }, - }, - }, - }, - }, - }, - infos: map[string]runtimeInfo{ - "dataset1": { - name: "dataset1", - namespace: "big-data", - runtimeType: common.JindoRuntime, - }, - "dataset2": { - name: "dataset2", - namespace: "big-data", - runtimeType: common.JindoRuntime, - }, - }, - want: &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: "unprivileged-pvc-pod", - Namespace: "big-data", - Labels: map[string]string{ - common.InjectFuseSidecar: common.True, - common.InjectUnprivilegedFuseSidecar: common.True, - fmt.Sprintf("%s%s", common.LabelContainerDatasetMappingKeyPrefix, "fluid-fuse-0"): fmt.Sprintf("%s_%s", "big-data", "dataset1"), - fmt.Sprintf("%s%s", common.LabelContainerDatasetMappingKeyPrefix, "fluid-fuse-1"): fmt.Sprintf("%s_%s", "big-data", "dataset2"), - }, - }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: common.FuseContainerName + "-1", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Lifecycle: &corev1.Lifecycle{ - PostStart: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ - Command: []string{ - // "/check-mount.sh", - // "/jfs", - // "jindo", - "bash", - "-c", - "time /check-mount.sh >> /proc/1/fd/1", - }, - }, - }, - }, - Resources: corev1.ResourceRequirements{ - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bFalse, - }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir-1", - MountPath: "/mnt/disk", - }, - { - Name: "check-mount-unprivileged-1", - ReadOnly: true, - MountPath: "/check-mount.sh", - SubPath: "check-mount.sh", - }, - }, - }, - { - Name: common.FuseContainerName + "-0", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Lifecycle: &corev1.Lifecycle{ - PostStart: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ - Command: []string{ - // "/check-mount.sh", - // "/jfs", - // "jindo", - "bash", - "-c", - "time /check-mount.sh >> /proc/1/fd/1", - }, - }, - }, - }, - Resources: corev1.ResourceRequirements{ - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bFalse, - }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir-0", - MountPath: "/mnt/disk", - }, - { - Name: "check-mount-unprivileged-0", - ReadOnly: true, - MountPath: "/check-mount.sh", - SubPath: "check-mount.sh", - }, - }, - }, - { - Image: "unprivileged-pvc-pod", - Name: "unprivileged-pvc-pod", - VolumeMounts: []corev1.VolumeMount{ - { - Name: "dataset1", - MountPath: "/data1", - MountPropagation: &mountPropagationHostToContainer, - }, - { - Name: "dataset2", - MountPath: "/data2", - MountPropagation: &mountPropagationHostToContainer, - }, - { - Name: "check-fluid-mount-ready", - ReadOnly: true, - MountPath: "/check-fluid-mount-ready.sh", - SubPath: "check-fluid-mount-ready.sh", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "dataset1", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset1/jindofs-fuse", - }, - }, - }, - { - Name: "dataset2", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset2/jindofs-fuse", - }, - }, - }, - { - Name: "check-fluid-mount-ready", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "check-fluid-mount-ready", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - { - Name: "cachedir-0", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - { - Name: "check-mount-unprivileged-0", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "dataset1-jindo-check-mount-unprivileged", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - { - Name: "cachedir-1", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - { - Name: "check-mount-unprivileged-1", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "dataset2-jindo-check-mount-unprivileged", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - }, - }, - }, - wantErr: nil, - }, - { - name: "inject_pod_unprivileged_multiple_pvc_with_poststart_hook", - dataset: []*datav1alpha1.Dataset{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset-a", - Namespace: "big-data", - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset-b", - Namespace: "big-data", - }, - }, - }, - pv: []*corev1.PersistentVolume{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "big-data-dataset-a", - }, - Spec: corev1.PersistentVolumeSpec{ - PersistentVolumeSource: corev1.PersistentVolumeSource{ - CSI: &corev1.CSIPersistentVolumeSource{ - Driver: "fuse.csi.fluid.io", - VolumeAttributes: map[string]string{ - common.VolumeAttrFluidPath: "/runtime-mnt/jindo/big-data/dataset-a/jindofs-fuse", - common.VolumeAttrMountType: common.JindoRuntime, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "big-data-dataset-b", - }, - Spec: corev1.PersistentVolumeSpec{ - PersistentVolumeSource: corev1.PersistentVolumeSource{ - CSI: &corev1.CSIPersistentVolumeSource{ - Driver: "fuse.csi.fluid.io", - VolumeAttributes: map[string]string{ - common.VolumeAttrFluidPath: "/runtime-mnt/jindo/big-data/dataset-b/jindofs-fuse", - common.VolumeAttrMountType: common.JindoRuntime, - }, - }, - }, - }, - }, - }, - pvc: []*corev1.PersistentVolumeClaim{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset-a", - Namespace: "big-data", - }, - Spec: corev1.PersistentVolumeClaimSpec{ - VolumeName: "big-data-dataset-a", - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset-b", - Namespace: "big-data", - }, - Spec: corev1.PersistentVolumeClaimSpec{ - VolumeName: "big-data-dataset-b", - }, - }, - }, - in: &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: "unprivileged-pvc-pod", - Namespace: "big-data", - Labels: map[string]string{ - common.InjectFuseSidecar: common.True, - common.InjectUnprivilegedFuseSidecar: common.True, - common.InjectAppPostStart: common.True, - }, - }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Image: "unprivileged-pvc-pod", - Name: "unprivileged-pvc-pod", - VolumeMounts: []corev1.VolumeMount{ - { - Name: "dataset-a", - MountPath: "/data1", - }, - { - Name: "dataset-b", - MountPath: "/data2", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "dataset-a", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: "dataset-a", - ReadOnly: true, - }, - }, - }, - { - Name: "dataset-b", - VolumeSource: corev1.VolumeSource{ - PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ - ClaimName: "dataset-b", - ReadOnly: true, - }, - }, - }, - }, - }, - }, - fuse: []*appsv1.DaemonSet{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset-a-jindofs-fuse", - Namespace: "big-data", - }, - Spec: appsv1.DaemonSetSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "fuse", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bTrue, - }, VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir", - MountPath: "/mnt/disk", - }, { - Name: "jindofs-fuse-device", - MountPath: "/dev/fuse", - }, { - Name: "jindofs-fuse-mount", - MountPath: "/jfs", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "cachedir", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }}, - { - Name: "jindofs-fuse-device", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/dev/fuse", - Type: &hostPathCharDev, - }, - }, - }, - { - Name: "jindofs-fuse-mount", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset-a", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - }, - }, - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "dataset-b-jindofs-fuse", - Namespace: "big-data", - }, - Spec: appsv1.DaemonSetSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "fuse", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bTrue, - }, VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir", - MountPath: "/mnt/disk", - }, { - Name: "jindofs-fuse-device", - MountPath: "/dev/fuse", - }, { - Name: "jindofs-fuse-mount", - MountPath: "/jfs", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "cachedir", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }}, - { - Name: "jindofs-fuse-device", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/dev/fuse", - Type: &hostPathCharDev, - }, - }, - }, - { - Name: "jindofs-fuse-mount", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset-b", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - }, - }, - }, - }, - }, - }, - infos: map[string]runtimeInfo{ - "dataset-a": { - name: "dataset-a", - namespace: "big-data", - runtimeType: common.JindoRuntime, - }, - "dataset-b": { - name: "dataset-b", - namespace: "big-data", - runtimeType: common.JindoRuntime, - }, - }, - want: &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Name: "unprivileged-pvc-pod", - Namespace: "big-data", - Labels: map[string]string{ - common.InjectFuseSidecar: common.True, - common.InjectUnprivilegedFuseSidecar: common.True, - common.InjectAppPostStart: common.True, - fmt.Sprintf("%s%s", common.LabelContainerDatasetMappingKeyPrefix, "fluid-fuse-0"): fmt.Sprintf("%s_%s", "big-data", "dataset-a"), - fmt.Sprintf("%s%s", common.LabelContainerDatasetMappingKeyPrefix, "fluid-fuse-1"): fmt.Sprintf("%s_%s", "big-data", "dataset-b"), - }, - }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: common.FuseContainerName + "-1", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Lifecycle: &corev1.Lifecycle{ - PostStart: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ - Command: []string{ - // "/check-mount.sh", - // "/jfs", - // "jindo", - "bash", - "-c", - "time /check-mount.sh >> /proc/1/fd/1", - }, - }, - }, - }, - Resources: corev1.ResourceRequirements{ - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bFalse, - }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir-1", - MountPath: "/mnt/disk", - }, - { - Name: "check-mount-unprivileged-1", - ReadOnly: true, - MountPath: "/check-mount.sh", - SubPath: "check-mount.sh", - }, - }, - }, - { - Name: common.FuseContainerName + "-0", - Args: []string{ - "-oroot_ns=jindo", "-okernel_cache", "-oattr_timeout=9000", "-oentry_timeout=9000", - }, - Lifecycle: &corev1.Lifecycle{ - PostStart: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ - Command: []string{ - // "/check-mount.sh", - // "/jfs", - // "jindo", - "bash", - "-c", - "time /check-mount.sh >> /proc/1/fd/1", - }, - }, - }, - }, - Resources: corev1.ResourceRequirements{ - Limits: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - Requests: map[corev1.ResourceName]resource.Quantity{ - corev1.ResourceName(common.DefaultFuseDeviceResourceName): resource.MustParse("1"), - }, - }, - Command: []string{"/entrypoint.sh"}, - Image: "unprivileged-pvc-pod", - SecurityContext: &corev1.SecurityContext{ - Privileged: &bFalse, - }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "cachedir-0", - MountPath: "/mnt/disk", - }, - { - Name: "check-mount-unprivileged-0", - ReadOnly: true, - MountPath: "/check-mount.sh", - SubPath: "check-mount.sh", - }, - }, - }, - { - Image: "unprivileged-pvc-pod", - Name: "unprivileged-pvc-pod", - Lifecycle: &corev1.Lifecycle{ - PostStart: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ - Command: []string{"bash", "-c", "time /check-fluid-mount-ready.sh /data1:/data2 jindo:jindo >> /proc/1/fd/1"}, - }, - }, - }, - VolumeMounts: []corev1.VolumeMount{ - { - Name: "dataset-a", - MountPath: "/data1", - MountPropagation: &mountPropagationHostToContainer, - }, - { - Name: "dataset-b", - MountPath: "/data2", - MountPropagation: &mountPropagationHostToContainer, - }, - { - Name: "check-fluid-mount-ready", - ReadOnly: true, - MountPath: "/check-fluid-mount-ready.sh", - SubPath: "check-fluid-mount-ready.sh", - }, - }, - }, - }, - Volumes: []corev1.Volume{ - { - Name: "dataset-a", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset-a/jindofs-fuse", - }, - }, - }, - { - Name: "dataset-b", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/runtime-mnt/jindo/big-data/dataset-b/jindofs-fuse", - }, - }, - }, - { - Name: "check-fluid-mount-ready", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "check-fluid-mount-ready", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - { - Name: "cachedir-0", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - { - Name: "check-mount-unprivileged-0", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "dataset-a-jindo-check-mount-unprivileged", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - { - Name: "cachedir-1", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ - Path: "/mnt/disk", - Type: &hostPathDirectoryOrCreate, - }, - }, - }, - { - Name: "check-mount-unprivileged-1", - VolumeSource: corev1.VolumeSource{ - ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{ - Name: "dataset-b-jindo-check-mount-unprivileged", - }, - DefaultMode: ptr.To(mode), - }, - }, - }, - }, - }, - }, - wantErr: nil, - }, - } - - objs := []runtime.Object{} - s := runtime.NewScheme() - _ = corev1.AddToScheme(s) - _ = datav1alpha1.AddToScheme(s) - _ = appsv1.AddToScheme(s) - for _, testcase := range testcases { - for _, obj := range testcase.fuse { - objs = append(objs, obj) - } - for _, obj := range testcase.pv { - objs = append(objs, obj) - } - for _, obj := range testcase.pvc { - objs = append(objs, obj) - } - for _, obj := range testcase.dataset { - objs = append(objs, obj) - } - } - - fakeClient := fake.NewFakeClientWithScheme(s, objs...) - - for _, testcase := range testcases { - injector := NewInjector(fakeClient) - - runtimeInfos := map[string]base.RuntimeInfoInterface{} - for pvc, info := range testcase.infos { - runtimeInfo, err := base.BuildRuntimeInfo(info.name, info.namespace, info.runtimeType) - if err != nil { - t.Errorf("testcase %s failed due to error %v", testcase.name, err) - } - runtimeInfo.SetClient(fakeClient) - runtimeInfos[pvc] = runtimeInfo - } - - out, err := injector.InjectPod(testcase.in, runtimeInfos) - if err != nil { - if testcase.wantErr == nil { - t.Errorf("testcase %s failed, Got error %v", testcase.name, err) - } else { - continue - } - } - - gotMetaObj := out.ObjectMeta - wantMetaObj := testcase.want.ObjectMeta - - if !reflect.DeepEqual(gotMetaObj, wantMetaObj) { - t.Errorf("testcase %s failed, diff between wantMetaObj and gotMetaObj: %v", testcase.name, cmp.Diff(wantMetaObj, gotMetaObj)) - } - - gotContainers := out.Spec.Containers - gotVolumes := out.Spec.Volumes - - // gotContainers := out. - // , gotVolumes, err := getInjectPiece(out) - // if err != nil { - // t.Errorf("testcase %s failed due to inject error %v", testcase.name, err) - // } - - wantContainers := testcase.want.Spec.Containers - wantVolumes := testcase.want.Spec.Volumes - - gotContainerMap := makeContainerMap(gotContainers) - wantContainerMap := makeContainerMap(wantContainers) - - if len(gotContainerMap) != len(wantContainerMap) { - t.Errorf("testcase %s failed, want containers length %d, Got containers length %d", testcase.name, len(wantContainerMap), len(gotContainerMap)) - } - - for k, wantContainer := range wantContainerMap { - if strings.HasPrefix(k, common.FuseContainerName) { - var exists bool - tempWant := wantContainer.DeepCopy() - tempWant.Name = "" - for _, gotContainer := range gotContainers { - tempGot := gotContainer.DeepCopy() - tempGot.Name = "" - - if reflect.DeepEqual(tempGot, tempWant) { - exists = true - } - } - - if !exists { - want, err := yaml.Marshal(wantContainer) - if err != nil { - t.Errorf("testcase %s failed, due to %v", testcase.name, err) - } - t.Errorf("testcase %s failed, want container: %v, but not found in containers", testcase.name, string(want)) - } - } else if gotContainer, found := gotContainerMap[k]; found { - if gotContainer.Lifecycle != nil && wantContainer.Lifecycle != nil { - if gotContainer.Lifecycle.PostStart != nil && wantContainer.Lifecycle.PostStart != nil { - if gotContainer.Lifecycle.PostStart.Exec != nil && wantContainer.Lifecycle.PostStart.Exec != nil { - equal := comparePostStartExecCommands(gotContainer.Lifecycle.PostStart.Exec, wantContainer.Lifecycle.PostStart.Exec) - if !equal { - t.Errorf("testcase %s failed, want poststart %v, got poststart %v", testcase.name, wantContainer.Lifecycle.PostStart.Exec, gotContainer.Lifecycle.PostStart.Exec) - } - // ignore post start exec when checking deep equal - wantContainer.Lifecycle.PostStart.Exec = nil - gotContainer.Lifecycle.PostStart.Exec = nil - } - } - } - if !reflect.DeepEqual(wantContainer, gotContainer) { - want, err := yaml.Marshal(wantContainer) - if err != nil { - t.Errorf("testcase %s failed, due to %v", testcase.name, err) - } - - outYaml, err := yaml.Marshal(gotContainer) - if err != nil { - t.Errorf("testcase %s failed, due to %v", testcase.name, err) - } - - t.Errorf("testcase %s failed, want %v, Got %v", testcase.name, string(want), string(outYaml)) - } - } else { - t.Errorf("testcase %s failed due to missing the container %s", testcase.name, k) - } - } - - gotVolumeMap := makeVolumeMap(gotVolumes) - wantVolumeMap := makeVolumeMap(wantVolumes) - if len(gotVolumeMap) != len(wantVolumeMap) { - gotVolumeKeys := keys(gotVolumeMap) - wantVolumeKeys := keys(wantVolumeMap) - t.Errorf("testcase %s failed, got volumes length %d with keys %v, want volumes length %d with keys %v", testcase.name, len(gotVolumeMap), - gotVolumeKeys, len(wantVolumeMap), wantVolumeKeys) - } - - //wantVolumesTotal := len(testcase.in.Spec.Volumes) + testcase.numPvcMount - for _, injectedFuse := range testcase.fuse { - for _, wantVolume := range injectedFuse.Spec.Template.Spec.Volumes { - // Skip check for volumes like "-fuse-mount" and "-fuse-device" - if wantVolume.VolumeSource.HostPath != nil && - (strings.HasPrefix(wantVolume.VolumeSource.HostPath.Path, "/dev") || - strings.HasPrefix(wantVolume.VolumeSource.HostPath.Path, "/runtime-mnt")) { - continue - } - wantTemp := wantVolume.DeepCopy() - wantTemp.Name = "" - var exists bool - for _, gotVolume := range gotVolumes { - gotTemp := gotVolume.DeepCopy() - gotTemp.Name = "" - if reflect.DeepEqual(wantTemp, gotTemp) { - exists = true - break - } - } - - if !exists { - want, err := yaml.Marshal(wantVolumes) - if err != nil { - t.Errorf("testcase %s failed due to %v", testcase.name, err) - } - t.Errorf("testcase %s failed, wantVolume: %s, but not found in gotVolumes", testcase.name, string(want)) - } - } - //wantVolumesTotal += len(injectedFuse.Spec.Template.Spec.Volumes) - } - - } -} - func TestInjectPodWithInitContainer(t *testing.T) { type runtimeInfo struct { name string @@ -6356,43 +4967,3 @@ func keys(vMap interface{}) (keys []string) { return } - -func comparePostStartExecCommands(exec1, exec2 *corev1.ExecAction) (equal bool) { - if len(exec1.Command) != len(exec2.Command) { - return false - } - - for ci := range exec1.Command { - subCmd1 := exec1.Command[ci] - subCmd2 := exec2.Command[ci] - if strings.Contains(subCmd1, " ") { - parameters1 := strings.Split(subCmd1, " ") - parameters2 := strings.Split(subCmd2, " ") - if len(parameters1) != len(parameters2) { - return false - } - for pi := range parameters1 { - if strings.Contains(parameters1[pi], ":") { - tokens1 := strings.Split(parameters1[pi], ":") - tokens2 := strings.Split(parameters2[pi], ":") - - if len(tokens1) != len(tokens2) { - return false - } - - for _, token := range tokens1 { - if !utils.ContainsString(tokens2, token) { - return false - } - } - } else { - if !reflect.DeepEqual(parameters1[pi], parameters2[pi]) { - return false - } - } - } - } - } - - return true -} diff --git a/pkg/application/inject/fuse/mutator/mutator.go b/pkg/application/inject/fuse/mutator/mutator.go index 3b642d1d552..b8b15b476b7 100644 --- a/pkg/application/inject/fuse/mutator/mutator.go +++ b/pkg/application/inject/fuse/mutator/mutator.go @@ -50,8 +50,7 @@ func (args MutatorBuildArgs) String() string { } var mutatorBuildFn map[string]func(MutatorBuildArgs) Mutator = map[string]func(MutatorBuildArgs) Mutator{ - utils.PlatformDefault: NewDefaultMutator, - utils.PlatformUnprivileged: NewUnprivilegedMutator, + utils.PlatformDefault: NewDefaultMutator, } func BuildMutator(args MutatorBuildArgs, platform string) (Mutator, error) { diff --git a/pkg/application/inject/fuse/mutator/mutator_default.go b/pkg/application/inject/fuse/mutator/mutator_default.go index a824accc0dc..f9f1bcae92c 100644 --- a/pkg/application/inject/fuse/mutator/mutator_default.go +++ b/pkg/application/inject/fuse/mutator/mutator_default.go @@ -29,31 +29,18 @@ import ( "github.com/go-logr/logr" "github.com/pkg/errors" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" ) -var fuseDeviceResourceName string - var ( // datavolume-, volume-localtime for JindoFS // mem, ssd, hdd for Alluxio and GooseFS // cache-dir for JuiceFS cacheDirNames = []string{"datavolume-", "volume-localtime", "cache-dir", "mem", "ssd", "hdd"} - - // hostpath fuse mount point for Alluxio, JindoFS, GooseFS and JuiceFS - hostMountNames = []string{"alluxio-fuse-mount", "jindofs-fuse-mount", "goosefs-fuse-mount", "juicefs-fuse-mount", "thin-fuse-mount", "efc-fuse-mount", "efc-sock"} - - // fuse devices for Alluxio, JindoFS, GooseFS - hostFuseDeviceNames = []string{"alluxio-fuse-device", "jindofs-fuse-device", "goosefs-fuse-device", "thin-fuse-device"} ) -func init() { - fuseDeviceResourceName = utils.GetStringValueFromEnv(common.EnvFuseDeviceResourceName, common.DefaultFuseDeviceResourceName) -} - // TODO: DefaultMutator will be rewritten with polymorphism withe platform-specific mutation logic type DefaultMutator struct { options common.FuseSidecarInjectOption @@ -374,36 +361,6 @@ func (helper *defaultMutatorHelper) prepareFuseContainerPostStartScript() error return nil } -func (helper *defaultMutatorHelper) transformTemplateWithUnprivilegedSidecarEnabled() { - // remove the fuse related volumes if using virtual fuse device - template := helper.template - template.FuseContainer.VolumeMounts = utils.TrimVolumeMounts(template.FuseContainer.VolumeMounts, hostMountNames) - template.VolumesToAdd = utils.TrimVolumes(template.VolumesToAdd, hostMountNames) - - template.FuseContainer.VolumeMounts = utils.TrimVolumeMounts(template.FuseContainer.VolumeMounts, hostFuseDeviceNames) - template.VolumesToAdd = utils.TrimVolumes(template.VolumesToAdd, hostFuseDeviceNames) - - // add virtual fuse device resource - if template.FuseContainer.Resources.Limits == nil { - template.FuseContainer.Resources.Limits = map[corev1.ResourceName]resource.Quantity{} - } - template.FuseContainer.Resources.Limits[corev1.ResourceName(fuseDeviceResourceName)] = resource.MustParse("1") - - if template.FuseContainer.Resources.Requests == nil { - template.FuseContainer.Resources.Requests = map[corev1.ResourceName]resource.Quantity{} - } - template.FuseContainer.Resources.Requests[corev1.ResourceName(fuseDeviceResourceName)] = resource.MustParse("1") - - // invalidate privileged fuse container - if template.FuseContainer.SecurityContext != nil { - privilegedContainer := false - template.FuseContainer.SecurityContext.Privileged = &privilegedContainer - if template.FuseContainer.SecurityContext.Capabilities != nil { - template.FuseContainer.SecurityContext.Capabilities.Add = utils.TrimCapabilities(template.FuseContainer.SecurityContext.Capabilities.Add, []string{"SYS_ADMIN"}) - } - } -} - func (helper *defaultMutatorHelper) transformTemplateWithCacheDirDisabled() { template := helper.template template.FuseContainer.VolumeMounts = utils.TrimVolumeMounts(template.FuseContainer.VolumeMounts, cacheDirNames) diff --git a/pkg/application/inject/fuse/mutator/mutator_unprivileged.go b/pkg/application/inject/fuse/mutator/mutator_unprivileged.go deleted file mode 100644 index 33db10aa076..00000000000 --- a/pkg/application/inject/fuse/mutator/mutator_unprivileged.go +++ /dev/null @@ -1,168 +0,0 @@ -/* -Copyright 2023 The Fluid Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package mutator - -import ( - "context" - - "github.com/fluid-cloudnative/fluid/pkg/application/inject/fuse/poststart" - "github.com/fluid-cloudnative/fluid/pkg/ddc/base" - "github.com/fluid-cloudnative/fluid/pkg/utils" - "github.com/fluid-cloudnative/fluid/pkg/utils/kubeclient" - "github.com/pkg/errors" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" -) - -type UnprivilegedMutator struct { - // UnprivilegedMutator inherits from DefaultMutator - DefaultMutator -} - -var _ Mutator = &UnprivilegedMutator{} - -func NewUnprivilegedMutator(opts MutatorBuildArgs) Mutator { - return &UnprivilegedMutator{ - DefaultMutator: DefaultMutator{ - options: opts.Options, - client: opts.Client, - log: opts.Log, - Specs: opts.Specs, - }, - } -} - -func (mutator *UnprivilegedMutator) MutateWithRuntimeInfo(pvcName string, runtimeInfo base.RuntimeInfoInterface, nameSuffix string) error { - template, err := runtimeInfo.GetFuseContainerTemplate() - if err != nil { - return errors.Wrapf(err, "failed to get fuse container template for runtime \"%s/%s\"", runtimeInfo.GetNamespace(), runtimeInfo.GetName()) - } - - helper := unprivilegedMutatorHelper{ - defaultMutatorHelper: defaultMutatorHelper{ - pvcName: pvcName, - template: template, - options: mutator.options, - runtimeInfo: runtimeInfo, - nameSuffix: nameSuffix, - client: mutator.client, - log: mutator.log, - Specs: mutator.Specs, - ctx: mutatingContext{}, - }, - } - - if err := helper.PrepareMutation(); err != nil { - return errors.Wrapf(err, "failed to prepare mutation for runtime \"%s/%s\"", runtimeInfo.GetNamespace(), runtimeInfo.GetName()) - } - - _, err = helper.Mutate() - if err != nil { - return errors.Wrapf(err, "failed to mutate for runtime \"%s/%s\"", runtimeInfo.GetNamespace(), runtimeInfo.GetName()) - } - - return nil -} - -func (mutator *UnprivilegedMutator) PostMutate() error { - return mutator.DefaultMutator.PostMutate() -} - -func (mutator *UnprivilegedMutator) GetMutatedPodSpecs() *MutatingPodSpecs { - return mutator.DefaultMutator.GetMutatedPodSpecs() -} - -type unprivilegedMutatorHelper struct { - defaultMutatorHelper -} - -func (helper *unprivilegedMutatorHelper) PrepareMutation() error { - if !helper.options.EnableCacheDir { - helper.transformTemplateWithCacheDirDisabled() - } - - helper.transformTemplateWithUnprivilegedSidecarEnabled() - - if !helper.options.SkipSidecarPostStartInject { - if err := helper.prepareFuseContainerPostStartScript(); err != nil { - return err - } - } - - if !helper.runtimeInfo.GetFuseMetricsScrapeTarget().Selected(base.SidecarMountMode) { - helper.removeFuseMetricsContainerPort() - } - - return nil -} - -func (mutator *unprivilegedMutatorHelper) Mutate() (*MutatingPodSpecs, error) { - return mutator.defaultMutatorHelper.Mutate() -} - -func (mutator *unprivilegedMutatorHelper) prepareFuseContainerPostStartScript() error { - // 4. inject the post start script for fuse container, if configmap doesn't exist, try to create it. - // Post start script varies according to privileged or unprivileged sidecar. - var ( - info = mutator.runtimeInfo - template = mutator.template - datasetName = info.GetName() - datasetNamespace = info.GetNamespace() - ) - - dataset, err := utils.GetDataset(mutator.client, datasetName, datasetNamespace) - if err != nil { - return err - } - - ownerReference := metav1.OwnerReference{ - APIVersion: dataset.APIVersion, - Kind: dataset.Kind, - Name: dataset.Name, - UID: dataset.UID, - } - - // Fluid assumes pvc name is the same with runtime's name - gen := poststart.NewUnprivilegedPostStartScriptGenerator() - cmKey := gen.GetConfigMapKeyByOwner(types.NamespacedName{Namespace: datasetNamespace, Name: datasetName}, template.FuseMountInfo.FsType) - cm := gen.BuildConfigMap(ownerReference, cmKey) - - found, err := kubeclient.IsConfigMapExist(mutator.client, cmKey.Name, cmKey.Namespace) - if err != nil { - return err - } - - if !found { - err = mutator.client.Create(context.TODO(), cm) - if err != nil { - // If ConfigMap creation succeeds concurrently, continue to mutate - if otherErr := utils.IgnoreAlreadyExists(err); otherErr != nil { - return err - } - } - } - - template.FuseContainer.VolumeMounts = append(template.FuseContainer.VolumeMounts, gen.GetVolumeMount()) - if template.FuseContainer.Lifecycle == nil { - template.FuseContainer.Lifecycle = &corev1.Lifecycle{} - } - template.FuseContainer.Lifecycle.PostStart = gen.GetPostStartCommand() - template.VolumesToAdd = append(template.VolumesToAdd, gen.GetVolume(cmKey)) - - return nil -} diff --git a/pkg/application/inject/fuse/poststart/check_fuse_unprivileged.go b/pkg/application/inject/fuse/poststart/check_fuse_unprivileged.go deleted file mode 100644 index ea6180c525b..00000000000 --- a/pkg/application/inject/fuse/poststart/check_fuse_unprivileged.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2023 The Fluid Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package poststart - -import ( - "fmt" - - corev1 "k8s.io/api/core/v1" -) - -var ( - contentUnprivilegedSidecar = `#!/bin/bash -set -ex - -echo "Sending device ioctl to /dev/fuse" -/tools/ioctl_sync -echo "Device ioctl done. Post start script finished" -` -) - -// unprivilegedPostStartScriptGenerator is a generator to render resources and specs related to post start mount-check script for the UnprivilegedMutator -type unprivilegedPostStartScriptGenerator struct { - scriptGeneratorHelper -} - -func NewUnprivilegedPostStartScriptGenerator() *unprivilegedPostStartScriptGenerator { - return &unprivilegedPostStartScriptGenerator{ - scriptGeneratorHelper: scriptGeneratorHelper{ - configMapName: "check-mount-unprivileged", - scriptFileName: "check-mount.sh", - scriptMountPath: "/check-mount.sh", - scriptContent: replacer.Replace(contentUnprivilegedSidecar), - }, - } -} - -func (g *unprivilegedPostStartScriptGenerator) GetPostStartCommand() (handler *corev1.LifecycleHandler) { - cmd := []string{"bash", "-c", fmt.Sprintf("time %s >> /proc/1/fd/1", g.scriptMountPath)} - - return &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{Command: cmd}, - } -}