mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-11-27 08:40:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

cephfs: support selinux mount options

Browse Source 
- mount host's /etc/selinux in node plugins
- process mount options in all code paths for cephfs volume options

Signed-off-by: Alexandre Lossent <alexandre.lossent@cern.ch>
(cherry picked from commit 5cba04c470)
This commit is contained in:
Alexandre Lossent 2021-08-02 16:57:11 +02:00 committed by mergify[bot]
parent b866bd491c
commit 7688bc3a7a
9 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
charts/ceph-csi-cephfs/templates/nodeplugin-daemonset.yaml
View File

@ -112,6 +112,9 @@ spec:
name: host-mount name: host-mount
- mountPath: /sys - mountPath: /sys
name: host-sys name: host-sys
- mountPath: /etc/selinux
name: etc-selinux
readOnly: true
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
readOnly: true readOnly: true
@ -167,6 +170,9 @@ spec:
- name: host-sys - name: host-sys
hostPath: hostPath:
path: /sys path: /sys
- name: etc-selinux
hostPath:
path: /etc/selinux
- name: host-mount - name: host-mount
hostPath: hostPath:
path: /run/mount path: /run/mount

2
charts/ceph-csi-cephfs/templates/nodeplugin-psp.yaml
View File

@ -38,6 +38,8 @@ spec:
readOnly: false readOnly: false
- pathPrefix: '/sys' - pathPrefix: '/sys'
readOnly: false readOnly: false
- pathPrefix: '/etc/selinux'
readOnly: true
- pathPrefix: '/lib/modules' - pathPrefix: '/lib/modules'
readOnly: true readOnly: true
- pathPrefix: '{{ .Values.kubeletDir }}' - pathPrefix: '{{ .Values.kubeletDir }}'

6
charts/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
View File

@ -106,6 +106,9 @@ spec:
name: host-mount name: host-mount
- mountPath: /sys - mountPath: /sys
name: host-sys name: host-sys
- mountPath: /etc/selinux
name: etc-selinux
readOnly: true
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
readOnly: true readOnly: true
@ -175,6 +178,9 @@ spec:
- name: host-sys - name: host-sys
hostPath: hostPath:
path: /sys path: /sys
- name: etc-selinux
hostPath:
path: /etc/selinux
- name: lib-modules - name: lib-modules
hostPath: hostPath:
path: /lib/modules path: /lib/modules

2
charts/ceph-csi-rbd/templates/nodeplugin-psp.yaml
View File

@ -38,6 +38,8 @@ spec:
readOnly: false readOnly: false
- pathPrefix: '/sys' - pathPrefix: '/sys'
readOnly: false readOnly: false
- pathPrefix: '/etc/selinux'
readOnly: true
- pathPrefix: '/lib/modules' - pathPrefix: '/lib/modules'
readOnly: true readOnly: true
- pathPrefix: '{{ .Values.kubeletDir }}' - pathPrefix: '{{ .Values.kubeletDir }}'

6
deploy/cephfs/kubernetes/csi-cephfsplugin.yaml
View File

@ -84,6 +84,9 @@ spec:
mountPropagation: "Bidirectional" mountPropagation: "Bidirectional"
- name: host-sys - name: host-sys
mountPath: /sys mountPath: /sys
- name: etc-selinux
mountPath: /etc/selinux
readOnly: true
- name: lib-modules - name: lib-modules
mountPath: /lib/modules mountPath: /lib/modules
readOnly: true readOnly: true
@ -137,6 +140,9 @@ spec:
- name: host-sys - name: host-sys
hostPath: hostPath:
path: /sys path: /sys
- name: etc-selinux
hostPath:
path: /etc/selinux
- name: lib-modules - name: lib-modules
hostPath: hostPath:
path: /lib/modules path: /lib/modules

2
deploy/cephfs/kubernetes/csi-nodeplugin-psp.yaml
View File

@ -32,6 +32,8 @@ spec:
readOnly: false readOnly: false
- pathPrefix: '/sys' - pathPrefix: '/sys'
readOnly: false readOnly: false
- pathPrefix: '/etc/selinux'
readOnly: true
- pathPrefix: '/lib/modules' - pathPrefix: '/lib/modules'
readOnly: true readOnly: true
- pathPrefix: '/var/lib/kubelet/pods' - pathPrefix: '/var/lib/kubelet/pods'

2
deploy/rbd/kubernetes/csi-nodeplugin-psp.yaml
View File

@ -32,6 +32,8 @@ spec:
readOnly: false readOnly: false
- pathPrefix: '/sys' - pathPrefix: '/sys'
readOnly: false readOnly: false
- pathPrefix: '/etc/selinux'
readOnly: true
- pathPrefix: '/lib/modules' - pathPrefix: '/lib/modules'
readOnly: true readOnly: true
- pathPrefix: '/var/lib/kubelet/pods' - pathPrefix: '/var/lib/kubelet/pods'

6
deploy/rbd/kubernetes/csi-rbdplugin.yaml
View File

@ -93,6 +93,9 @@ spec:
name: host-sys name: host-sys
- mountPath: /run/mount - mountPath: /run/mount
name: host-mount name: host-mount
- mountPath: /etc/selinux
name: etc-selinux
readOnly: true
- mountPath: /lib/modules - mountPath: /lib/modules
name: lib-modules name: lib-modules
readOnly: true readOnly: true
@ -153,6 +156,9 @@ spec:
- name: host-sys - name: host-sys
hostPath: hostPath:
path: /sys path: /sys
- name: etc-selinux
hostPath:
path: /etc/selinux
- name: host-mount - name: host-mount
hostPath: hostPath:
path: /run/mount path: /run/mount

8
internal/cephfs/volumeoptions.go
View File

@ -411,6 +411,14 @@ func newVolumeOptionsFromMonitorList(
} }
} }
if err = extractOptionalOption(&opts.KernelMountOptions, "kernelMountOptions", options); err != nil {
return nil, nil, err
}
if err = extractOptionalOption(&opts.FuseMountOptions, "fuseMountOptions", options); err != nil {
return nil, nil, err
}
if err = extractMounter(&opts.Mounter, options); err != nil { if err = extractMounter(&opts.Mounter, options); err != nil {
return nil, nil, err return nil, nil, err
} }