From 02165aaeb83754ee15c635b3707b119a88ec43bd Mon Sep 17 00:00:00 2001 From: Tianchu Zhao Date: Wed, 3 Nov 2021 10:09:57 +1100 Subject: [PATCH] fix(controller): default volume/mount to emissary (#7125) Signed-off-by: Tianchu Zhao --- .../controller/container_set_template_test.go | 15 ++++----------- workflow/controller/workflowpod.go | 8 ++++---- workflow/controller/workflowpod_test.go | 2 ++ workflow/validate/validate_test.go | 4 ++-- 4 files changed, 12 insertions(+), 17 deletions(-) diff --git a/workflow/controller/container_set_template_test.go b/workflow/controller/container_set_template_test.go index 9493e4083cbf..46042a1bc4df 100644 --- a/workflow/controller/container_set_template_test.go +++ b/workflow/controller/container_set_template_test.go @@ -42,9 +42,8 @@ spec: pod, err := getPod(woc, "pod") assert.NoError(t, err) - socket := corev1.HostPathSocket assert.ElementsMatch(t, []corev1.Volume{ - {Name: "docker-sock", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/var/run/docker.sock", Type: &socket}}}, + {Name: "var-run-argo", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, {Name: "workspace", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, }, pod.Spec.Volumes) @@ -54,9 +53,7 @@ spec: for _, c := range pod.Spec.Containers { switch c.Name { case common.WaitContainerName: - assert.ElementsMatch(t, []corev1.VolumeMount{ - {Name: "docker-sock", MountPath: "/var/run/docker.sock", ReadOnly: true}, - }, c.VolumeMounts) + assert.ElementsMatch(t, []corev1.VolumeMount{}, c.VolumeMounts) case "ctr-0": assert.ElementsMatch(t, []corev1.VolumeMount{ {Name: "workspace", MountPath: "/workspace"}, @@ -108,9 +105,8 @@ spec: pod, err := getPod(woc, "pod") assert.NoError(t, err) - socket := corev1.HostPathSocket assert.ElementsMatch(t, []corev1.Volume{ - {Name: "docker-sock", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/var/run/docker.sock", Type: &socket}}}, + {Name: "var-run-argo", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, {Name: "workspace", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, {Name: "input-artifacts", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, }, pod.Spec.Volumes) @@ -128,7 +124,6 @@ spec: switch c.Name { case common.WaitContainerName: assert.ElementsMatch(t, []corev1.VolumeMount{ - {Name: "docker-sock", MountPath: "/var/run/docker.sock", ReadOnly: true}, {Name: "workspace", MountPath: "/mainctrfs/workspace"}, {Name: "input-artifacts", MountPath: "/mainctrfs/in/in-0", SubPath: "in-0"}, }, c.VolumeMounts) @@ -184,9 +179,8 @@ spec: pod, err := getPod(woc, "pod") assert.NoError(t, err) - socket := corev1.HostPathSocket assert.ElementsMatch(t, []corev1.Volume{ - {Name: "docker-sock", VolumeSource: corev1.VolumeSource{HostPath: &corev1.HostPathVolumeSource{Path: "/var/run/docker.sock", Type: &socket}}}, + {Name: "var-run-argo", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, {Name: "workspace", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}}, }, pod.Spec.Volumes) @@ -197,7 +191,6 @@ spec: switch c.Name { case common.WaitContainerName: assert.ElementsMatch(t, []corev1.VolumeMount{ - {Name: "docker-sock", MountPath: "/var/run/docker.sock", ReadOnly: true}, {Name: "workspace", MountPath: "/mainctrfs/workspace"}, }, c.VolumeMounts) case "main": diff --git a/workflow/controller/workflowpod.go b/workflow/controller/workflowpod.go index 112831a79d5d..08b6eedeff11 100644 --- a/workflow/controller/workflowpod.go +++ b/workflow/controller/workflowpod.go @@ -535,7 +535,7 @@ func (woc *wfOperationCtx) newWaitContainer(tmpl *wfv1.Template) *apiv1.Containe // in order to SIGTERM/SIGKILL the pid ctr.SecurityContext.Privileged = pointer.BoolPtr(true) } - case "", common.ContainerRuntimeExecutorDocker: + case common.ContainerRuntimeExecutorDocker: ctr.VolumeMounts = append(ctr.VolumeMounts, woc.getVolumeMountDockerSock(tmpl)) } return ctr @@ -638,10 +638,10 @@ func (woc *wfOperationCtx) createVolumes(tmpl *wfv1.Template) []apiv1.Volume { } switch woc.getContainerRuntimeExecutor() { case common.ContainerRuntimeExecutorKubelet, common.ContainerRuntimeExecutorK8sAPI, common.ContainerRuntimeExecutorPNS: - case common.ContainerRuntimeExecutorEmissary: - volumes = append(volumes, volumeVarArgo) - default: + case common.ContainerRuntimeExecutorDocker: volumes = append(volumes, woc.getVolumeDockerSock(tmpl)) + default: + volumes = append(volumes, volumeVarArgo) } volumes = append(volumes, tmpl.Volumes...) return volumes diff --git a/workflow/controller/workflowpod_test.go b/workflow/controller/workflowpod_test.go index a2ac1d008f24..c6a0c05b1e8a 100644 --- a/workflow/controller/workflowpod_test.go +++ b/workflow/controller/workflowpod_test.go @@ -1526,6 +1526,7 @@ spec: func TestHybridWfVolumesWindows(t *testing.T) { wf := wfv1.MustUnmarshalWorkflow(helloWindowsWf) woc := newWoc(*wf) + woc.controller.Config.ContainerRuntimeExecutor = common.ContainerRuntimeExecutorDocker ctx := context.Background() mainCtr := woc.execWf.Spec.Templates[0].Container @@ -1586,6 +1587,7 @@ func TestWindowsUNCPathsAreRemoved(t *testing.T) { func TestHybridWfVolumesLinux(t *testing.T) { wf := wfv1.MustUnmarshalWorkflow(helloLinuxWf) woc := newWoc(*wf) + woc.controller.Config.ContainerRuntimeExecutor = common.ContainerRuntimeExecutorDocker ctx := context.Background() mainCtr := woc.execWf.Spec.Templates[0].Container diff --git a/workflow/validate/validate_test.go b/workflow/validate/validate_test.go index e6f2018b89b1..364c60890276 100644 --- a/workflow/validate/validate_test.go +++ b/workflow/validate/validate_test.go @@ -1626,7 +1626,7 @@ func TestBaseImageOutputVerify(t *testing.T) { wfNonPathOutputParam := unmarshalWf(nonPathOutputParameter) var err error - for _, executor := range []string{common.ContainerRuntimeExecutorK8sAPI, common.ContainerRuntimeExecutorKubelet, common.ContainerRuntimeExecutorPNS, common.ContainerRuntimeExecutorDocker, ""} { + for _, executor := range []string{common.ContainerRuntimeExecutorK8sAPI, common.ContainerRuntimeExecutorKubelet, common.ContainerRuntimeExecutorPNS, common.ContainerRuntimeExecutorDocker, common.ContainerRuntimeExecutorDocker, common.ContainerRuntimeExecutorEmissary, ""} { switch executor { case common.ContainerRuntimeExecutorK8sAPI, common.ContainerRuntimeExecutorKubelet: _, err = ValidateWorkflow(wftmplGetter, cwftmplGetter, wfBaseOutArt, ValidateOpts{ContainerRuntimeExecutor: executor}) @@ -1644,7 +1644,7 @@ func TestBaseImageOutputVerify(t *testing.T) { assert.NoError(t, err) _, err = ValidateWorkflow(wftmplGetter, cwftmplGetter, wfBaseWithEmptyDirOutArt, ValidateOpts{ContainerRuntimeExecutor: executor}) assert.Error(t, err) - case common.ContainerRuntimeExecutorDocker, "": + case common.ContainerRuntimeExecutorDocker, common.ContainerRuntimeExecutorEmissary, "": _, err = ValidateWorkflow(wftmplGetter, cwftmplGetter, wfBaseOutArt, ValidateOpts{ContainerRuntimeExecutor: executor}) assert.NoError(t, err) _, err = ValidateWorkflow(wftmplGetter, cwftmplGetter, wfBaseOutParam, ValidateOpts{ContainerRuntimeExecutor: executor})