-
Notifications
You must be signed in to change notification settings - Fork 569
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add upstream patch to kubevirt to force hp-volume- pod to respect blo…
…ckdevices (IcM 467224770) (#7781) Co-authored-by: Sharath Srikanth Chellappa <[email protected]>
- Loading branch information
1 parent
fd5e30e
commit 1add496
Showing
2 changed files
with
95 additions
and
0 deletions.
There are no files selected for viewing
91 changes: 91 additions & 0 deletions
91
SPECS/kubevirt/Hp-volume-pod-should-respect-blockdevices.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,91 @@ | ||
| From af25759a3205ac3cdf42254923e3e20cf336a4a0 Mon Sep 17 00:00:00 2001 | ||
| From: Vicente Cheng <[email protected]> | ||
| Date: Fri, 17 Feb 2023 17:23:06 +0800 | ||
| Subject: [PATCH] virt-controller: render hp-volume- pod should respect | ||
| blockdevices | ||
|
|
||
| We found that the VolumeDevices does not generate as the first | ||
| time we render on hp-volume- pod. That would cause the global path | ||
| not to be generated by kubelet again when the hp-volume- is | ||
| dead, then render again. | ||
|
|
||
| We should respect the VolumeDevics on the Spec. That would make | ||
| kubelet behavior is the same as the first time when the hp-volume- | ||
| pod is killed. | ||
|
|
||
| Signed-off-by: Vicente Cheng <[email protected]> | ||
| --- | ||
| pkg/virt-controller/services/template.go | 41 +++++++++++------------- | ||
| 1 file changed, 19 insertions(+), 22 deletions(-) | ||
|
|
||
| diff --git a/pkg/virt-controller/services/template.go b/pkg/virt-controller/services/template.go | ||
| index 4fe5fdcd0374..d4f1fbae7840 100644 | ||
| --- a/pkg/virt-controller/services/template.go | ||
| +++ b/pkg/virt-controller/services/template.go | ||
| @@ -25,19 +25,14 @@ import ( | ||
| "strconv" | ||
| "strings" | ||
|
|
||
| - "kubevirt.io/kubevirt/pkg/virt-controller/watch/topology" | ||
| - | ||
| - "k8s.io/kubectl/pkg/cmd/util/podcmd" | ||
| - "k8s.io/utils/pointer" | ||
| - | ||
| + networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" | ||
| k8sv1 "k8s.io/api/core/v1" | ||
| "k8s.io/apimachinery/pkg/api/resource" | ||
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
| "k8s.io/apimachinery/pkg/runtime/schema" | ||
| "k8s.io/client-go/tools/cache" | ||
| - | ||
| - networkv1 "github.com/k8snetworkplumbingwg/network-attachment-definition-client/pkg/apis/k8s.cni.cncf.io/v1" | ||
| - | ||
| + "k8s.io/kubectl/pkg/cmd/util/podcmd" | ||
| + "k8s.io/utils/pointer" | ||
| v1 "kubevirt.io/api/core/v1" | ||
| exportv1 "kubevirt.io/api/export/v1alpha1" | ||
| "kubevirt.io/client-go/kubecli" | ||
| @@ -52,6 +47,7 @@ import ( | ||
| "kubevirt.io/kubevirt/pkg/util" | ||
| "kubevirt.io/kubevirt/pkg/util/net/dns" | ||
| virtconfig "kubevirt.io/kubevirt/pkg/virt-config" | ||
| + "kubevirt.io/kubevirt/pkg/virt-controller/watch/topology" | ||
| "kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/api" | ||
| ) | ||
|
|
||
| @@ -845,20 +841,21 @@ func (t *templateService) RenderHotplugAttachmentPodTemplate(volumes []*v1.Volum | ||
| }, | ||
| }, | ||
| }) | ||
| - if !skipMount { | ||
| - pvc := claimMap[volume.Name] | ||
| - if pvc != nil { | ||
| - if types.IsPVCBlock(pvc.Spec.VolumeMode) { | ||
| - pod.Spec.Containers[0].VolumeDevices = append(pod.Spec.Containers[0].VolumeDevices, k8sv1.VolumeDevice{ | ||
| - Name: volume.Name, | ||
| - DevicePath: fmt.Sprintf("/path/%s/%s", volume.Name, pvc.GetUID()), | ||
| - }) | ||
| - } else { | ||
| - pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, k8sv1.VolumeMount{ | ||
| - Name: volume.Name, | ||
| - MountPath: fmt.Sprintf("/%s", volume.Name), | ||
| - }) | ||
| - } | ||
| + pvc := claimMap[volume.Name] | ||
| + if pvc == nil { | ||
| + continue | ||
| + } | ||
| + if types.IsPVCBlock(pvc.Spec.VolumeMode) { | ||
| + pod.Spec.Containers[0].VolumeDevices = append(pod.Spec.Containers[0].VolumeDevices, k8sv1.VolumeDevice{ | ||
| + Name: volume.Name, | ||
| + DevicePath: fmt.Sprintf("/path/%s/%s", volume.Name, pvc.GetUID()), | ||
| + }) | ||
| + } else { | ||
| + if !skipMount { | ||
| + pod.Spec.Containers[0].VolumeMounts = append(pod.Spec.Containers[0].VolumeMounts, k8sv1.VolumeMount{ | ||
| + Name: volume.Name, | ||
| + MountPath: fmt.Sprintf("/%s", volume.Name), | ||
| + }) | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -33,6 +33,7 @@ Patch0: Cleanup-housekeeping-cgroup-on-vm-del.patch | |
| Patch1: Allocate-2-cpu-for-the-emulator-thread.patch | ||
| Patch2: Hotplug_detach_grace_period.patch | ||
| Patch3: CVE-2023-44487.patch | ||
| Patch4: Hp-volume-pod-should-respect-blockdevices.patch | ||
| %global debug_package %{nil} | ||
| BuildRequires: glibc-devel | ||
| BuildRequires: glibc-static >= 2.35-6%{?dist} | ||
|
|
@@ -212,6 +213,9 @@ install -p -m 0644 cmd/virt-handler/nsswitch.conf %{buildroot}%{_datadir}/kube-v | |
| %{_bindir}/virt-tests | ||
|
|
||
| %changelog | ||
| * Thu Feb 8 2024 Sharath Srikanth Chellappa <[email protected]> - 0.59.0-12 | ||
| - Add patch for render hp-volume- pod to respect blockdevices (IcM 467224770) | ||
|
|
||
| * Thu Feb 01 2024 Daniel McIlvaney <[email protected]> - 0.59.0-12 | ||
| - Address CVE-2023-44487 by patching vendored golang.org/x/net | ||
|
|
||
|
|
||