volume-initializer

module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2024 License: Apache-2.0

README

Volume Initializer

Introduction

This project delivers a mutating admission webhook that can be used to initialize the pvc volumes of pod by injecting init containers into the pod.

The pvc volumes will be mounted to the injected init containers, you can do anything you want to the volumes, such as changing the ownership/permissions/contents of the volumes, just before your original container starts.

One typical usecase is using it to change the ownership/permissions of the volumes because your original containers are not running as root and unable to write data into the volumes.

Installation

Deploy CRD

kubectl apply -f config/crd/bases

Deploy CR

Create a volume initializer yaml and apply it.

Take this for example.

Deploy Webhook

deploy/prepare.sh && kubectl apply -f deploy/webhook-deployment.yaml

Test

Create pod with pvc volumes to test.

Take this for example. This example requires you have storage class named local-path and local-path2 on your cluster. You can install the local-path-provisioner for quick testing.

Environment Variables

The following environment variables will be present in the injected init container.

Environment Variable Explanation Present When Example Values
PVC_1_MOUNT_PATH pvc volume's mount path in the init container Always /data
PVC_1_UID value from pod's label volume.storage.kubesphere.io/uid or ${volume-name}.volume.storage.kubesphere.io/uid, can be used to chown the volume When label exists mongodb, 1001
PVC_1_GID value from pod's label volume.storage.kubesphere.io/gid or ${volume-name}.volume.storage.kubesphere.io/gid, can be used to chown the volume When label exists 0, mongodb

FAQ

  1. Why not use pod's annotations instead of labels to pass the volume's UID/GID to init container?
  • The webhook listens the pod CREATE events, such pods are likely generated from replicaset(from deployment/statefulset/daemonset), and normally don't have annotations present at the admission stage (i.e. when this webhook processes the requests). Therefore, we need to use the labels.

Limitations

  • If the pvc matches multiple pvcMatchers and init containers, only the first init container will be injected.

Directories

Path Synopsis
pkg
apis/storage/v1alpha1
Package v1alpha1 is the v1alpha1 version of the API.
Package v1alpha1 is the v1alpha1 version of the API.
generated/clientset/versioned/fake
This package has the automatically generated fake clientset.
This package has the automatically generated fake clientset.
generated/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
This package contains the scheme of the automatically generated clientset.
generated/clientset/versioned/typed/storage/v1alpha1
This package has the automatically generated typed clients.
This package has the automatically generated typed clients.
generated/clientset/versioned/typed/storage/v1alpha1/fake
Package fake has the automatically generated clients.
Package fake has the automatically generated clients.
test

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL