Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 73beb693ce8aed1c1caffaec2f01b2b9c65516b3
commit73beb693ce8aed1c1caffaec2f01b2b9c65516b3[log] [tgz]
authorJan Schär <jan@monogon.tech>Wed Nov 27 17:47:09 2024 +0100
committerLorenz Brun <lorenz@monogon.tech>Wed Nov 27 19:34:17 2024 +0000
tree378d3b779febf33b1666438b1dd003053d9fd21c
parentbe70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97 [diff]
m/node/kubernetes: remove local-strict storage class

It turns out that the local-strict storage class did not have an effect
on readonly volumes, or on gVisor. And after updating runc to 1.2.0, it
no longer has an effect anywhere. It appears that setting noexec and
similar flags in the CSI server, using a storage class, is the wrong
approach and just happened to work by accident. Instead, this should
probably be implemented as a Kubernetes feature to set per-mount-point
flags on the VolumeMount.

This commit thus removes the local-strict storage class and the mount
options processing in the provisioner and CSI server. This will allow
updating runc.

Additionally, the StatefulSet end-to-end test is extended to also run
tests with gVisor. gVisor apparently does not support block volumes.

See: https://github.com/monogon-dev/monogon/issues/361
Change-Id: Ic2f50aa3bc9442ca1dbb9e8742d5b8fecbfc3614
Reviewed-on: https://review.monogon.dev/c/monogon/+/3658
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
6 files changed
tree: 378d3b779febf33b1666438b1dd003053d9fd21c
  1. .github/
  2. build/
  3. cloud/
  4. go/
  5. intellij/
  6. metropolis/
  7. osbase/
  8. third_party/
  9. tools/
  10. version/
  11. .bazelignore
  12. .bazelproject
  13. .bazelrc
  14. .bazelrc.ci
  15. .bazelrc.sandboxroot
  16. .bazelversion
  17. .git-ignore-revs
  18. .gitignore
  19. BUILD.bazel
  20. CODING_STANDARDS.md
  21. go.mod
  22. go.sum
  23. LICENSE
  24. MODULE.bazel
  25. MODULE.bazel.lock
  26. README.md
  27. SETUP.md
  28. shell.nix
  29. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Platform.

This is pre-release software - take a look, and check back later! In the meantime, join us on Matrix (#monogon-os-community:matrix.org) or Discord.

Environment

Our build environment is self-contained and requires only minimal host dependencies:

  • A Linux machine or VM.
  • Bazelisk >= v1.15.0 (or a working Nix environment).
  • A reasonably recent kernel with user namespaces enabled.
  • Working KVM with access to /dev/kvm (if you want to run tests).

Our docs assume that Bazelisk is available as bazel on your PATH.

Refer to SETUP.md for detailed instructions.

Monogon OS

The source code lives in //metropolis (Metropolis is the codename of Monogon OS).

See the //metropolis/README.md for a developer quick start guide, or see the Monogon OS Handbook for user documentation.