m/node/kubernetes: fix PV mount flags and add e2e test
Mount flags did not work because of two problems:
- The provisioner did not copy them from the StorageClass to the
PersistentVolume.
- The CSI server used = instead of |= when adding flags, so only one of
the flags was added or removed.
There was an existing e2e test for PVs, however this only created the
PVC/PV without even attaching it to a container. I extended this test to
attach the PV and check from inside the container that it has the
expected mount flags and quota.
The existing e2e test also created a block PV, however attaching a block
PV to a container was not tested and is apparently broken, so I removed
this test for now.
Change-Id: Ie14adfafd333eab38d2b5f1b4ce8a2aa8795eae0
Reviewed-on: https://review.monogon.dev/c/monogon/+/3613
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
Tested-by: Jenkins CI
diff --git a/metropolis/node/kubernetes/csi.go b/metropolis/node/kubernetes/csi.go
index 5ca6885..eb43ec0 100644
--- a/metropolis/node/kubernetes/csi.go
+++ b/metropolis/node/kubernetes/csi.go
@@ -142,17 +142,17 @@
for flag := range flagSet {
switch flag {
case "exec":
- mountAttr.Attr_clr = unix.MOUNT_ATTR_NOEXEC
+ mountAttr.Attr_clr |= unix.MOUNT_ATTR_NOEXEC
case "noexec":
- mountAttr.Attr_set = unix.MOUNT_ATTR_NOEXEC
+ mountAttr.Attr_set |= unix.MOUNT_ATTR_NOEXEC
case "dev":
- mountAttr.Attr_clr = unix.MOUNT_ATTR_NODEV
+ mountAttr.Attr_clr |= unix.MOUNT_ATTR_NODEV
case "nodev":
- mountAttr.Attr_set = unix.MOUNT_ATTR_NODEV
+ mountAttr.Attr_set |= unix.MOUNT_ATTR_NODEV
case "suid":
- mountAttr.Attr_clr = unix.MOUNT_ATTR_NOSUID
+ mountAttr.Attr_clr |= unix.MOUNT_ATTR_NOSUID
case "nosuid":
- mountAttr.Attr_set = unix.MOUNT_ATTR_NOSUID
+ mountAttr.Attr_set |= unix.MOUNT_ATTR_NOSUID
default:
return nil, status.Errorf(codes.InvalidArgument, "unknown mount flag: %s", flag)
}