)]}' { "commit": "73beb693ce8aed1c1caffaec2f01b2b9c65516b3", "tree": "378d3b779febf33b1666438b1dd003053d9fd21c", "parents": [ "be70c9247b7c8f7ab0eef4b0c7b1faaf934b8f97" ], "author": { "name": "Jan Schär", "email": "jan@monogon.tech", "time": "Wed Nov 27 17:47:09 2024 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Wed Nov 27 19:34:17 2024 +0000" }, "message": "m/node/kubernetes: remove local-strict storage class\n\nIt turns out that the local-strict storage class did not have an effect\non readonly volumes, or on gVisor. And after updating runc to 1.2.0, it\nno longer has an effect anywhere. It appears that setting noexec and\nsimilar flags in the CSI server, using a storage class, is the wrong\napproach and just happened to work by accident. Instead, this should\nprobably be implemented as a Kubernetes feature to set per-mount-point\nflags on the VolumeMount.\n\nThis commit thus removes the local-strict storage class and the mount\noptions processing in the provisioner and CSI server. This will allow\nupdating runc.\n\nAdditionally, the StatefulSet end-to-end test is extended to also run\ntests with gVisor. gVisor apparently does not support block volumes.\n\nSee: https://github.com/monogon-dev/monogon/issues/361\nChange-Id: Ic2f50aa3bc9442ca1dbb9e8742d5b8fecbfc3614\nReviewed-on: https://review.monogon.dev/c/monogon/+/3658\nTested-by: Jenkins CI\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "40d54d025bccf6db8a6835f56438956da483d400", "old_mode": 33188, "old_path": "metropolis/node/kubernetes/csi.go", "new_id": "f7ff00a301c9a8dbf0afd8d90c458234c7874ce1", "new_mode": 33188, "new_path": "metropolis/node/kubernetes/csi.go" }, { "type": "modify", "old_id": "0c5f9720104143d3607a52f521828e53e9796a8e", "old_mode": 33188, "old_path": "metropolis/node/kubernetes/provisioner.go", "new_id": "aacb94902051617baeb9694f83cb2c4b688ca4c7", "new_mode": 33188, "new_path": "metropolis/node/kubernetes/provisioner.go" }, { "type": "modify", "old_id": "36dee1c832d6b54d4512627ada4db1916dbd390a", "old_mode": 33188, "old_path": "metropolis/node/kubernetes/reconciler/resources_storageclass.go", "new_id": "9be81fbc50d0867798aceb2e5d7b9ea96b875e40", "new_mode": 33188, "new_path": "metropolis/node/kubernetes/reconciler/resources_storageclass.go" }, { "type": "modify", "old_id": "577c34329b91d25ee6d2de6207005b7add9aa71b", "old_mode": 33188, "old_path": "metropolis/test/e2e/persistentvolume/main.go", "new_id": "d9ff958b267bead4e0da0c61fa53e94ded6147fd", "new_mode": 33188, "new_path": "metropolis/test/e2e/persistentvolume/main.go" }, { "type": "modify", "old_id": "25a785d61c3321e52d44b285c683ab98d3f20c94", "old_mode": 33188, "old_path": "metropolis/test/e2e/suites/kubernetes/kubernetes_helpers.go", "new_id": "9c6711748614d477b09c2dd5ca7cace1c9f336a2", "new_mode": 33188, "new_path": "metropolis/test/e2e/suites/kubernetes/kubernetes_helpers.go" }, { "type": "modify", "old_id": "5a4be60e855d239a1d9a029e73379c96dc15914e", "old_mode": 33188, "old_path": "metropolis/test/e2e/suites/kubernetes/run_test.go", "new_id": "baaa2355b17c13e710660dde5cc8cba3adc29063", "new_mode": 33188, "new_path": "metropolis/test/e2e/suites/kubernetes/run_test.go" } ] }