[Azure] Filters service account secret volume mount for Windows (#60)
* filters the SA secret volume for windows * make it a map * bettern go convention
This commit is contained in:
chshou
@@ -9,6 +9,8 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"reflect"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/virtual-kubelet/virtual-kubelet/manager"
|
||||
@@ -20,19 +22,22 @@ import (
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
)
|
||||
|
||||
// The service account secret mount path.
|
||||
const serviceAccountSecretMountPath = "/var/run/secrets/kubernetes.io/serviceaccount"
|
||||
|
||||
// ACIProvider implements the virtual-kubelet provider interface and communicates with Azure's ACI APIs.
|
||||
type ACIProvider struct {
|
||||
aciClient *aci.Client
|
||||
resourceManager *manager.ResourceManager
|
||||
resourceGroup string
|
||||
region string
|
||||
nodeName string
|
||||
operatingSystem string
|
||||
cpu string
|
||||
memory string
|
||||
pods string
|
||||
internalIP string
|
||||
daemonEndpointPort int32
|
||||
aciClient *aci.Client
|
||||
resourceManager *manager.ResourceManager
|
||||
resourceGroup string
|
||||
region string
|
||||
nodeName string
|
||||
operatingSystem string
|
||||
cpu string
|
||||
memory string
|
||||
pods string
|
||||
internalIP string
|
||||
daemonEndpointPort int32
|
||||
}
|
||||
|
||||
// AuthConfig is the secret returned from an ImageRegistryCredential
|
||||
@@ -125,6 +130,8 @@ func (p *ACIProvider) CreatePod(pod *v1.Pod) error {
|
||||
containerGroup.ContainerGroupProperties.Volumes = volumes
|
||||
containerGroup.ContainerGroupProperties.ImageRegistryCredentials = creds
|
||||
|
||||
filterServiceAccountSecretVolume(p.operatingSystem, &containerGroup)
|
||||
|
||||
// create ipaddress if containerPort is used
|
||||
count := 0
|
||||
for _, container := range containers {
|
||||
@@ -196,7 +203,7 @@ func (p *ACIProvider) GetPod(namespace, name string) (*v1.Pod, error) {
|
||||
return containerGroupToPod(cg)
|
||||
}
|
||||
|
||||
// GetPodLogs returns the logs of a pod by name that is running inside ACI.
|
||||
// GetContainerLogs returns the logs of a pod by name that is running inside ACI.
|
||||
func (p *ACIProvider) GetContainerLogs(namespace, podName, containerName string, tail int) (string, error) {
|
||||
logContent := ""
|
||||
cg, err, _ := p.aciClient.GetContainerGroup(p.resourceGroup, fmt.Sprintf("%s-%s", namespace, podName))
|
||||
@@ -710,3 +717,39 @@ func aciContainerStateToContainerState(cs aci.ContainerState) v1.ContainerState
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// Filters service account secret volume for Windows.
|
||||
// Service account secret volume gets automatically turned on if not specified otherwise.
|
||||
// ACI doesn't support secret volume for Windows, so we need to filter it.
|
||||
func filterServiceAccountSecretVolume(osType string, containerGroup *aci.ContainerGroup) {
|
||||
if strings.EqualFold(osType, "Windows") {
|
||||
serviceAccountSecretVolumeName := make(map[string]bool)
|
||||
|
||||
for index, container := range containerGroup.ContainerGroupProperties.Containers {
|
||||
volumeMounts := make([]aci.VolumeMount, 0, len(container.VolumeMounts))
|
||||
for _, volumeMount := range container.VolumeMounts {
|
||||
if !strings.EqualFold(serviceAccountSecretMountPath, volumeMount.MountPath) {
|
||||
volumeMounts = append(volumeMounts, volumeMount)
|
||||
} else {
|
||||
serviceAccountSecretVolumeName[volumeMount.Name] = true
|
||||
}
|
||||
}
|
||||
containerGroup.ContainerGroupProperties.Containers[index].VolumeMounts = volumeMounts
|
||||
}
|
||||
|
||||
if len(serviceAccountSecretVolumeName) == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
log.Printf("Ignoring service account secret volumes '%v' for Windows", reflect.ValueOf(serviceAccountSecretVolumeName).MapKeys())
|
||||
|
||||
volumes := make([]aci.Volume, 0, len(containerGroup.ContainerGroupProperties.Volumes))
|
||||
for _, volume := range containerGroup.ContainerGroupProperties.Volumes {
|
||||
if _, ok := serviceAccountSecretVolumeName[volume.Name]; !ok {
|
||||
volumes = append(volumes, volume)
|
||||
}
|
||||
}
|
||||
|
||||
containerGroup.ContainerGroupProperties.Volumes = volumes
|
||||
}
|
||||
}
|
||||
|
||||
@@ -64,6 +64,9 @@ func New(nodeName, operatingSystem, namespace, kubeConfig, taint, provider, prov
|
||||
rm := manager.NewResourceManager(clientset)
|
||||
|
||||
daemonEndpointPortEnv := os.Getenv("KUBELET_PORT")
|
||||
if daemonEndpointPortEnv == "" {
|
||||
daemonEndpointPortEnv = "10250"
|
||||
}
|
||||
i64value, err := strconv.ParseInt(daemonEndpointPortEnv, 10, 32)
|
||||
daemonEndpointPort := int32(i64value)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user