Revert "Revert "Merge pull request #35821 from vishh/gci-mounter-scope""

This reverts commit 402116aed4.

cluster/gce/gci/configure-helper.sh

@@ -473,6 +473,7 @@ function start-kubelet {
   flags+=" --cluster-dns=${DNS_SERVER_IP}"
   flags+=" --cluster-domain=${DNS_DOMAIN}"
   flags+=" --config=/etc/kubernetes/manifests"
+  flags+=" --experimental-mounter-path=${KUBE_HOME}/bin/mounter"
 
   if [[ -n "${KUBELET_PORT:-}" ]]; then
     flags+=" --port=${KUBELET_PORT}"
@@ -1174,9 +1175,15 @@ EOF
 }
 
 function override-kubectl {
+    echo "overriding kubectl"
     echo "export PATH=${KUBE_HOME}/bin:\$PATH" > /etc/profile.d/kube_env.sh
 }
 
+function pre-warm-mounter {
+    echo "prewarming mounter"
+    ${KUBE_HOME}/bin/mounter &> /dev/null
+}
+
 ########### Main Function ###########
 echo "Start to configure instance for kubernetes"
 
@@ -1211,6 +1218,8 @@ else
 fi
 
 override-kubectl
+# Run the containerized mounter once to pre-cache the container image.
+pre-warm-mounter
 assemble-docker-flags
 load-docker-images
 start-kubelet

cluster/gce/gci/mounter/mounter

@@ -23,14 +23,21 @@ MOUNTER_USER=root
 RKT_BINARY=/home/kubernetes/bin/rkt
 
 function gc {
-    ${RKT_BINARY} gc --grace-period=0s &> /dev/null
+    # Attempt to garbage collect rkt pods with 5 retries.
+    # Rkt pods end up creating new copies of mounts on the host. Hence it is ideal to clean them up right away.
+    attempt=0
+    until [ $attempt -ge 5 ]; do
+	${RKT_BINARY} gc --grace-period=0s && break
+	attempt=$[$attempt+1]
+	sleep 1
+    done
 }
 
 # Garbage collect old rkt containers on exit
 trap gc EXIT
 
 ${RKT_BINARY} run --stage1-name="coreos.com/rkt/stage1-fly:1.18.0" \
-	--insecure-options=image \
-	--volume=rootfs,kind=host,source=/,readOnly=false,recursive=true \
-	--mount volume=rootfs,target=/media/root \
-	docker://${MOUNTER_DOCKER_IMAGE}:${MOUNTER_DOCKER_VERSION} --user=${MOUNTER_USER} --exec /bin/mount -- "$@"
+	      --insecure-options=image \
+	      --volume=kubelet,kind=host,source=/var/lib/kubelet,readOnly=false,recursive=true \
+	      --mount volume=kubelet,target=/var/lib/kubelet \
+	      docker://${MOUNTER_DOCKER_IMAGE}:${MOUNTER_DOCKER_VERSION} --user=${MOUNTER_USER} --exec /bin/mount -- "$@"

cmd/kube-proxy/app/conntrack.go

@@ -89,7 +89,7 @@ func (realConntracker) setIntSysCtl(name string, value int) error {
 func isSysFSWritable() (bool, error) {
 	const permWritable = "rw"
 	const sysfsDevice = "sysfs"
-	m := mount.New()
+	m := mount.New("" /* default mount path */)
 	mountPoints, err := m.List()
 	if err != nil {
 		glog.Errorf("failed to list mount points: %v", err)

cmd/kubelet/app/options/options.go

@@ -203,7 +203,6 @@ func (s *KubeletServer) AddFlags(fs *pflag.FlagSet) {
 	fs.BoolVar(&s.ExitOnLockContention, "exit-on-lock-contention", s.ExitOnLockContention, "Whether kubelet should exit upon lock-file contention.")
 	fs.StringVar(&s.RktPath, "rkt-path", s.RktPath, "Path of rkt binary. Leave empty to use the first rkt in $PATH.  Only used if --container-runtime='rkt'.")
 	fs.StringVar(&s.ExperimentalMounterPath, "experimental-mounter-path", s.ExperimentalMounterPath, "[Experimental] Path of mounter binary. Leave empty to use the default mount.")
-	fs.StringVar(&s.ExperimentalMounterRootfsPath, "experimental-mounter-rootfs-path", s.ExperimentalMounterRootfsPath, "[Experimental] Absolute path to the root filesystem for the mounter binary.")
 	fs.StringVar(&s.RktAPIEndpoint, "rkt-api-endpoint", s.RktAPIEndpoint, "The endpoint of the rkt API service to communicate with. Only used if --container-runtime='rkt'.")
 	fs.StringVar(&s.RktStage1Image, "rkt-stage1-image", s.RktStage1Image, "image to use as stage1. Local paths and http/https URLs are supported. If empty, the 'stage1.aci' in the same directory as '--rkt-path' will be used.")
 	fs.MarkDeprecated("rkt-stage1-image", "Will be removed in a future version. The default stage1 image will be specified by the rkt configurations, see https://github.com/coreos/rkt/blob/master/Documentation/configuration.md for more details.")

cmd/kubelet/app/server.go

@@ -118,7 +118,7 @@ func UnsecuredKubeletDeps(s *options.KubeletServer) (*kubelet.KubeletDeps, error
 		return nil, err
 	}
 
-	mounter := mount.NewCustomMounter(s.ExperimentalMounterPath, s.ExperimentalMounterRootfsPath)
+	mounter := mount.New(s.ExperimentalMounterPath)
 	var writer kubeio.Writer = &kubeio.StdWriter{}
 	if s.Containerized {
 		glog.V(2).Info("Running kubelet in containerized mode (experimental)")

hack/verify-flags/known-flags.txt

@@ -191,7 +191,6 @@ experimental-allowed-unsafe-sysctls
 experimental-bootstrap-kubeconfig
 experimental-keystone-url
 experimental-mounter-path
-experimental-mounter-rootfs-path
 experimental-nvidia-gpus
 experimental-prefix
 experimental-cri

pkg/apis/componentconfig/types.go

@@ -326,8 +326,6 @@ type KubeletConfiguration struct {
 	RktPath string `json:"rktPath,omitempty"`
 	// experimentalMounterPath is the path of mounter binary. Leave empty to use the default mount path
 	ExperimentalMounterPath string `json:"experimentalMounterPath,omitempty"`
-	// experimentalMounterRootfsPath is the absolute path to root filesystem for the mounter binary.
-	ExperimentalMounterRootfsPath string `json:"experimentalMounterRootfsPath,omitempty"`
 	// rktApiEndpoint is the endpoint of the rkt API service to communicate with.
 	// +optional
 	RktAPIEndpoint string `json:"rktAPIEndpoint,omitempty"`

pkg/apis/componentconfig/v1alpha1/types.go

@@ -374,8 +374,6 @@ type KubeletConfiguration struct {
 	// experimentalMounterPath is the path to mounter binary. If not set, kubelet will attempt to use mount
 	// binary that is available via $PATH,
 	ExperimentalMounterPath string `json:"experimentalMounterPath,omitempty"`
-	// experimentalMounterRootfsPath is the absolute path to root filesystem for the mounter binary.
-	ExperimentalMounterRootfsPath string `json:"experimentalMounterRootfsPath,omitempty"`
 	// rktApiEndpoint is the endpoint of the rkt API service to communicate with.
 	RktAPIEndpoint string `json:"rktAPIEndpoint"`
 	// rktStage1Image is the image to use as stage1. Local paths and

pkg/apis/componentconfig/v1alpha1/zz_generated.conversion.go

@@ -340,7 +340,6 @@ func autoConvert_v1alpha1_KubeletConfiguration_To_componentconfig_KubeletConfigu
 	out.RuntimeRequestTimeout = in.RuntimeRequestTimeout
 	out.RktPath = in.RktPath
 	out.ExperimentalMounterPath = in.ExperimentalMounterPath
-	out.ExperimentalMounterRootfsPath = in.ExperimentalMounterRootfsPath
 	out.RktAPIEndpoint = in.RktAPIEndpoint
 	out.RktStage1Image = in.RktStage1Image
 	if err := api.Convert_Pointer_string_To_string(&in.LockFilePath, &out.LockFilePath, s); err != nil {
@@ -509,7 +508,6 @@ func autoConvert_componentconfig_KubeletConfiguration_To_v1alpha1_KubeletConfigu
 	out.RuntimeRequestTimeout = in.RuntimeRequestTimeout
 	out.RktPath = in.RktPath
 	out.ExperimentalMounterPath = in.ExperimentalMounterPath
-	out.ExperimentalMounterRootfsPath = in.ExperimentalMounterRootfsPath
 	out.RktAPIEndpoint = in.RktAPIEndpoint
 	out.RktStage1Image = in.RktStage1Image
 	if err := api.Convert_string_To_Pointer_string(&in.LockFilePath, &out.LockFilePath, s); err != nil {

pkg/apis/componentconfig/v1alpha1/zz_generated.deepcopy.go

@@ -316,7 +316,6 @@ func DeepCopy_v1alpha1_KubeletConfiguration(in interface{}, out interface{}, c *
 		out.RuntimeRequestTimeout = in.RuntimeRequestTimeout
 		out.RktPath = in.RktPath
 		out.ExperimentalMounterPath = in.ExperimentalMounterPath
-		out.ExperimentalMounterRootfsPath = in.ExperimentalMounterRootfsPath
 		out.RktAPIEndpoint = in.RktAPIEndpoint
 		out.RktStage1Image = in.RktStage1Image
 		if in.LockFilePath != nil {

pkg/apis/componentconfig/zz_generated.deepcopy.go

@@ -319,7 +319,6 @@ func DeepCopy_componentconfig_KubeletConfiguration(in interface{}, out interface
 		out.RuntimeRequestTimeout = in.RuntimeRequestTimeout
 		out.RktPath = in.RktPath
 		out.ExperimentalMounterPath = in.ExperimentalMounterPath
-		out.ExperimentalMounterRootfsPath = in.ExperimentalMounterRootfsPath
 		out.RktAPIEndpoint = in.RktAPIEndpoint
 		out.RktStage1Image = in.RktStage1Image
 		out.LockFilePath = in.LockFilePath

pkg/cloudprovider/providers/openstack/metadata.go

@@ -95,7 +95,7 @@ func getMetadataFromConfigDrive() (*Metadata, error) {
 
 	glog.V(4).Infof("Attempting to mount configdrive %s on %s", dev, mntdir)
 
-	mounter := mount.New()
+	mounter := mount.New("" /* default mount path */)
 	err = mounter.Mount(dev, mntdir, "iso9660", []string{"ro"})
 	if err != nil {
 		err = mounter.Mount(dev, mntdir, "vfat", []string{"ro"})

pkg/kubemark/hollow_kubelet.go

@@ -72,7 +72,7 @@ func NewHollowKubelet(
 		TLSOptions:        nil,
 		OOMAdjuster:       oom.NewFakeOOMAdjuster(),
 		Writer:            &kubeio.StdWriter{},
-		Mounter:           mount.New(),
+		Mounter:           mount.New("" /* default mount path */),
 	}
 
 	return &HollowKubelet{

pkg/util/mount/BUILD

@@ -22,6 +22,7 @@ go_library(
     tags = ["automanaged"],
     deps = [
         "//pkg/util/exec:go_default_library",
+        "//pkg/util/sets:go_default_library",
         "//vendor:github.com/golang/glog",
     ],
 )

pkg/util/mount/mount.go

@@ -30,7 +30,7 @@ import (
 
 const (
 	// Default mount command if mounter path is not specified
-	mount = "mount"
+	defaultMountCommand = "mount"
 )
 
 type Interface interface {
@@ -94,25 +94,16 @@ func (mounter *SafeFormatAndMount) FormatAndMount(source string, target string,
 }
 
 // New returns a mount.Interface for the current system.
-func New() Interface {
-	return &Mounter{}
-}
-
-// NewCustomMounter returns a mount.Interface for the current system.
 // It provides options to override the default mounter behavior.
 // mounterPath allows using an alternative to `/bin/mount` for mounting.
-// mounterRootfsPath allows specifying a custom root filesystem path for non default `mounterPath`.
-func NewCustomMounter(mounterPath, mounterRootfsPath string) Interface {
+func New(mounterPath string) Interface {
 	// If mounter-path flag is not set, use default mount path
 	if mounterPath == "" {
-		mounterPath = mount
-	}
-	if mounterRootfsPath == "" {
-		mounterRootfsPath = "/"
+		mounterPath = defaultMountCommand
 	}
+
 	return &Mounter{
-		mounterPath:       mounterPath,
-		mounterRootfsPath: mounterRootfsPath,
+		mounterPath: mounterPath,
 	}
 }
 

pkg/util/mount/mount_linux.go

@@ -25,13 +25,13 @@ import (
 	"io"
 	"os"
 	"os/exec"
-	"path"
 	"strconv"
 	"strings"
 	"syscall"
 
 	"github.com/golang/glog"
 	utilExec "k8s.io/kubernetes/pkg/util/exec"
+	"k8s.io/kubernetes/pkg/util/sets"
 )
 
 const (
@@ -54,8 +54,7 @@ const (
 // for the linux platform.  This implementation assumes that the
 // kubelet is running in the host's root mount namespace.
 type Mounter struct {
-	mounterPath       string
-	mounterRootfsPath string
+	mounterPath string
 }
 
 // Mount mounts source to target as fstype with given options. 'source' and 'fstype' must
@@ -63,18 +62,24 @@ type Mounter struct {
 // type, where kernel handles fs type for you. The mount 'options' is a list of options,
 // currently come from mount(8), e.g. "ro", "remount", "bind", etc. If no more option is
 // required, call Mount with an empty string list or nil.
-// Update source path to include a root filesystem override to make a containerized mounter (specified via `mounterPath`) work.
 func (mounter *Mounter) Mount(source string, target string, fstype string, options []string) error {
+	// Path to mounter binary. Set to mount accessible via $PATH by default.
+	// All Linux distros are expected to be shipped with a mount utility that an support bind mounts.
+	mounterPath := defaultMountCommand
 	bind, bindRemountOpts := isBind(options)
 	if bind {
-		err := doMount(mounter.mounterPath, path.Join(mounter.mounterRootfsPath, source), path.Join(mounter.mounterRootfsPath, target), fstype, []string{"bind"})
+		err := doMount(mounterPath, source, target, fstype, []string{"bind"})
 		if err != nil {
 			return err
 		}
-		return doMount(mounter.mounterPath, path.Join(mounter.mounterRootfsPath, source), path.Join(mounter.mounterRootfsPath, target), fstype, bindRemountOpts)
-	} else {
-		return doMount(mounter.mounterPath, source, path.Join(mounter.mounterRootfsPath, target), fstype, options)
+		return doMount(mounterPath, source, target, fstype, bindRemountOpts)
 	}
+	// These filesystem types are expected to be supported by the mount utility on the host across all Linux distros.
+	var defaultMounterFsTypes = sets.NewString("tmpfs", "ext4", "ext3", "ext2")
+	if !defaultMounterFsTypes.Has(fstype) {
+		mounterPath = mounter.mounterPath
+	}
+	return doMount(mounterPath, source, target, fstype, options)
 }
 
 // isBind detects whether a bind mount is being requested and makes the remount options to

pkg/util/mount/mount_unsupported.go

@@ -19,8 +19,7 @@ limitations under the License.
 package mount
 
 type Mounter struct {
-	mounterPath       string
-	mounterRootfsPath string
+	mounterPath string
 }
 
 func (mounter *Mounter) Mount(source string, target string, fstype string, options []string) error {

test/e2e/framework/test_context.go

@@ -123,8 +123,6 @@ type NodeTestContextType struct {
 	ContainerRuntimeEndpoint string
 	// MounterPath is the path to the program to run to perform a mount
 	MounterPath string
-	// MounterRootfsPath is the path to the root filesystem for the program used to perform a mount in kubelet
-	MounterRootfsPath string
 }
 
 type CloudConfig struct {
@@ -229,7 +227,6 @@ func RegisterNodeFlags() {
 	flag.BoolVar(&TestContext.EnableCRI, "enable-cri", false, "Enable Container Runtime Interface (CRI) integration.")
 	flag.StringVar(&TestContext.ContainerRuntimeEndpoint, "container-runtime-endpoint", "", "The endpoint of remote container runtime grpc server, mainly used for Remote CRI validation.")
 	flag.StringVar(&TestContext.MounterPath, "experimental-mounter-path", "", "Path of mounter binary. Leave empty to use the default mount.")
-	flag.StringVar(&TestContext.MounterRootfsPath, "experimental-mounter-rootfs-path", "", "Absolute path to root filesystem for the mounter binary.")
 }
 
 // overwriteFlagsWithViperConfig finds and writes values to flags using viper as input.

test/e2e_node/remote/remote.go

@@ -273,6 +273,7 @@ func RunRemote(archive string, host string, cleanup bool, junitFilePrefix string
 		return "", false, fmt.Errorf("Issue detecting node's OS via node's /etc/os-release. Err: %v, Output:\n%s", err, output)
 	}
 	if strings.Contains(output, "ID=gci") {
+		glog.Infof("GCI node and GCI mounter both detected, modifying --experimental-mounter-path accordingly")
 		// Note this implicitly requires the script to be where we expect in the tarball, so if that location changes the error
 		// here will tell us to update the remote test runner.
 		mounterPath := filepath.Join(tmp, "cluster/gce/gci/mounter/mounter")
@@ -284,9 +285,6 @@ func RunRemote(archive string, host string, cleanup bool, junitFilePrefix string
 		// Insert args at beginning of testArgs, so any values from command line take precedence
 		testArgs = fmt.Sprintf("--experimental-mounter-rootfs-path=%s ", mounterRootfsPath) + testArgs
 		testArgs = fmt.Sprintf("--experimental-mounter-path=%s ", mounterPath) + testArgs
-
-		// Temporarily disabled (associated Kubelet flags commented out in k8s.io/kubernetes/test/e2e_node/services/services.go):
-		// glog.Infof("GCI node and GCI mounter both detected, setting --experimental-mounter-path=%q and --experimental-mounter-rootfs-path=%q accordingly", mounterPath, mounterRootfsPath)
 	}
 
 	// Run the tests