Add Kubernetes Worker and infrastructure
Adds Kubernetes Kubelet with patches for syscall-based mounting and
syscall-based (and much faster) metrics. fsquota patches have been
deferred to a further revision (for robust emptyDir capacity isolation).
Changes encoding of the node ID to hex since Base64-URL is not supported
as a character set for K8s names. Also adds `/etc/machine-id` and
`/etc/os-release` since Kubernetes wants them. `os-release` is generated
by stamping, `machine-id` is the hex-encoded node ID derived from the
public key.
Also includes a primitive reconciler which automatically ensures a set of
built-in Kubernetes objects are always present. Currently this includes
a PSP and some basic RBAC policies that are elementary to proper cluster
operations.
Adds an additional gRPC service (NodeDebugService) to cleanly
communicate with external debug and test tooling. It supports reading
from logbuffers for all externally-run components, checking conditions
(for replacing log matching in testing and debugging) and getting
debug credentials for the Kubernetes cluster.
A small utility (dbg) is provided that interfaces with NodeDebugService
and provides access to its functions from the CLI. It also incorporates
a kubectl wrapper which directly grabs credentials from the Debug API
and passes them to kubectl
(e.g. `bazel run //core/cmd/dbg -- kubectl describe node`).
Test Plan:
Manually tested.
Kubernetes:
`bazel run //core/cmd/dbg -- kubectl create -f test.yml`
Checked that pods run, logs are accessible and exec works.
Reading buffers:
`bazel run //core/cmd/dbg -- logs containerd`
Outputs containerd logs in the right order.
Automated testing is in the works, but has been deferred to a future
revision because this one is already too big again.
X-Origin-Diff: phab/D525
GitOrigin-RevId: 0fbfa0c433de405526c7f09ef10c466896331328
diff --git a/third_party/go/patches/k8s-native-metrics.patch b/third_party/go/patches/k8s-native-metrics.patch
new file mode 100644
index 0000000..9568764
--- /dev/null
+++ b/third_party/go/patches/k8s-native-metrics.patch
@@ -0,0 +1,274 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From b16e57cc52a437465bbd12c24fb05fe5790afe1d Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Tue, 17 Mar 2020 21:41:08 +0100
+Subject: [PATCH 2/3] Add a native volume metrics implementation
+
+---
+ pkg/volume/BUILD | 3 +
+ pkg/volume/metrics_native.go | 101 +++++++++++++++++++++++++++++
+ pkg/volume/metrics_native_test.go | 102 ++++++++++++++++++++++++++++++
+ 3 files changed, 206 insertions(+)
+ create mode 100644 pkg/volume/metrics_native.go
+ create mode 100644 pkg/volume/metrics_native_test.go
+
+diff --git a/pkg/volume/BUILD b/pkg/volume/BUILD
+index 720b13406dc..b6e4b7e6d6f 100644
+--- a/pkg/volume/BUILD
++++ b/pkg/volume/BUILD
+@@ -7,6 +7,7 @@ go_library(
+ "metrics_cached.go",
+ "metrics_du.go",
+ "metrics_errors.go",
++ "metrics_native.go",
+ "metrics_nil.go",
+ "metrics_statfs.go",
+ "noop_expandable_plugin.go",
+@@ -35,6 +36,7 @@ go_library(
+ "@io_k8s_client_go//tools/cache:go_default_library",
+ "@io_k8s_client_go//tools/record:go_default_library",
+ "@io_k8s_cloud_provider//:go_default_library",
++ "@org_golang_x_sys//unix:go_default_library",
+ "@io_k8s_klog//:go_default_library",
+ "@io_k8s_utils//exec:go_default_library",
+ "@io_k8s_utils//mount:go_default_library",
+@@ -55,6 +57,7 @@ go_test(
+ name = "go_default_test",
+ srcs = [
+ "metrics_du_test.go",
++ "metrics_native_test.go",
+ "metrics_nil_test.go",
+ "metrics_statfs_test.go",
+ "plugins_test.go",
+diff --git a/pkg/volume/metrics_native.go b/pkg/volume/metrics_native.go
+new file mode 100644
+index 00000000000..3934b946f2e
+--- /dev/null
++++ b/pkg/volume/metrics_native.go
+@@ -0,0 +1,101 @@
++/*
++Copyright 2020 The Kubernetes Authors.
++
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/
++
++package volume
++
++import (
++ "os"
++ "path/filepath"
++
++ "golang.org/x/sys/unix"
++ "k8s.io/apimachinery/pkg/api/resource"
++ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
++)
++
++var _ MetricsProvider = &metricsNative{}
++
++// MetricsNative represents a MetricsProvider that calculates the volume metrics with either a quota
++// or by walking the path using syscalls.
++type metricsNative struct {
++ path string
++}
++
++// NewMetricsNative returns a new metricsNative provider
++func NewMetricsNative(path string) MetricsProvider {
++ return &metricsNative{path}
++}
++
++// GetMetrics returns an empty Metrics and an error.
++// See MetricsProvider.GetMetrics
++func (m *metricsNative) GetMetrics() (*Metrics, error) {
++ var inodesCount int64
++ var bytesCount int64
++
++ var getMetricsRecursive func(path string) error
++ getMetricsRecursive = func(path string) error {
++ var stat unix.Stat_t
++ err := unix.Lstat(path, &stat)
++ if os.IsNotExist(err) {
++ return nil
++ } else if err != nil {
++ return err
++ }
++ // TODO: This double-counts hardlinks
++ bytesCount += stat.Blocks * 512
++ inodesCount++
++ if stat.Mode&unix.S_IFDIR != 0 && stat.Mode&unix.S_IFLNK == 0 {
++ fd, err := os.Open(path)
++ if os.IsNotExist(err) {
++ return nil
++ } else if err != nil {
++ return err
++ }
++ // We manually close fd before recursing, otherwise we have too many FDs open
++
++ entries, err := fd.Readdirnames(0)
++ if err != nil {
++ fd.Close()
++ return err
++ }
++ fd.Close()
++ for _, entry := range entries {
++ if err := getMetricsRecursive(filepath.Join(path, entry)); err != nil {
++ return err
++ }
++ }
++ }
++ return nil
++ }
++
++ if err := getMetricsRecursive(m.path); err != nil {
++ return &Metrics{}, err
++ }
++
++ var statfs unix.Statfs_t
++ if err := unix.Statfs(m.path, &statfs); err != nil {
++ return &Metrics{}, err
++ }
++
++ return &Metrics{
++ Time: metav1.Now(),
++ Used: resource.NewQuantity(bytesCount, resource.BinarySI),
++ InodesUsed: resource.NewQuantity(inodesCount, resource.BinarySI),
++ Available: resource.NewQuantity(int64(statfs.Bavail)*statfs.Bsize, resource.BinarySI),
++ Capacity: resource.NewQuantity(int64(statfs.Blocks)*statfs.Bsize, resource.BinarySI),
++ Inodes: resource.NewQuantity(int64(statfs.Files)*statfs.Bsize, resource.BinarySI),
++ InodesFree: resource.NewQuantity(int64(statfs.Ffree)*statfs.Bsize, resource.BinarySI),
++ }, nil
++}
+diff --git a/pkg/volume/metrics_native_test.go b/pkg/volume/metrics_native_test.go
+new file mode 100644
+index 00000000000..2d5546591ce
+--- /dev/null
++++ b/pkg/volume/metrics_native_test.go
+@@ -0,0 +1,102 @@
++// +build linux
++
++/*
++Copyright 2015 The Kubernetes Authors.
++
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/
++
++package volume_test
++
++import (
++ "io/ioutil"
++ "os"
++ "path/filepath"
++ "testing"
++
++ utiltesting "k8s.io/client-go/util/testing"
++ . "k8s.io/kubernetes/pkg/volume"
++ volumetest "k8s.io/kubernetes/pkg/volume/testing"
++)
++
++// TestMetricsNativeGetCapacity tests that MetricsNative can read disk usage
++// for path
++func TestMetricsNativeGetCapacity(t *testing.T) {
++ tmpDir, err := utiltesting.MkTmpdir("metrics_du_test")
++ if err != nil {
++ t.Fatalf("Can't make a tmp dir: %v", err)
++ }
++ defer os.RemoveAll(tmpDir)
++ metrics := NewMetricsNative(tmpDir)
++
++ expectedEmptyDirUsage, err := volumetest.FindEmptyDirectoryUsageOnTmpfs()
++ if err != nil {
++ t.Errorf("Unexpected error finding expected empty directory usage on tmpfs: %v", err)
++ }
++
++ actual, err := metrics.GetMetrics()
++ if err != nil {
++ t.Errorf("Unexpected error when calling GetMetrics %v", err)
++ }
++ if e, a := expectedEmptyDirUsage.Value(), actual.Used.Value(); e != a {
++ t.Errorf("Unexpected value for empty directory; expected %v, got %v", e, a)
++ }
++
++ // TODO(pwittroc): Figure out a way to test these values for correctness, maybe by formatting and mounting a file
++ // as a filesystem
++ if a := actual.Capacity.Value(); a <= 0 {
++ t.Errorf("Expected Capacity %d to be greater than 0.", a)
++ }
++ if a := actual.Available.Value(); a <= 0 {
++ t.Errorf("Expected Available %d to be greater than 0.", a)
++ }
++
++ // Write a file in a directory and expect Used to increase
++ os.MkdirAll(filepath.Join(tmpDir, "d1"), 0755)
++ ioutil.WriteFile(filepath.Join(tmpDir, "d1", "f1"), []byte("Hello World"), os.ModeTemporary)
++ actual, err = metrics.GetMetrics()
++ if err != nil {
++ t.Errorf("Unexpected error when calling GetMetrics %v", err)
++ }
++ if e, a := (2*expectedEmptyDirUsage.Value() + getExpectedBlockSize(filepath.Join(tmpDir, "d1", "f1"))), actual.Used.Value(); e != a {
++ t.Errorf("Unexpected Used for directory with file. Expected %v, got %d.", e, a)
++ }
++}
++
++// TestMetricsNativeRequireInit tests that if MetricsNative is not initialized with a path, GetMetrics
++// returns an error
++func TestMetricsNativeRequirePath(t *testing.T) {
++ metrics := NewMetricsNative("")
++ actual, err := metrics.GetMetrics()
++ expected := &Metrics{}
++ if !volumetest.MetricsEqualIgnoreTimestamp(actual, expected) {
++ t.Errorf("Expected empty Metrics from uninitialized MetricsNative, actual %v", *actual)
++ }
++ if err == nil {
++ t.Errorf("Expected error when calling GetMetrics on uninitialized MetricsNative, actual nil")
++ }
++}
++
++// TestMetricsNativeRealDirectory tests that if MetricsNative is initialized to a non-existent path, GetMetrics
++// returns an error
++func TestMetricsNativeRequireRealDirectory(t *testing.T) {
++ metrics := NewMetricsNative("/not/a/real/directory")
++ actual, err := metrics.GetMetrics()
++ expected := &Metrics{}
++ if !volumetest.MetricsEqualIgnoreTimestamp(actual, expected) {
++ t.Errorf("Expected empty Metrics from incorrectly initialized MetricsNative, actual %v", *actual)
++ }
++ if err == nil {
++ t.Errorf("Expected error when calling GetMetrics on incorrectly initialized MetricsNative, actual nil")
++ }
++}
+--
+2.25.1
+
diff --git a/third_party/go/patches/k8s-native-mounter.patch b/third_party/go/patches/k8s-native-mounter.patch
new file mode 100644
index 0000000..5e95bfd
--- /dev/null
+++ b/third_party/go/patches/k8s-native-mounter.patch
@@ -0,0 +1,249 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From 8335005ed1983ca5ac036af15dd04b8717898c35 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Mon, 16 Mar 2020 22:13:08 +0100
+Subject: [PATCH 1/3] Provide native mounter implementation for Linux
+
+---
+ BUILD.bazel | 2 +
+ mount/mount_linux.go | 141 ++++++++++++++++++++++-
+ 2 files changed, 139 insertions(+), 4 deletions(-)
+
+diff --git a/mount/BUILD b/mount/BUILD.bazel
+index bef3ec2cf55..6f997103dac 100644
+--- a/mount/BUILD.bazel
++++ b/mount/BUILD.bazel
+@@ -21,6 +21,7 @@ go_library(
+ "//exec:go_default_library",
+ ] + select({
+ "@io_bazel_rules_go//go/platform:android": [
++ "@org_golang_x_sys//unix:go_default_library",
+ "//io:go_default_library",
+ ],
+ "@io_bazel_rules_go//go/platform:darwin": [
+@@ -36,6 +37,7 @@ go_library(
+ "//io:go_default_library",
+ ],
+ "@io_bazel_rules_go//go/platform:linux": [
++ "@org_golang_x_sys//unix:go_default_library",
+ "//io:go_default_library",
+ ],
+ "@io_bazel_rules_go//go/platform:nacl": [
+diff --git a/mount/mount_linux.go b/mount/mount_linux.go
+index 41f69efe3f0..01182684653 100644
+--- a/mount/mount_linux.go
++++ b/mount/mount_linux.go
+@@ -20,6 +20,7 @@ package mount
+
+ import (
+ "fmt"
++ "io/ioutil"
+ "os"
+ "os/exec"
+ "path/filepath"
+@@ -27,6 +28,7 @@ import (
+ "strings"
+ "syscall"
+
++ "golang.org/x/sys/unix"
+ "k8s.io/klog"
+ utilexec "k8s.io/utils/exec"
+ utilio "k8s.io/utils/io"
+@@ -49,8 +51,10 @@ const (
+ // for the linux platform. This implementation assumes that the
+ // kubelet is running in the host's root mount namespace.
+ type Mounter struct {
+- mounterPath string
+- withSystemd bool
++ mounterPath string
++ withSystemd bool
++ withLinuxUtils bool
++ nativeSupportedFstypes map[string]struct{}
+ }
+
+ // New returns a mount.Interface for the current system.
+@@ -58,8 +62,10 @@ type Mounter struct {
+ // mounterPath allows using an alternative to `/bin/mount` for mounting.
+ func New(mounterPath string) Interface {
+ return &Mounter{
+- mounterPath: mounterPath,
+- withSystemd: detectSystemd(),
++ mounterPath: mounterPath,
++ withSystemd: detectSystemd(),
++ withLinuxUtils: detectLinuxUtils(),
++ nativeSupportedFstypes: detectNativeSupportedFstypes(),
+ }
+ }
+
+@@ -78,6 +84,29 @@ func (mounter *Mounter) Mount(source string, target string, fstype string, optio
+ // method should be used by callers that pass sensitive material (like
+ // passwords) as mount options.
+ func (mounter *Mounter) MountSensitive(source string, target string, fstype string, options []string, sensitiveOptions []string) error {
++ if !mounter.withLinuxUtils {
++ flags, pflags, fsoptions := parseMountOptions(options)
++ if len(pflags) > 0 {
++ return fmt.Errorf("the native mounter is active and does not support mount propagation at the moment")
++ }
++
++ if !mounter.nativeSupportsFstype(fstype) && flags&unix.MS_BIND == 0 {
++ return fmt.Errorf("the native mounter is active and cannot mount filesystems of type \"%v\"", fstype)
++ }
++
++ if flags&unix.MS_BIND != 0 && flags & ^uintptr(unix.MS_BIND) != 0 {
++ if err := unix.Mount(source, target, "", unix.MS_BIND, ""); err != nil {
++ return fmt.Errorf("bind pre-mount failed: %w", err)
++ }
++ flags |= unix.MS_REMOUNT
++ }
++
++ if err := unix.Mount(source, target, fstype, flags, fsoptions); err != nil {
++ return fmt.Errorf("failed to mount filesystem: %w", err)
++ }
++ return nil
++ }
++
+ // Path to mounter binary if containerized mounter is needed. Otherwise, it is set to empty.
+ // All Linux distros are expected to be shipped with a mount utility that a support bind mounts.
+ mounterPath := ""
+@@ -102,6 +131,80 @@ func (mounter *Mounter) MountSensitive(source string, target string, fstype stri
+ return mounter.doMount(mounterPath, defaultMountCommand, source, target, fstype, options, sensitiveOptions)
+ }
+
++// nativeSupportsFstype checks if the native mounter can mount the given fstype
++func (mounter *Mounter) nativeSupportsFstype(fstype string) bool {
++ _, ok := mounter.nativeSupportedFstypes[fstype]
++ return ok
++}
++
++// parseMountOptions parses the string and returns the flags, propagation
++// flags and any mount data that it contains.
++// Taken from libcontainer/specconv/spec_linux.go (Apache 2.0) and modified
++func parseMountOptions(options []string) (uintptr, []uintptr, string) {
++ var (
++ flag uintptr
++ pgflag []uintptr
++ data []string
++ )
++ flags := map[string]struct {
++ clear bool
++ flag uintptr
++ }{
++ "async": {true, syscall.MS_SYNCHRONOUS},
++ "atime": {true, syscall.MS_NOATIME},
++ "bind": {false, syscall.MS_BIND},
++ "defaults": {false, 0},
++ "dev": {true, syscall.MS_NODEV},
++ "diratime": {true, syscall.MS_NODIRATIME},
++ "dirsync": {false, syscall.MS_DIRSYNC},
++ "exec": {true, syscall.MS_NOEXEC},
++ "mand": {false, syscall.MS_MANDLOCK},
++ "noatime": {false, syscall.MS_NOATIME},
++ "nodev": {false, syscall.MS_NODEV},
++ "nodiratime": {false, syscall.MS_NODIRATIME},
++ "noexec": {false, syscall.MS_NOEXEC},
++ "nomand": {true, syscall.MS_MANDLOCK},
++ "norelatime": {true, syscall.MS_RELATIME},
++ "nostrictatime": {true, syscall.MS_STRICTATIME},
++ "nosuid": {false, syscall.MS_NOSUID},
++ "rbind": {false, syscall.MS_BIND | syscall.MS_REC},
++ "relatime": {false, syscall.MS_RELATIME},
++ "remount": {false, syscall.MS_REMOUNT},
++ "ro": {false, syscall.MS_RDONLY},
++ "rw": {true, syscall.MS_RDONLY},
++ "strictatime": {false, syscall.MS_STRICTATIME},
++ "suid": {true, syscall.MS_NOSUID},
++ "sync": {false, syscall.MS_SYNCHRONOUS},
++ }
++ propagationFlags := map[string]uintptr{
++ "private": syscall.MS_PRIVATE,
++ "shared": syscall.MS_SHARED,
++ "slave": syscall.MS_SLAVE,
++ "unbindable": syscall.MS_UNBINDABLE,
++ "rprivate": syscall.MS_PRIVATE | syscall.MS_REC,
++ "rshared": syscall.MS_SHARED | syscall.MS_REC,
++ "rslave": syscall.MS_SLAVE | syscall.MS_REC,
++ "runbindable": syscall.MS_UNBINDABLE | syscall.MS_REC,
++ }
++ for _, o := range options {
++ // If the option does not exist in the flags table or the flag
++ // is not supported on the platform,
++ // then it is a data value for a specific fs type
++ if f, exists := flags[o]; exists && f.flag != 0 {
++ if f.clear {
++ flag &= ^f.flag
++ } else {
++ flag |= f.flag
++ }
++ } else if f, exists := propagationFlags[o]; exists && f != 0 {
++ pgflag = append(pgflag, f)
++ } else {
++ data = append(data, o)
++ }
++ }
++ return flag, pgflag, strings.Join(data, ",")
++}
++
+ // doMount runs the mount command. mounterPath is the path to mounter binary if containerized mounter is used.
+ // sensitiveOptions is an extention of options except they will not be logged (because they may contain sensitive material)
+ func (mounter *Mounter) doMount(mounterPath string, mountCmd string, source string, target string, fstype string, options []string, sensitiveOptions []string) error {
+@@ -179,6 +282,30 @@ func detectSystemd() bool {
+ return true
+ }
+
++// detectLinuxUtils detects if the host operating system has the mount and unmount commands present
++func detectLinuxUtils() bool {
++ _, err := exec.LookPath("mount")
++ return err == nil
++}
++
++func detectNativeSupportedFstypes() map[string]struct{} {
++ nativeSupportedFstypes := make(map[string]struct{})
++ filesystemsRaw, err := ioutil.ReadFile("/proc/filesystems")
++ if err != nil {
++ return nativeSupportedFstypes
++ }
++ filesystemLines := strings.Split(string(filesystemsRaw), "\n")
++ for _, line := range filesystemLines {
++ fields := strings.Fields(line)
++ if len(fields) != 2 {
++ continue
++ }
++ filesystem := fields[1]
++ nativeSupportedFstypes[filesystem] = struct{}{}
++ }
++ return nativeSupportedFstypes
++}
++
+ // MakeMountArgs makes the arguments to the mount(8) command.
+ // options MUST not contain sensitive material (like passwords).
+ func MakeMountArgs(source, target, fstype string, options []string) (mountArgs []string) {
+@@ -236,6 +363,12 @@ func AddSystemdScopeSensitive(systemdRunPath, mountName, command string, args []
+ // Unmount unmounts the target.
+ func (mounter *Mounter) Unmount(target string) error {
+ klog.V(4).Infof("Unmounting %s", target)
++ if !mounter.withLinuxUtils {
++ if err := unix.Unmount(target, unix.UMOUNT_NOFOLLOW); err != nil {
++ return fmt.Errorf("unmount failed: %v", err)
++ }
++ return nil
++ }
+ command := exec.Command("umount", target)
+ output, err := command.CombinedOutput()
+ if err != nil {
+--
+2.25.1
+
diff --git a/third_party/go/patches/k8s-use-native.patch b/third_party/go/patches/k8s-use-native.patch
new file mode 100644
index 0000000..61001da
--- /dev/null
+++ b/third_party/go/patches/k8s-use-native.patch
@@ -0,0 +1,153 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From ee4a7df588550ee5cbc3b8419e1ce185a8abb302 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Tue, 17 Mar 2020 22:07:24 +0100
+Subject: [PATCH 3/3] Use StatFS and Native volume metrics instead of du
+
+---
+ pkg/kubelet/stats/log_metrics_provider.go | 2 +-
+ pkg/volume/configmap/configmap.go | 4 ++--
+ pkg/volume/downwardapi/downwardapi.go | 4 ++--
+ pkg/volume/emptydir/empty_dir.go | 4 ++--
+ pkg/volume/projected/projected.go | 4 ++--
+ pkg/volume/secret/secret.go | 4 ++--
+ 6 files changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/pkg/kubelet/stats/log_metrics_provider.go b/pkg/kubelet/stats/log_metrics_provider.go
+index 4a53eef74a3..ff87fec5ec3 100644
+--- a/pkg/kubelet/stats/log_metrics_provider.go
++++ b/pkg/kubelet/stats/log_metrics_provider.go
+@@ -33,5 +33,5 @@ func NewLogMetricsService() LogMetricsService {
+ }
+
+ func (l logMetrics) createLogMetricsProvider(path string) volume.MetricsProvider {
+- return volume.NewMetricsDu(path)
++ return volume.NewMetricsNative(path)
+ }
+diff --git a/pkg/volume/configmap/configmap.go b/pkg/volume/configmap/configmap.go
+index 0e74dd0a1d8..430d739aab7 100644
+--- a/pkg/volume/configmap/configmap.go
++++ b/pkg/volume/configmap/configmap.go
+@@ -97,7 +97,7 @@ func (plugin *configMapPlugin) NewMounter(spec *volume.Spec, pod *v1.Pod, opts v
+ pod.UID,
+ plugin,
+ plugin.host.GetMounter(plugin.GetPluginName()),
+- volume.NewCachedMetrics(volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host))),
++ volume.NewCachedMetrics(volume.NewMetricsNative(getPath(pod.UID, spec.Name(), plugin.host))),
+ },
+ source: *spec.Volume.ConfigMap,
+ pod: *pod,
+@@ -113,7 +113,7 @@ func (plugin *configMapPlugin) NewUnmounter(volName string, podUID types.UID) (v
+ podUID,
+ plugin,
+ plugin.host.GetMounter(plugin.GetPluginName()),
+- volume.NewCachedMetrics(volume.NewMetricsDu(getPath(podUID, volName, plugin.host))),
++ volume.NewCachedMetrics(volume.NewMetricsNative(getPath(podUID, volName, plugin.host))),
+ },
+ }, nil
+ }
+diff --git a/pkg/volume/downwardapi/downwardapi.go b/pkg/volume/downwardapi/downwardapi.go
+index a1779c0dac9..f0a0f99b318 100644
+--- a/pkg/volume/downwardapi/downwardapi.go
++++ b/pkg/volume/downwardapi/downwardapi.go
+@@ -99,7 +99,7 @@ func (plugin *downwardAPIPlugin) NewMounter(spec *volume.Spec, pod *v1.Pod, opts
+ pod: pod,
+ podUID: pod.UID,
+ plugin: plugin,
+- MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host))),
++ MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsStatFS(getPath(pod.UID, spec.Name(), plugin.host))),
+ }
+ return &downwardAPIVolumeMounter{
+ downwardAPIVolume: v,
+@@ -114,7 +114,7 @@ func (plugin *downwardAPIPlugin) NewUnmounter(volName string, podUID types.UID)
+ volName: volName,
+ podUID: podUID,
+ plugin: plugin,
+- MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsDu(getPath(podUID, volName, plugin.host))),
++ MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsStatFS(getPath(podUID, volName, plugin.host))),
+ },
+ }, nil
+ }
+diff --git a/pkg/volume/emptydir/empty_dir.go b/pkg/volume/emptydir/empty_dir.go
+index 0a25d2b684c..5dc83b90c5b 100644
+--- a/pkg/volume/emptydir/empty_dir.go
++++ b/pkg/volume/emptydir/empty_dir.go
+@@ -121,7 +121,7 @@ func (plugin *emptyDirPlugin) newMounterInternal(spec *volume.Spec, pod *v1.Pod,
+ mounter: mounter,
+ mountDetector: mountDetector,
+ plugin: plugin,
+- MetricsProvider: volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host)),
++ MetricsProvider: volume.NewMetricsNative(getPath(pod.UID, spec.Name(), plugin.host)),
+ }, nil
+ }
+
+@@ -138,7 +138,7 @@ func (plugin *emptyDirPlugin) newUnmounterInternal(volName string, podUID types.
+ mounter: mounter,
+ mountDetector: mountDetector,
+ plugin: plugin,
+- MetricsProvider: volume.NewMetricsDu(getPath(podUID, volName, plugin.host)),
++ MetricsProvider: volume.NewMetricsNative(getPath(podUID, volName, plugin.host)),
+ }
+ return ed, nil
+ }
+diff --git a/pkg/volume/projected/projected.go b/pkg/volume/projected/projected.go
+index 0f65a97610c..890f9c1c7bc 100644
+--- a/pkg/volume/projected/projected.go
++++ b/pkg/volume/projected/projected.go
+@@ -114,7 +114,7 @@ func (plugin *projectedPlugin) NewMounter(spec *volume.Spec, pod *v1.Pod, opts v
+ sources: spec.Volume.Projected.Sources,
+ podUID: pod.UID,
+ plugin: plugin,
+- MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host))),
++ MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsStatFS(getPath(pod.UID, spec.Name(), plugin.host))),
+ },
+ source: *spec.Volume.Projected,
+ pod: pod,
+@@ -128,7 +128,7 @@ func (plugin *projectedPlugin) NewUnmounter(volName string, podUID types.UID) (v
+ volName: volName,
+ podUID: podUID,
+ plugin: plugin,
+- MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsDu(getPath(podUID, volName, plugin.host))),
++ MetricsProvider: volume.NewCachedMetrics(volume.NewMetricsStatFS(getPath(podUID, volName, plugin.host))),
+ },
+ }, nil
+ }
+diff --git a/pkg/volume/secret/secret.go b/pkg/volume/secret/secret.go
+index a195c59ddd8..4c290cb8f24 100644
+--- a/pkg/volume/secret/secret.go
++++ b/pkg/volume/secret/secret.go
+@@ -100,7 +100,7 @@ func (plugin *secretPlugin) NewMounter(spec *volume.Spec, pod *v1.Pod, opts volu
+ pod.UID,
+ plugin,
+ plugin.host.GetMounter(plugin.GetPluginName()),
+- volume.NewCachedMetrics(volume.NewMetricsDu(getPath(pod.UID, spec.Name(), plugin.host))),
++ volume.NewCachedMetrics(volume.NewMetricsStatFS(getPath(pod.UID, spec.Name(), plugin.host))),
+ },
+ source: *spec.Volume.Secret,
+ pod: *pod,
+@@ -116,7 +116,7 @@ func (plugin *secretPlugin) NewUnmounter(volName string, podUID types.UID) (volu
+ podUID,
+ plugin,
+ plugin.host.GetMounter(plugin.GetPluginName()),
+- volume.NewCachedMetrics(volume.NewMetricsDu(getPath(podUID, volName, plugin.host))),
++ volume.NewCachedMetrics(volume.NewMetricsStatFS(getPath(podUID, volName, plugin.host))),
+ },
+ }, nil
+ }
+--
+2.25.1
+
diff --git a/third_party/go/repositories.bzl b/third_party/go/repositories.bzl
index 00e92e2..c129802 100644
--- a/third_party/go/repositories.bzl
+++ b/third_party/go/repositories.bzl
@@ -828,6 +828,12 @@
sum = "h1:742eGXur0715JMq73aD95/FU0XpVKXqNuTnEfXsLOYQ=",
)
go_repository(
+ name = "com_github_joho_godotenv",
+ importpath = "github.com/joho/godotenv",
+ version = "v1.3.0",
+ sum = "h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=",
+ )
+ go_repository(
name = "com_github_jonboulle_clockwork",
importpath = "github.com/jonboulle/clockwork",
version = "v0.1.0",
@@ -1667,6 +1673,8 @@
patches = [
"//third_party/go/patches:k8s-kubernetes.patch",
"//third_party/go/patches:k8s-kubernetes-build.patch",
+ "//third_party/go/patches:k8s-native-metrics.patch",
+ "//third_party/go/patches:k8s-use-native.patch",
],
patch_args = ["-p1"],
)
@@ -1700,6 +1708,10 @@
importpath = "k8s.io/utils",
version = "v0.0.0-20200324210504-a9aa75ae1b89",
sum = "h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU=",
+ patches = [
+ "//third_party/go/patches:k8s-native-mounter.patch",
+ ],
+ patch_args = ["-p1"],
)
go_repository(
name = "io_k8s_sigs_apiserver_network_proxy_konnectivity_client",
diff --git a/third_party/go/shelf.pb.text b/third_party/go/shelf.pb.text
index 2fb4394..1673d67 100644
--- a/third_party/go/shelf.pb.text
+++ b/third_party/go/shelf.pb.text
@@ -972,6 +972,13 @@
semver: "v0.0.0-20160618110441-2cf9dc699c56"
>
entry: <
+ import_path: "github.com/joho/godotenv"
+ version: "v1.3.0"
+ bazel_name: "com_github_joho_godotenv"
+ sum: "h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc="
+ semver: "v1.3.0"
+>
+entry: <
import_path: "github.com/jonboulle/clockwork"
version: "v0.1.0"
bazel_name: "com_github_jonboulle_clockwork"