kubernetes-csi/csi-driver-nfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
csi-driver-nfs/pkg/nfs/nfs.go
Mike Fedosin 070c69ef20 Allow to set custom permissions for the mounted folder 
For RWX volume, kubelet does not perform recursive ownership/permission
change. The heuristics that kubelet uses is being modified via -
https://github.com/kubernetes/enhancements/issues/1682

Having said that, for RWX volumes which are made available via NFS
protocol, using fsGroup is not recommended because if there are 2 pods
that are trying to use same volume but with different fsGroup then one
pod may lock out the other pod.

To avoid this, we must be able to set the folder permissions to 777.
This commit adds a cli option --mount-permissions, that allows to
define custom permissions. If the value is not specified, then default
permissions will be kept.

Cherry-picked from: https://github.com/kubernetes-csi/csi-driver-nfs/pull/36
2020-06-18 18:25:10 +02:00

118 lines
3.1 KiB
Go
Raw Blame History

/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package nfs
import (
"github.com/container-storage-interface/spec/lib/go/csi"
"github.com/golang/glog"
"k8s.io/utils/mount"
)
type nfsDriver struct {
name string
nodeID string
version string
endpoint string
perm *uint32
//ids *identityServer
ns *nodeServer
cap map[csi.VolumeCapability_AccessMode_Mode]bool
cscap []*csi.ControllerServiceCapability
}
const (
driverName = "nfs.csi.k8s.io"
)
var (
version = "2.0.0"
)
func NewNFSdriver(nodeID, endpoint string, perm *uint32) *nfsDriver {
glog.Infof("Driver: %v version: %v", driverName, version)
n := &nfsDriver{
name: driverName,
version: version,
nodeID: nodeID,
endpoint: endpoint,
cap: map[csi.VolumeCapability_AccessMode_Mode]bool{},
perm: perm,
}
vcam := []csi.VolumeCapability_AccessMode_Mode{
csi.VolumeCapability_AccessMode_SINGLE_NODE_WRITER,
csi.VolumeCapability_AccessMode_SINGLE_NODE_READER_ONLY,
csi.VolumeCapability_AccessMode_MULTI_NODE_READER_ONLY,
csi.VolumeCapability_AccessMode_MULTI_NODE_SINGLE_WRITER,
csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER,
}
n.AddVolumeCapabilityAccessModes(vcam)
// NFS plugin does not support ControllerServiceCapability now.
// If support is added, it should set to appropriate
// ControllerServiceCapability RPC types.
n.AddControllerServiceCapabilities([]csi.ControllerServiceCapability_RPC_Type{csi.ControllerServiceCapability_RPC_UNKNOWN})
return n
}
func NewNodeServer(n *nfsDriver, mounter mount.Interface) *nodeServer {
return &nodeServer{
Driver: n,
mounter: mounter,
}
}
func (n *nfsDriver) Run() {
n.ns = NewNodeServer(n, mount.New(""))
s := NewNonBlockingGRPCServer()
s.Start(n.endpoint,
NewDefaultIdentityServer(n),
// NFS plugin has not implemented ControllerServer
// using default controllerserver.
NewControllerServer(n),
n.ns)
s.Wait()
}
func (n *nfsDriver) AddVolumeCapabilityAccessModes(vc []csi.VolumeCapability_AccessMode_Mode) []*csi.VolumeCapability_AccessMode {
var vca []*csi.VolumeCapability_AccessMode
for _, c := range vc {
glog.Infof("Enabling volume access mode: %v", c.String())
vca = append(vca, &csi.VolumeCapability_AccessMode{Mode: c})
n.cap[c] = true
}
return vca
}
func (n *nfsDriver) AddControllerServiceCapabilities(cl []csi.ControllerServiceCapability_RPC_Type) {
var csc []*csi.ControllerServiceCapability
for _, c := range cl {
glog.Infof("Enabling controller service capability: %v", c.String())
csc = append(csc, NewControllerServiceCapability(c))
}
n.cscap = csc
return
}
Reference in New Issue View Git Blame Copy Permalink