Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bugfix: we should make MaskedPaths and ReadonlyPaths to be nil when privileged be set #2720

Merged
merged 1 commit into from
Feb 26, 2019
Merged

bugfix: we should make MaskedPaths and ReadonlyPaths to be nil when privileged be set #2720

merged 1 commit into from
Feb 26, 2019

Conversation

HusterWan
Copy link
Contributor

Signed-off-by: Michael Wan zirenwan@gmail.com

Ⅰ. Describe what this PR did

When creating a privileged container, we should let the proc directories to be writable for the container.

Now we have some users that have kubernetes 1.12/1.13 + pouch environment, but they can not start the kube-proxy daemonset pod because the container do not have write access to the proc directories.

BTW, the MaskedPaths and ReadonlyPaths parameters should belong to HostConfig not ContainerConfig.

Ⅱ. Does this pull request fix one issue?

fixes: #2649

Ⅲ. Why don't you add test cases (unit test/integration test)? (你真的觉得不需要加测试吗?)

yes add ut for the MaskedPaths and ReadonlyPaths parse

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

@codecov
Copy link

codecov bot commented Feb 21, 2019
edited
Loading

Codecov Report

Merging #2720 into master will increase coverage by 0.12%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #2720      +/-   ##
==========================================
+ Coverage   69.26%   69.38%   +0.12%     
==========================================
  Files         278      278              
  Lines       17486    17486              
==========================================
+ Hits        12111    12132      +21     
+ Misses       4035     4022      -13     
+ Partials     1340     1332       -8
Flag Coverage Δ
#criv1alpha2_test 39.67% <77.77%> (+0.13%) ⬆️
#integration_test_0 36.34% <61.11%> (-0.03%) ⬇️
#integration_test_1 35.19% <38.88%> (-0.06%) ⬇️
#integration_test_2 36.6% <61.11%> (-0.07%) ⬇️
#integration_test_3 35.1% <55.55%> (+0.09%) ⬆️
#node_e2e_test 35.07% <100%> (-0.05%) ⬇️
#unittest 27.37% <16.66%> (+0.01%) ⬆️
Impacted Files Coverage Δ
cri/v1alpha2/cri.go 72.1% <ø> (-0.08%) ⬇️
daemon/mgr/container_types.go 72.85% <ø> (ø) ⬆️
daemon/mgr/container.go 59.25% <100%> (+0.04%) ⬆️
daemon/mgr/spec_linux.go 79.85% <100%> (-0.15%) ⬇️
cri/v1alpha2/cri_utils.go 87.81% <100%> (+0.04%) ⬆️
ctrd/container.go 57.27% <0%> (+0.38%) ⬆️
daemon/logger/jsonfile/utils.go 73.17% <0%> (+1.62%) ⬆️
ctrd/client.go 65.73% <0%> (+1.68%) ⬆️
cri/stream/runtime.go 70.23% <0%> (+2.38%) ⬆️
... and 3 more

@pouchrobot pouchrobot added kind/bug This is bug report for project size/L labels Feb 21, 2019
@HusterWan HusterWan requested a review from starnop February 21, 2019 06:12
@HusterWan HusterWan force-pushed the zr/fix-kube-proxy-start-failed branch from 86329ab to 50570a4 Compare February 21, 2019 07:36
@HusterWan
bugfix: we should make MaskedPaths and ReadonlyPaths to be nil when p…
0befc91 
…rivileged be set

Signed-off-by: Michael Wan <zirenwan@gmail.com>
@HusterWan HusterWan force-pushed the zr/fix-kube-proxy-start-failed branch from 50570a4 to 0befc91 Compare February 21, 2019 08:00
@HusterWan HusterWan changed the title [wip]bugfix: we should make MaskedPaths and ReadonlyPaths to be nil when privileged be set bugfix: we should make MaskedPaths and ReadonlyPaths to be nil when privileged be set Feb 21, 2019
@HusterWan HusterWan requested a review from fuweid February 21, 2019 08:03
@HusterWan
Copy link
Contributor Author

Verified on the kubernetes 1.13 , the kube-proxy daemonset has been up normally.

ping @fuweid @rudyfly , can you please help to review this pr? 😆

@weekly-digest weekly-digest bot mentioned this pull request Feb 24, 2019
Closed
fuweid
fuweid reviewed Feb 26, 2019
View reviewed changes
daemon/mgr/spec_linux.go Show resolved Hide resolved
daemon/mgr/spec_linux.go Show resolved Hide resolved
fuweid
fuweid reviewed Feb 26, 2019
View reviewed changes
Copy link
Contributor

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fuweid fuweid merged commit bab0645 into AliyunContainerService:master Feb 26, 2019
@pouchrobot pouchrobot mentioned this pull request Mar 1, 2019
Closed
@weekly-digest weekly-digest bot mentioned this pull request Mar 3, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fuweid fuweid fuweid left review comments

@starnop starnop Awaiting requested review from starnop

Assignees
No one assigned
Labels
kind/bug This is bug report for project size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

kube-proxy start failed when deploy k8s v1.12.0 (with kubeadm) + pouch 1.1.0
3 participants
@HusterWan @fuweid @pouchrobot