-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/inject volume mounts #3
Feature/inject volume mounts #3
Conversation
Thank you for submitting this pull request, however I do not see a valid CLA on file for you. Before we can merge this request please visit https://yahoocla.herokuapp.com/ and agree to the terms. Thanks! 😄 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for your PR! I am glad you find this utility useful.
I would love to hear a bit more about the usecase that necessitated this PR. Did you need a volumeMount in both an injected container, as well as a container not in your injection config? Internally, we have just been defining VolumeMounts on each container as part of the containers:
config. This is because each sidecar container may have different mount requirements (i.e. mountPath
, readOnly
, etc etc).
Thanks!
Yes exactly. Our use case looks like this: We have several services accessing e.g. a Hadoop Cluster with Kerberos authentication enabled. Up to now, the applications themselves took care of creating/renewing their Kerberos tickets. We now started using a sidecar container to create/renew the tickets. That sidecar container needs to share a volume with the main container(s), to share the created/renewed ticket with them. So yes, we could define the VolumeMounts in the container section of the injection config for the sidecars, but we still need to inject them into the existing containers to make the Kerberos ticket available to them (without them having to have any clue about how the ticket got there). |
74f453f
to
9a57a1a
Compare
@yahoocla rescan? |
Is this PR good to merge then @byxorna ? 👍 |
@iwilltry42 yep; just a few things before we land this.
|
@byxorna yep, signed it when the Bot first asked for it after the initial commits. No worries, I'll revert the commit with the name change then 👍 |
This reverts commit 071bad1.
Done 👍 |
@defect @komapa @roymarantz @gtorre wanna give this a pass before merging? |
hasKey := false | ||
// make sure we dont override any existing volume mounts; we only add, dont replace | ||
for _, origVolumeMount := range container.VolumeMounts { | ||
if origVolumeMount.Name == add.Name { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you want to return an error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would I return an error here, as we're consciously checking for matching names to not override an existing volumeMount? I could write a log message saying that the volume mount exists already and that it's not being replaced, but probably that won't be beneficial or what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It depends on what semantics you want. An add
of an already existing mount could be interpreted as something out of wack. In the context of merge
ing behavior this make more sense to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this logic is sound to me
@iwilltry42 thanks for the PR! Awesome new functionality :) |
Containers []corev1.Container `json:"containers"` | ||
Volumes []corev1.Volume `json:"volumes"` | ||
Environment []corev1.EnvVar `json:"env"` | ||
VolumeMounts []corev1.VolumeMount `json:"volumeMounts"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My only comment on the PR would have been the use of corev1.VolumeMount
As singular vs VolumeMounts
In most other places. There is some mix between singular and plular throughout that is not clear to me why it needs to be different.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, corev1.VolumeMount
refers to the Kubernetes specification of a single volumeMount in a container object. Now that we want to have more than one volumeMount in our config, I named it volumeMounts
which is referring to a list of volumeMounts
First off: Thank you for open-sourcing this amazing project 😃
What and why?
Feature to add volume mounts to all existing and injected containers by adding top level
volumeMounts
scope. This is useful when an injected sidecar container is supposed to share files with the existing containers. My use case for this was a Kerberos sidecar container that provides Kerberos tickets to the other containers in the pod.Testing Steps
Tested within microk8s and minikube on Ubuntu 18.04 by adding the aforementioned fields to the example in
examples/kubernetes
and then checking if all the containers share the same configmap mounted.Unfortunately there are no unittests yet, as the current setup (load InjectionConfig and expected IC via struct from JSON annotations) can't appropriately be applied to this case (because we need to check that each container has this one volumeMount afterwards and not count the global number).
If we can clarify a procedure, I'd like to add the tests later 👍
UPDATE (2019-01-28): I added unit tests, which require a bit more complexity, because
volumeMounts
are top-level (global scope) objects in the injection-config, but a second-level (containers scope) objects in the resulting config (after injection), which didn't really work with the current 1:1 mapping.EDIT: seems like I maybe misunderstood how your unittests work 🤔 Anyways, I'll just wait for your feedback 😅