Skip to content

Commit 6ec0009

Browse files
AkarshESl-technicore
authored andcommitted
Add support for NLB lifecycle management in CCM
Changes to Dockerfile to update and use Golang v1.16
1 parent 500a598 commit 6ec0009

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

60 files changed

+1738
-3423
lines changed

.github/workflows/makefile.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ jobs:
1212
- name: Set up Go 1.x
1313
uses: actions/setup-go@v2
1414
with:
15-
go-version: 1.15
15+
go-version: 1.16
1616
id: go
1717

1818
- name: Check out code into the Go module directory

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414

1515
ARG CI_IMAGE_REGISTRY
1616

17-
FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.5
17+
FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.6
1818

1919
ARG COMPONENT
2020

Dockerfile_arm_all

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
ARG CI_IMAGE_REGISTRY
22

3-
FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.5 as builder
3+
FROM ${CI_IMAGE_REGISTRY}/oci-kube-ci:1.0.6 as builder
44

55
ARG COMPONENT
66

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ else
3838
VERSION ?= ${VERSION}
3939
endif
4040

41-
RELEASE = v1.19.12
41+
RELEASE = v1.22.0
4242

4343
GOOS ?= linux
4444
ARCH ?= amd64

README.md

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,14 @@ cloud-provider specific code out of the Kubernetes codebase.
2222

2323
## Compatibility matrix
2424

25-
| | Min Kubernetes Version | Max Kubernetes Version |
26-
|-----------|-----------------------------|------------------------------|
27-
| \>=v 0.11 | v1.16 | v1.18 |
28-
| \>=v 0.12 | v1.18 | v1.21 |
29-
| \>=v 0.13 | v1.19 | v1.21 |
30-
| v1.19.12 | v1.19 | v1.21 |
25+
| | Min Kubernetes Version | Max Kubernetes Version |
26+
|-----------|------------------------|------------------------|
27+
| \>=v 0.11 | v1.16 | v1.18 |
28+
| \>=v 0.12 | v1.18 | v1.21 |
29+
| \>=v 0.13 | v1.19 | v1.21 |
30+
| v1.19.12 | v1.19 | v1.21 |
31+
| v1.22.0 | v1.22 | - |
32+
3133

3234
Note:
3335
Versions older than v0.13.0 are no longer supported, new features / bug fixes will be available in v0.13.0 and later.

ci-docker-images/Dockerfile

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -32,18 +32,18 @@ RUN wget https://bootstrap.pypa.io/pip/3.6/get-pip.py
3232
RUN python3 get-pip.py
3333

3434
# Install golang environment
35-
RUN curl https://storage.googleapis.com/golang/go1.15.12.linux-amd64.tar.gz -O && \
35+
RUN curl https://storage.googleapis.com/golang/go1.16.15.linux-amd64.tar.gz -O && \
3636
mkdir /tools && \
37-
tar xzf go1.15.12.linux-amd64.tar.gz -C /tools && \
38-
rm go1.15.12.linux-amd64.tar.gz && \
37+
tar xzf go1.16.15.linux-amd64.tar.gz -C /tools && \
38+
rm go1.16.15.linux-amd64.tar.gz && \
3939
mkdir -p /go/bin
4040

4141
ENV PATH=/tools/go/bin:/go/bin:/tools/linux-amd64:$PATH \
4242
GOPATH=/go \
4343
GOROOT=/tools/go
4444

4545
# Install the kubectl client
46-
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl && \
46+
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.22.5/bin/linux/amd64/kubectl && \
4747
chmod +x ./kubectl && \
4848
mv ./kubectl /usr/local/bin/kubectl
4949

container-storage-interface.md

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,9 +117,65 @@ Check if PVC is now in bound state:
117117
$ kubectl describe pvc/oci-bv-claim
118118
```
119119

120+
# Troubleshoot
121+
122+
### FsGroup policy not propagated from pod security context
123+
124+
If your fsGroup is not being applied on the files in your volume.
125+
126+
Read more about [fsGroup Policy][7].
127+
128+
Ex.
129+
```yaml
130+
apiVersion: v1
131+
kind: Pod
132+
metadata:
133+
name: security-context-demo
134+
spec:
135+
securityContext:
136+
fsGroup: 2000
137+
containers:
138+
- name: sec-ctx-demo
139+
image: busybox:1.28
140+
command: [ "sh", "-c", "sleep 1h" ]
141+
volumeMounts:
142+
- name: sec-ctx-vol
143+
mountPath: /data/demo
144+
```
145+
146+
```bash
147+
kubectl exec -it security-context-demo -- sh -c "cd /data/demo && echo hello > testfile"
148+
kubectl exec -it security-context-demo -- sh -c "ls -l /data/demo/testfile"
149+
```
150+
151+
The output you would expect is that the `/data/demo/testfile` file has group ID 2000, which is the value of fsGroup
152+
```bash
153+
-rw-r--r-- 1 root 2000 6 Jun 6 20:08 testfile
154+
```
155+
156+
But the same does not reflect on your volume, i.e. the permissions on your files/folders are not what you would expect.
157+
Ex:
158+
```bash
159+
-rw-r--r-- 1 root root 6 Jun 6 20:08 testfile
160+
```
161+
162+
### Solution:
163+
Create a CSI Driver object with spec: `fsGroupPolicy: File`.
164+
Ex:
165+
```yaml
166+
apiVersion: storage.k8s.io/v1
167+
kind: CSIDriver
168+
metadata:
169+
name: blockvolume.csi.oraclecloud.com
170+
spec:
171+
fsGroupPolicy: File
172+
```
173+
`File` - Indicates that the CSI volume driver supports volume ownership and permission change via fsGroup, and Kubernetes may use fsGroup to change permissions and ownership of the volume to match user requested fsGroup in the pod's SecurityPolicy regardless of fstype or access mode.
174+
120175
[1]: https://docs.us-phoenix-1.oraclecloud.com/Content/Block/Concepts/overview.htm
121176
[2]: https://kubernetes.io/blog/2019/01/15/container-storage-interface-ga/
122177
[3]: https://kubernetes.io/docs/admin/authorization/rbac/
123178
[4]: https://kubernetes-csi.github.io/docs/external-provisioner.html
124179
[5]: https://kubernetes-csi.github.io/docs/external-attacher.html
125180
[6]: https://kubernetes-csi.github.io/docs/node-driver-registrar.html
181+
[7]: https://kubernetes-csi.github.io/docs/support-fsgroup.html#csi-volume-fsgroup-policy

go.mod

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -35,9 +35,7 @@ replace (
3535
)
3636

3737
require (
38-
github.com/NYTimes/gziphandler v1.0.1 // indirect
3938
github.com/container-storage-interface/spec v1.5.0
40-
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
4139
github.com/golang/protobuf v1.5.2
4240
github.com/hashicorp/golang-lru v0.5.4 // indirect
4341
github.com/imdario/mergo v0.3.9 // indirect
@@ -47,28 +45,26 @@ require (
4745
github.com/oracle/oci-go-sdk/v50 v50.1.0
4846
github.com/pkg/errors v0.9.1
4947
github.com/prometheus/client_golang v1.11.0
50-
github.com/spf13/cobra v1.1.3
48+
github.com/spf13/cobra v1.1.3 // indirect
5149
github.com/spf13/pflag v1.0.5
5250
github.com/spf13/viper v1.7.0
5351
go.uber.org/multierr v1.6.0 // indirect
5452
go.uber.org/zap v1.17.0
5553
golang.org/x/net v0.0.0-20211209124913-491a49abca63
56-
golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // indirect
57-
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
5854
google.golang.org/grpc v1.38.0
5955
gopkg.in/natefinch/lumberjack.v2 v2.0.0
6056
gopkg.in/yaml.v2 v2.4.0
6157
k8s.io/api v0.22.5
6258
k8s.io/apimachinery v0.22.5
63-
k8s.io/apiserver v0.22.5
59+
k8s.io/apiserver v0.22.5 // indirect
6460
k8s.io/client-go v0.22.5
6561
k8s.io/cloud-provider v0.22.5
6662
k8s.io/component-base v0.22.5
6763
k8s.io/component-helpers v0.22.5
68-
k8s.io/csi-translation-lib v0.22.5
64+
k8s.io/csi-translation-lib v0.22.5 // indirect
6965
k8s.io/klog v1.0.0
7066
k8s.io/klog/v2 v2.9.0
71-
k8s.io/kubelet v0.22.5
67+
k8s.io/kubelet v0.22.5 // indirect
7268
k8s.io/kubernetes v1.22.5
7369
k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a
7470
sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0

0 commit comments

Comments
 (0)