forked from rancher/local-path-provisioner
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enhance helper Pod interface and configuration.
* Make the helper Pod receive only environment variables instead of args (this changes the interface in a non-backward compatible way but is simpler to use and potentially provides more backward compatibility in the future). * Adds the manager options `--pvc-annotation[-required]` to pass through annotations from the PVC to the PV and to the helper Pod. * Merge the helper Pod's `data` VolumeMount with the one provided with the template to be able to specify `mountPropagation` within the template. * Rename `helperPod.yaml` to `helper-pod.yaml` (more convenient and if we break sth we can break this as well). * Expose `--helper-pod-timeout` option. * Provide a basic usage example of the new features (`examples/cache`). * Support forceful termination of the manager binary (2xCtrl+c - since this is annoying during development otherwise). Closes rancher#164 Closes rancher#165 Signed-off-by: Max Goltzsche <[email protected]>
- Loading branch information
1 parent
d253f2b
commit 0f52fc8
Showing
25 changed files
with
661 additions
and
408 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
./.dapper | ||
./.cache | ||
./dist | ||
/examples |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,3 +5,5 @@ | |
*.swp | ||
.idea | ||
.vscode/ | ||
local-path-provisioner | ||
/examples/cache/testmount |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# Example cache provisioner | ||
|
||
This example uses a [buildah](https://github.com/containers/buildah)-based helper Pod to provision an overlayfs based on a container image as PersistentVolume and commit it when deprovisioning. | ||
Users can select the desired cache using a PersistentVolumeClaim annotation that is passed through to the helper Pod as environment variable. | ||
|
||
While it is not part of this example caches could also be synchronized across nodes using an image registry. | ||
The [cache-provisioner](https://github.com/mgoltzsche/cache-provisioner) project aims to achieve this as well as other cache management features. | ||
|
||
## Test | ||
|
||
### Test the helper Pod separately | ||
|
||
The helper Pod can be tested separately using docker locally: | ||
```sh | ||
./helper-test.sh | ||
``` | ||
|
||
### Test the integration | ||
|
||
_Please note that this test requires `/data/example-cache-storage` on the Kubernetes host to be an overlay mount._ | ||
_For instance this works well when running `minikube start` initially._ | ||
|
||
Install the example kustomization: | ||
```sh | ||
kustomize build . | kubectl apply -f - | ||
``` | ||
|
||
If you want to test changes to the `local-path-provisioner` binary locally: | ||
```sh | ||
kubectl delete -n example-cache-storage deploy local-path-provisioner | ||
( | ||
cd ../.. | ||
go build . | ||
./local-path-provisioner --debug start \ | ||
--namespace=example-cache-storage \ | ||
--configmap-name=local-path-config \ | ||
--service-account-name=local-path-provisioner-service-account \ | ||
--provisioner-name=storage.example.org/cache \ | ||
--pvc-annotation=storage.example.org \ | ||
--pvc-annotation-required=storage.example.org/cache-name | ||
) | ||
``` | ||
|
||
Within another terminal create an example Pod and PVC that pulls and runs a container image using [podman](https://github.com/containers/podman): | ||
```sh | ||
kubectl apply -f test-pod.yaml | ||
kubectl logs -f cached-build | ||
``` | ||
|
||
If the Pod and PVC are removed and recreated you can observe that, during the 2nd Pod execution on the same node, the image for the nested container doesn't need to be pulled again since it is cached: | ||
```sh | ||
kubectl delete -f test-pod.yaml | ||
kubectl apply -f test-pod.yaml | ||
kubectl logs -f cached-build | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"nodePathMap": [ | ||
{ | ||
"node": "DEFAULT_PATH_FOR_NON_LISTED_NODES", | ||
"paths": ["/data/example-cache-storage"] | ||
}, | ||
{ | ||
"node": "minikube", | ||
"paths": ["/data/example-cache-storage"] | ||
}, | ||
{ | ||
"node": "kind-control-plane", | ||
"paths": ["/var/opt/example-cache-storage"] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: helper-pod | ||
spec: | ||
containers: | ||
- name: helper | ||
image: quay.io/buildah/stable:v1.17.0 | ||
imagePullPolicy: IfNotPresent | ||
securityContext: | ||
privileged: true | ||
hostPID: true | ||
volumeMounts: | ||
- name: data | ||
mountPropagation: Bidirectional |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
#!/bin/sh | ||
|
||
set -eu | ||
|
||
MOUNT_NAME="$(basename "$VOL_DIR")" | ||
CACHE_DIR="$(dirname "$VOL_DIR")/.cache" | ||
CACHE_NAME="${PVC_ANNOTATION_CACHE_NAME:-$(echo "$PVC_NAME" | sed -E 's/^(.+)-[^-]+$/\1/')}" | ||
CACHE_IMAGE="cache/$CACHE_NAME" | ||
|
||
# Args: NAME VALUE | ||
validate() { | ||
PATTERN='^[-_a-z0-9]+$' | ||
echo "$2" | grep -Eq "$PATTERN" \ | ||
|| (echo "invalid $1 argument provided: $2 (must match $PATTERN)" >&2; false) | ||
} | ||
|
||
buildah() { | ||
/usr/bin/buildah \ | ||
--root=$CACHE_DIR/containers/storage \ | ||
--storage-driver=overlay \ | ||
"$@" | ||
} | ||
|
||
# Mounts a volume directory based on the latest CACHE_NAME image. | ||
mountCache() { | ||
echo "Creating volume $VOL_DIR from cache '$CACHE_NAME'" >&2 | ||
mkdir -m 0777 "$VOL_DIR" || exit 2 | ||
( | ||
# Create new volume from cache's latest container image | ||
# (The latest cache image could be pulled from a registry here) | ||
(buildah from --pull-never --name "$MOUNT_NAME" "$CACHE_IMAGE" \ | ||
|| ([ $? -eq 125 ] && ( | ||
buildah delete "$MOUNT_NAME" | ||
buildah from --name "$MOUNT_NAME" scratch | ||
))) >/dev/null && | ||
CONTAINERDIR="$(buildah mount "$MOUNT_NAME")" && | ||
mount -o bind,rshared "$CONTAINERDIR" "$VOL_DIR" && | ||
chmod 0777 "$VOL_DIR" | ||
) || ( | ||
umount "$VOL_DIR" 2>/dev/null 1>&2 | ||
buildah umount "$MOUNT_NAME" 2>/dev/null 1>&2 | ||
buildah delete "$MOUNT_NAME" 2>/dev/null 1>&2 | ||
rm -rf "$VOL_DIR" | ||
false | ||
) | ||
echo "$VOL_DIR" | ||
} | ||
|
||
# Unmounts a cache volume directory, commits it and tags it as latest image for the given CACHE_NAME. | ||
umountCache() { | ||
# Commit volume only if dir is mounted (node restart results in unmounted volumes). | ||
if mountpoint -q "$VOL_DIR"; then | ||
echo "Committing volume $VOL_DIR to cache '$CACHE_NAME'" >&2 | ||
IMGID="$(buildah commit -q --timestamp 1 "$MOUNT_NAME")" && | ||
buildah tag "$IMGID" "$CACHE_IMAGE" && | ||
# The latest cache image could be pushed to a registry here | ||
umount "$VOL_DIR" | ||
fi | ||
|
||
# Delete volume / container | ||
echo "Deleting volume $VOL_DIR" >&2 | ||
buildah umount "$MOUNT_NAME" >/dev/null || true | ||
buildah delete "$MOUNT_NAME" >/dev/null || true | ||
rm -rf "$VOL_DIR" || (printf 'error: volume deletion blocked by mount: '; grep $MOUNT_NAME /etc/mtab; false) >&2 | ||
} | ||
|
||
|
||
mkdir -p "$CACHE_DIR/containers/storage" | ||
validate CACHE_NAME "$CACHE_NAME" | ||
validate MOUNT_NAME "$MOUNT_NAME" | ||
|
||
if [ "${1:-}" = teardown ]; then | ||
umountCache | ||
else | ||
mountCache | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#!/bin/sh | ||
|
||
sh /script/setup teardown |
Oops, something went wrong.