Don't attempt to make and chmod subPath if it already exists #45623
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
the
cncf-cla: yes
k8s-github-robot
added
size/S
|
This change is |
|
Hi @wongma7. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
needs-ok-to-test
|
@k8s-bot ok to test |
k8s-ci-robot
removed
the
needs-ok-to-test
k8s-github-robot
added
release-note
|
@kubernetes/sig-node-pr-reviews pretty severe bug preventing pods from starting, please review :) |
|
/sig sig/node zzz |
saad-ali
added
sig/node
saad-ali
added
the
priority/critical-urgent
|
safe guard lgtm |
|
This LGTM, i'll ask someone from node to approve. |
k8s-ci-robot
added
the
lgtm
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: derekwaynecarr, wongma7
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
Automatic merge from submit-queue |
|
Commit found in the "release-1.6" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
enisoc
added
release-note-none
redbaron
added a commit
to redbaron/kubernetes
that referenced
this pull request
Jul 7, 2017
Volume mounting logic introduced in kubernetes#43775 and kubernetes#45623 checks for subPath existence before attempting to create a directory, should subPath not be present. This breaks if subPath is a dangling symlink, os.Stat returns "do not exist" status, yet `os.MkdirAll` can't create directory as symlink is present at the given path. This patch makes existence check to use os.Lstat which works for normal files/directories as well as doesn't not attempt to follow symlink, therefore it's "do not exist" status is more reliable when making a decision whether to create directory or not. subPath symlinks can be dangling in situations where kubelet is running in a container itself with access to docker socket, such as CoreOS's kubelet-wrapper script
k8s-github-robot
pushed a commit
that referenced
this pull request
Jul 13, 2017
Automatic merge from submit-queue Fix subPath existence check to not follow symlink **What this PR does / why we need it**: Volume mounting logic introduced in #43775 and #45623 checks for subPath existence before attempting to create a directory, should subPath not be present. This breaks if subPath is a dangling symlink, os.Stat returns "do not exist" status, yet `os.MkdirAll` can't create directory as symlink is present at the given path. This patch makes existence check to use os.Lstat which works for normal files/directories as well as doesn't not attempt to follow symlink, therefore it's "do not exist" status is more reliable when making a decision whether to create directory or not. subPath symlinks can be dangling in situations where kubelet is running in a container itself with access to docker socket, such as CoreOS's kubelet-wrapper script **Release note**: ```release-note Fix pods failing to start when subPath is a dangling symlink from kubelet point of view, which can happen if it is running inside a container ```
wojtek-t
pushed a commit
to wojtek-t/kubernetes
that referenced
this pull request
Jul 18, 2017
Volume mounting logic introduced in kubernetes#43775 and kubernetes#45623 checks for subPath existence before attempting to create a directory, should subPath not be present. This breaks if subPath is a dangling symlink, os.Stat returns "do not exist" status, yet `os.MkdirAll` can't create directory as symlink is present at the given path. This patch makes existence check to use os.Lstat which works for normal files/directories as well as doesn't not attempt to follow symlink, therefore it's "do not exist" status is more reliable when making a decision whether to create directory or not. subPath symlinks can be dangling in situations where kubelet is running in a container itself with access to docker socket, such as CoreOS's kubelet-wrapper script
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fixes #45613
#43775 fixed one bug and introduced another... I overlooked that subPaths can be files, in which case MkDirAll will simply fail and the pod will not able to start.
Regardless of whether it is a directory or a file, there is no need to introduce the MkdirAll->Chmod procedure if it exists, because if it exists, it should already have the correct permissions.
This needs to be cherry-picked into 1.6.