From 3a07d886bc50319e510c073b577719929f02468b Mon Sep 17 00:00:00 2001 From: Carl Montanari Date: Wed, 31 Jan 2024 11:44:17 -0800 Subject: [PATCH 1/3] feat: read or execute perms for files from configmap mounting --- apis/v1alpha1/topologyspec.go | 5 ++++ ...abernetes.containerlab.dev_topologies.yaml | 26 ++++++++++++++----- ...abernetes.containerlab.dev_topologies.yaml | 26 ++++++++++++++----- .../default_vaules/default_values_test.go | 2 +- clabverter/assets/topology.yaml.template | 1 + clabverter/clabverter.go | 7 +++-- clabverter/clabverter_test.go | 5 +++- clabverter/test-fixtures/golden/srl02.yaml | 6 +++++ constants/common.go | 7 +++++ constants/os.go | 14 +++++++--- controllers/topology/deployment.go | 20 ++++++++++++-- generated/openapi/openapi_generated.go | 12 +++++++-- launcher/connectivity/slurpeeth.go | 2 +- launcher/docker.go | 2 +- manager/perparecertificates.go | 11 +++++--- testhelper/files.go | 2 +- testhelper/helm.go | 2 +- 17 files changed, 119 insertions(+), 31 deletions(-) diff --git a/apis/v1alpha1/topologyspec.go b/apis/v1alpha1/topologyspec.go index 0eb86865..ab1c455a 100644 --- a/apis/v1alpha1/topologyspec.go +++ b/apis/v1alpha1/topologyspec.go @@ -13,6 +13,11 @@ type FileFromConfigMap struct { // be mounted without a sub-path. // +optional ConfigMapPath string `json:"configMapPath"` + // Mode sets the file permissions when mounting the configmap. Since the configmap will be read + // only filesystem anyway, we basically just want to expose if the file should be mounted as + // executable or not. So, default permissions would be 0o444 (read) and execute would be 0o555. + // +kubebuilder:validation:Enum=read;execute + Mode string `json:"mode"` } // FileFromURL represents a file that you would like to mount from a URL in the launcher pod for diff --git a/assets/crd/clabernetes.containerlab.dev_topologies.yaml b/assets/crd/clabernetes.containerlab.dev_topologies.yaml index c5e00b3b..6a987d8d 100644 --- a/assets/crd/clabernetes.containerlab.dev_topologies.yaml +++ b/assets/crd/clabernetes.containerlab.dev_topologies.yaml @@ -100,9 +100,19 @@ spec: filePath: description: FilePath is the path to mount the file. type: string + mode: + description: |- + Mode sets the file permissions when mounting the configmap. Since the configmap will be read + only filesystem anyway, we basically just want to expose if the file should be mounted as + executable or not. So, default permissions would be 0o444 (read) and execute would be 0o555. + enum: + - read + - execute + type: string required: - configMapName - filePath + - mode type: object type: array description: |- @@ -195,12 +205,16 @@ spec: type: object privilegedLauncher: description: |- - PrivilegedLauncher, when true, sets the launcher containers to privileged. By default, we do - our best to *not* need this/set this, and instead set only the capabilities we need, however - its possible that some containers launched by the launcher may need/want more capabilities, - so this flag exists for users to bypass the default settings and enable fully privileged - launcher pods. If this value is unset, the global config value (default of "false") will be - used. + PrivilegedLauncher, when true, sets the launcher containers to privileged. Historically we + tried very hard to *not* need to set privileged mode on pods, however the reality is it is + much, much easier to get various network operating system images booting with this enabled, + so, the default mode is to set the privileged flag on pods. Disabling this option causes + clabernetes to try to run the pods for this topology in the "not so privileged" mode -- this + basically means we mount all capabilities we think should be available, set apparmor to + "unconfined", and mount paths like /dev/kvm and dev/net/tun. With this "not so privileged" + mode, Nokia SRL devices and Arista cEOS devices have been able to boot on some clusters, but + your mileage may vary. In short: if you don't care about having some privileged pods, just + leave this alone. type: boolean resources: additionalProperties: diff --git a/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml b/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml index c5e00b3b..6a987d8d 100644 --- a/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml +++ b/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml @@ -100,9 +100,19 @@ spec: filePath: description: FilePath is the path to mount the file. type: string + mode: + description: |- + Mode sets the file permissions when mounting the configmap. Since the configmap will be read + only filesystem anyway, we basically just want to expose if the file should be mounted as + executable or not. So, default permissions would be 0o444 (read) and execute would be 0o555. + enum: + - read + - execute + type: string required: - configMapName - filePath + - mode type: object type: array description: |- @@ -195,12 +205,16 @@ spec: type: object privilegedLauncher: description: |- - PrivilegedLauncher, when true, sets the launcher containers to privileged. By default, we do - our best to *not* need this/set this, and instead set only the capabilities we need, however - its possible that some containers launched by the launcher may need/want more capabilities, - so this flag exists for users to bypass the default settings and enable fully privileged - launcher pods. If this value is unset, the global config value (default of "false") will be - used. + PrivilegedLauncher, when true, sets the launcher containers to privileged. Historically we + tried very hard to *not* need to set privileged mode on pods, however the reality is it is + much, much easier to get various network operating system images booting with this enabled, + so, the default mode is to set the privileged flag on pods. Disabling this option causes + clabernetes to try to run the pods for this topology in the "not so privileged" mode -- this + basically means we mount all capabilities we think should be available, set apparmor to + "unconfined", and mount paths like /dev/kvm and dev/net/tun. With this "not so privileged" + mode, Nokia SRL devices and Arista cEOS devices have been able to boot on some clusters, but + your mileage may vary. In short: if you don't care about having some privileged pods, just + leave this alone. type: boolean resources: additionalProperties: diff --git a/charts/clicker/tests/default_vaules/default_values_test.go b/charts/clicker/tests/default_vaules/default_values_test.go index 4f5a2438..7abd4434 100644 --- a/charts/clicker/tests/default_vaules/default_values_test.go +++ b/charts/clicker/tests/default_vaules/default_values_test.go @@ -28,7 +28,7 @@ func TestDefaultValues(t *testing.T) { actualRootDir := fmt.Sprintf("test-fixtures/%s-actual", testName) actualDir := fmt.Sprintf("%s/clicker/templates", actualRootDir) - err := os.MkdirAll(actualDir, clabernetesconstants.PermissionsEveryoneRead) + err := os.MkdirAll(actualDir, clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute) if err != nil { t.Fatalf( "failed creating actual output directory %q, error: %s", actualDir, err, diff --git a/clabverter/assets/topology.yaml.template b/clabverter/assets/topology.yaml.template index 123923a9..63285e05 100644 --- a/clabverter/assets/topology.yaml.template +++ b/clabverter/assets/topology.yaml.template @@ -22,6 +22,7 @@ spec: - filePath: {{ $nodeFile.FilePath }} configMapName: {{ $nodeFile.ConfigMapName }} configMapPath: {{ $nodeFile.FileName }} + mode: read {{- end }} {{- end }} {{- end }} diff --git a/clabverter/clabverter.go b/clabverter/clabverter.go index 02a3d214..3c1bde0a 100644 --- a/clabverter/clabverter.go +++ b/clabverter/clabverter.go @@ -180,7 +180,10 @@ func (c *Clabverter) ensureOutputDirectory() error { return err } - err = os.MkdirAll(c.outputDirectory, clabernetesconstants.PermissionsEveryoneRead) + err = os.MkdirAll( + c.outputDirectory, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, + ) if err != nil { c.logger.Criticalf("failed ensuring output directory exists, error: %s", err) @@ -407,7 +410,7 @@ func (c *Clabverter) output() error { err := os.WriteFile( rendered.fileName, rendered.content, - clabernetesconstants.PermissionsEveryoneRead, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, ) if err != nil { c.logger.Criticalf( diff --git a/clabverter/clabverter_test.go b/clabverter/clabverter_test.go index 3b056b3e..2f236e9f 100644 --- a/clabverter/clabverter_test.go +++ b/clabverter/clabverter_test.go @@ -40,7 +40,10 @@ func TestClabvert(t *testing.T) { actualDir := fmt.Sprintf("test-fixtures/%s-actual", testCase.name) - err := os.MkdirAll(actualDir, clabernetesconstants.PermissionsEveryoneRead) + err := os.MkdirAll( + actualDir, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, + ) if err != nil { t.Fatalf( "failed creating actual output directory %q, error: %s", actualDir, err, diff --git a/clabverter/test-fixtures/golden/srl02.yaml b/clabverter/test-fixtures/golden/srl02.yaml index 3b2e304c..3b08ef48 100755 --- a/clabverter/test-fixtures/golden/srl02.yaml +++ b/clabverter/test-fixtures/golden/srl02.yaml @@ -35,22 +35,28 @@ spec: - configMapName: srl02-srl1-startup-config configMapPath: REPLACED filePath: srl1.cfg + mode: read - configMapName: srl02-srl1-files configMapPath: REPLACED filePath: taco/srl1.license + mode: read srl2: - configMapName: srl02-srl2-files configMapPath: REPLACED filePath: /some/dir/clabernetes/clabverter/test-fixtures/clabversiontest/potato.txt + mode: read - configMapName: srl02-srl2-files configMapPath: REPLACED filePath: /some/dir/clabernetes/clabverter/test-fixtures/clabversiontest/srl2/potato.txt + mode: read - configMapName: srl02-srl2-startup-config configMapPath: REPLACED filePath: srl2.cfg + mode: read - configMapName: srl02-srl2-files configMapPath: REPLACED filePath: srl2.license + mode: read filesFromURL: null persistence: enabled: false diff --git a/constants/common.go b/constants/common.go index 0fad3b29..1a1be3e8 100644 --- a/constants/common.go +++ b/constants/common.go @@ -33,4 +33,11 @@ const ( // UDP is... UDP. UDP = "UDP" + + // Read is "read". Used for configmap mount permissions in the TopologySpec/FilesFromConfigMap. + Read = "read" + + // Execute is "execute". Used for configmap mount permissions in the + // TopologySpec/FilesFromConfigMap. + Execute = "execute" ) diff --git a/constants/os.go b/constants/os.go index 5f9bb47c..6d3df028 100644 --- a/constants/os.go +++ b/constants/os.go @@ -14,11 +14,19 @@ const ( // read, write, and execute permissions. PermissionsEveryoneAllPermissions = 0o777 - // PermissionsEveryoneRead is 0755 permissions for files/directories -- everyone can read, and - // execute, and owner can write. - PermissionsEveryoneRead = 0o755 + // PermissionsEveryoneReadWriteOwnerExecute is 0755 permissions for files/directories -- + // everyone can read, and execute, and owner can write. + PermissionsEveryoneReadWriteOwnerExecute = 0o755 // PermissionsEveryoneReadWrite is 0666 permissions for files/directories -- everyone has read // and write permissions. PermissionsEveryoneReadWrite = 0o666 + + // PermissionsEveryoneReadExecute is 0555 permissions for files/directories -- everyone has read + // and execute permissions. + PermissionsEveryoneReadExecute = 0o555 + + // PermissionsEveryoneRead is 0444 permissions for files/directories -- everyone has read + // permissions. + PermissionsEveryoneRead = 0o444 ) diff --git a/controllers/topology/deployment.go b/controllers/topology/deployment.go index d81e0eef..adae7d62 100644 --- a/controllers/topology/deployment.go +++ b/controllers/topology/deployment.go @@ -189,7 +189,7 @@ func (r *DeploymentReconciler) renderDeploymentVolumes( Name: owningTopologyName, }, DefaultMode: clabernetesutil.ToPointer( - int32(clabernetesconstants.PermissionsEveryoneRead), + int32(clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute), ), }, }, @@ -243,7 +243,7 @@ func (r *DeploymentReconciler) renderDeploymentVolumes( Secret: &k8scorev1.SecretVolumeSource{ SecretName: dockerDaemonConfigSecret, DefaultMode: clabernetesutil.ToPointer( - int32(clabernetesconstants.PermissionsEveryoneRead), + int32(clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute), ), }, }, @@ -272,6 +272,21 @@ func (r *DeploymentReconciler) renderDeploymentVolumes( podVolume.ConfigMapName, volumes, ) { + var mode *int32 + + switch podVolume.Mode { + case clabernetesconstants.Read: + mode = clabernetesutil.ToPointer( + int32(clabernetesconstants.PermissionsEveryoneRead), + ) + case clabernetesconstants.Execute: + mode = clabernetesutil.ToPointer( + int32(clabernetesconstants.PermissionsEveryoneReadExecute), + ) + default: + mode = nil + } + volumes = append( volumes, k8scorev1.Volume{ @@ -281,6 +296,7 @@ func (r *DeploymentReconciler) renderDeploymentVolumes( LocalObjectReference: k8scorev1.LocalObjectReference{ Name: podVolume.ConfigMapName, }, + DefaultMode: mode, }, }, }, diff --git a/generated/openapi/openapi_generated.go b/generated/openapi/openapi_generated.go index e755c5a2..183fc348 100644 --- a/generated/openapi/openapi_generated.go +++ b/generated/openapi/openapi_generated.go @@ -697,7 +697,7 @@ func schema_srl_labs_clabernetes_apis_v1alpha1_Deployment( }, "privilegedLauncher": { SchemaProps: spec.SchemaProps{ - Description: "PrivilegedLauncher, when true, sets the launcher containers to privileged. By default, we do our best to *not* need this/set this, and instead set only the capabilities we need, however its possible that some containers launched by the launcher may need/want more capabilities, so this flag exists for users to bypass the default settings and enable fully privileged launcher pods. If this value is unset, the global config value (default of \"false\") will be used.", + Description: "PrivilegedLauncher, when true, sets the launcher containers to privileged. Historically we tried very hard to *not* need to set privileged mode on pods, however the reality is it is much, much easier to get various network operating system images booting with this enabled, so, the default mode is to set the privileged flag on pods. Disabling this option causes clabernetes to try to run the pods for this topology in the \"not so privileged\" mode -- this basically means we mount all capabilities we think should be available, set apparmor to \"unconfined\", and mount paths like /dev/kvm and dev/net/tun. With this \"not so privileged\" mode, Nokia SRL devices and Arista cEOS devices have been able to boot on some clusters, but your mileage may vary. In short: if you don't care about having some privileged pods, just leave this alone.", Type: []string{"boolean"}, Format: "", }, @@ -931,8 +931,16 @@ func schema_srl_labs_clabernetes_apis_v1alpha1_FileFromConfigMap( Format: "", }, }, + "mode": { + SchemaProps: spec.SchemaProps{ + Description: "Mode sets the file permissions when mounting the configmap. Since the configmap will be read only filesystem anyway, we basically just want to expose if the file should be mounted as executable or not. So, default permissions would be 0o444 (read) and execute would be 0o555.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, }, - Required: []string{"filePath", "configMapName"}, + Required: []string{"filePath", "configMapName", "mode"}, }, }, } diff --git a/launcher/connectivity/slurpeeth.go b/launcher/connectivity/slurpeeth.go index 8009b8a4..6b5be552 100644 --- a/launcher/connectivity/slurpeeth.go +++ b/launcher/connectivity/slurpeeth.go @@ -173,7 +173,7 @@ func (m *slurpeethManager) renderSlurpeethConfig( err = os.WriteFile( slurpeethConfigPath, slurpeethConfigYAML, - clabernetesconstants.PermissionsEveryoneRead, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, ) if err != nil { m.logger.Fatalf( diff --git a/launcher/docker.go b/launcher/docker.go index 18a4a703..6f8747fb 100644 --- a/launcher/docker.go +++ b/launcher/docker.go @@ -67,7 +67,7 @@ func (c *clabernetes) handleInsecureRegistries() error { err = os.WriteFile( dockerDaemonConfig, rendered.Bytes(), - clabernetesconstants.PermissionsEveryoneRead, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, ) if err != nil { return err diff --git a/manager/perparecertificates.go b/manager/perparecertificates.go index 9c4b230c..5500f009 100644 --- a/manager/perparecertificates.go +++ b/manager/perparecertificates.go @@ -15,7 +15,7 @@ import ( func prepareCertificates(c clabernetesmanagertypes.Clabernetes) error { clabernetesutil.MustCreateDirectory( clabernetesconstants.CertificateDirectory, - clabernetesconstants.PermissionsEveryoneRead, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, ) caDirectory := ensureCaDirectory() @@ -117,7 +117,10 @@ func ensureCaDirectory() string { clabernetesconstants.CertificateAuthoritySubDir, ) - clabernetesutil.MustCreateDirectory(caDirectory, clabernetesconstants.PermissionsEveryoneRead) + clabernetesutil.MustCreateDirectory( + caDirectory, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, + ) return caDirectory } @@ -131,7 +134,7 @@ func ensureClientCertDirectory() string { clabernetesutil.MustCreateDirectory( clientCertDirectory, - clabernetesconstants.PermissionsEveryoneRead, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, ) return clientCertDirectory @@ -146,7 +149,7 @@ func ensureWebhookCertDirectory() string { clabernetesutil.MustCreateDirectory( webhookCertDirectory, - clabernetesconstants.PermissionsEveryoneRead, + clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute, ) return webhookCertDirectory diff --git a/testhelper/files.go b/testhelper/files.go index 2714b263..9ad25744 100644 --- a/testhelper/files.go +++ b/testhelper/files.go @@ -41,7 +41,7 @@ func WriteTestFixtureFile(t *testing.T, f string, b []byte) { //nolint:thelper func WriteTestFile(t *testing.T, f string, b []byte) { t.Helper() - err := os.WriteFile(f, b, clabernetesconstants.PermissionsEveryoneRead) + err := os.WriteFile(f, b, clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute) if err != nil { t.Fatal(err) } diff --git a/testhelper/helm.go b/testhelper/helm.go index 0e206f84..f897e901 100644 --- a/testhelper/helm.go +++ b/testhelper/helm.go @@ -39,7 +39,7 @@ func HelmTest(t *testing.T, testName, namespace, valuesFileName string) { } } - err := os.MkdirAll(actualDir, clabernetesconstants.PermissionsEveryoneRead) + err := os.MkdirAll(actualDir, clabernetesconstants.PermissionsEveryoneReadWriteOwnerExecute) if err != nil { t.Fatalf( "failed creating actual output directory %q, error: %s", actualDir, err, From f066dd919b67c5b7e4a76427f434df4d0e343534 Mon Sep 17 00:00:00 2001 From: Carl Montanari Date: Fri, 2 Feb 2024 14:35:17 -0800 Subject: [PATCH 2/3] refactor: set default in crd for files from configmap mode --- apis/v1alpha1/topologyspec.go | 1 + assets/crd/clabernetes.containerlab.dev_topologies.yaml | 1 + .../crds/clabernetes.containerlab.dev_topologies.yaml | 1 + util/kubernetes/volumes_test.go | 1 - 4 files changed, 3 insertions(+), 1 deletion(-) delete mode 100644 util/kubernetes/volumes_test.go diff --git a/apis/v1alpha1/topologyspec.go b/apis/v1alpha1/topologyspec.go index ab1c455a..1fdaa01c 100644 --- a/apis/v1alpha1/topologyspec.go +++ b/apis/v1alpha1/topologyspec.go @@ -17,6 +17,7 @@ type FileFromConfigMap struct { // only filesystem anyway, we basically just want to expose if the file should be mounted as // executable or not. So, default permissions would be 0o444 (read) and execute would be 0o555. // +kubebuilder:validation:Enum=read;execute + // +kubebuilder:default=read Mode string `json:"mode"` } diff --git a/assets/crd/clabernetes.containerlab.dev_topologies.yaml b/assets/crd/clabernetes.containerlab.dev_topologies.yaml index 6a987d8d..1c1cfc9c 100644 --- a/assets/crd/clabernetes.containerlab.dev_topologies.yaml +++ b/assets/crd/clabernetes.containerlab.dev_topologies.yaml @@ -101,6 +101,7 @@ spec: description: FilePath is the path to mount the file. type: string mode: + default: read description: |- Mode sets the file permissions when mounting the configmap. Since the configmap will be read only filesystem anyway, we basically just want to expose if the file should be mounted as diff --git a/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml b/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml index 6a987d8d..1c1cfc9c 100644 --- a/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml +++ b/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml @@ -101,6 +101,7 @@ spec: description: FilePath is the path to mount the file. type: string mode: + default: read description: |- Mode sets the file permissions when mounting the configmap. Since the configmap will be read only filesystem anyway, we basically just want to expose if the file should be mounted as diff --git a/util/kubernetes/volumes_test.go b/util/kubernetes/volumes_test.go deleted file mode 100644 index bdeb4e52..00000000 --- a/util/kubernetes/volumes_test.go +++ /dev/null @@ -1 +0,0 @@ -package kubernetes_test From 8161c997688451837e58713cfa4e1b28c580a5b3 Mon Sep 17 00:00:00 2001 From: Carl Montanari Date: Fri, 2 Feb 2024 15:07:28 -0800 Subject: [PATCH 3/3] refactor: volume per file from configmap so we can set mode for each file from configmap entry --- controllers/topology/deployment.go | 60 +++++++++++++++--------------- util/kubernetes/volumes.go | 14 ------- 2 files changed, 30 insertions(+), 44 deletions(-) delete mode 100644 util/kubernetes/volumes.go diff --git a/controllers/topology/deployment.go b/controllers/topology/deployment.go index adae7d62..e61d5d95 100644 --- a/controllers/topology/deployment.go +++ b/controllers/topology/deployment.go @@ -268,43 +268,43 @@ func (r *DeploymentReconciler) renderDeploymentVolumes( ) for _, podVolume := range volumesFromConfigMaps { - if !clabernetesutilkubernetes.VolumeAlreadyMounted( + volumeName := clabernetesutilkubernetes.SafeConcatNameKubernetes( podVolume.ConfigMapName, + podVolume.ConfigMapPath, + ) + + var mode *int32 + + switch podVolume.Mode { + case clabernetesconstants.Read: + mode = clabernetesutil.ToPointer( + int32(clabernetesconstants.PermissionsEveryoneRead), + ) + case clabernetesconstants.Execute: + mode = clabernetesutil.ToPointer( + int32(clabernetesconstants.PermissionsEveryoneReadExecute), + ) + default: + mode = nil + } + + volumes = append( volumes, - ) { - var mode *int32 - - switch podVolume.Mode { - case clabernetesconstants.Read: - mode = clabernetesutil.ToPointer( - int32(clabernetesconstants.PermissionsEveryoneRead), - ) - case clabernetesconstants.Execute: - mode = clabernetesutil.ToPointer( - int32(clabernetesconstants.PermissionsEveryoneReadExecute), - ) - default: - mode = nil - } - - volumes = append( - volumes, - k8scorev1.Volume{ - Name: podVolume.ConfigMapName, - VolumeSource: k8scorev1.VolumeSource{ - ConfigMap: &k8scorev1.ConfigMapVolumeSource{ - LocalObjectReference: k8scorev1.LocalObjectReference{ - Name: podVolume.ConfigMapName, - }, - DefaultMode: mode, + k8scorev1.Volume{ + Name: volumeName, + VolumeSource: k8scorev1.VolumeSource{ + ConfigMap: &k8scorev1.ConfigMapVolumeSource{ + LocalObjectReference: k8scorev1.LocalObjectReference{ + Name: podVolume.ConfigMapName, }, + DefaultMode: mode, }, }, - ) - } + }, + ) volumeMount := k8scorev1.VolumeMount{ - Name: podVolume.ConfigMapName, + Name: volumeName, ReadOnly: false, MountPath: fmt.Sprintf("/clabernetes/%s", podVolume.FilePath), SubPath: podVolume.ConfigMapPath, diff --git a/util/kubernetes/volumes.go b/util/kubernetes/volumes.go deleted file mode 100644 index f3815b7c..00000000 --- a/util/kubernetes/volumes.go +++ /dev/null @@ -1,14 +0,0 @@ -package kubernetes - -import k8scorev1 "k8s.io/api/core/v1" - -// VolumeAlreadyMounted checks if the given volumeName is already in the existingVolumes. -func VolumeAlreadyMounted(volumeName string, existingVolumes []k8scorev1.Volume) bool { - for idx := range existingVolumes { - if volumeName == existingVolumes[idx].Name { - return true - } - } - - return false -}