Skip to content

Updated Red Hat mounts for air-gapped clusters #2391

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JunAr7112 wants to merge 1 commit into
base: main
Choose a base branch
from
+26 −10
Open

Updated Red Hat mounts for air-gapped clusters #2391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 11 additions & 5 deletions controllers/object_controls.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,10 +253,13 @@ var SubscriptionPathMap = map[string](MountPathToVolumeSource){
Type: ptr.To(corev1.HostPathDirectory),
},
},
// FileOrCreate: kubelet rejects HostPathFile when the path is missing; air-gapped
// RHEL nodes often have no redhat.repo. When driver.repoConfig is set, this mount is
// omitted so the driver uses only the mounted ConfigMap repos.
"/run/secrets/redhat.repo": corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/etc/yum.repos.d/redhat.repo",
Type: ptr.To(corev1.HostPathFile),
Type: ptr.To(corev1.HostPathFileOrCreate),
},
},
"/run/secrets/rhsm": corev1.VolumeSource{
Expand All @@ -276,7 +279,7 @@ var SubscriptionPathMap = map[string](MountPathToVolumeSource){
"/run/secrets/redhat.repo": corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/etc/yum.repos.d/redhat.repo",
Type: ptr.To(corev1.HostPathFile),
Type: ptr.To(corev1.HostPathFileOrCreate),
},
},
"/run/secrets/rhsm": corev1.VolumeSource{
Expand Down Expand Up @@ -3676,9 +3679,12 @@ func transformDriverContainer(obj *appsv1.DaemonSet, config *gpuv1.ClusterPolicy
// set up subscription entitlements for RHEL(using K8s with a non-CRIO runtime) and SLES
if (osID == "rhel" && n.openshift == "" && n.runtime != gpuv1.CRIO) || osID == "sles" || osID == "sl-micro" {
n.logger.Info("Mounting subscriptions into the driver container", "OS", osID)
pathToVolumeSource, err := n.getSubscriptionPathsToVolumeSources()
if err != nil {
return fmt.Errorf("ERROR: failed to get path items for subscription entitlements: %v", err)
pathToVolumeSource := MountPathToVolumeSource{}
if config.Driver.RepoConfig == nil || config.Driver.RepoConfig.ConfigMapName == "" || osID != "rhel" {
pathToVolumeSource, err = n.getSubscriptionPathsToVolumeSources()
if err != nil {
return fmt.Errorf("ERROR: failed to get path items for subscription entitlements: %v", err)
}
}

// sort host path volumes to ensure ordering is preserved when adding to pod spec
Expand Down
20 changes: 15 additions & 5 deletions internal/state/driver_volumes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,13 @@ var SubscriptionPathMap = map[string]MountPathToVolumeSource{
Type: ptr.To(corev1.HostPathDirectory),
},
},
// FileOrCreate: kubelet rejects HostPathFile when the path is missing; air-gapped
// RHEL nodes often have no redhat.repo. When repoConfig is set, this mount is omitted
// so the driver uses only the mounted ConfigMap repos.
"/run/secrets/redhat.repo": corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/etc/yum.repos.d/redhat.repo",
Type: ptr.To(corev1.HostPathFile),
Type: ptr.To(corev1.HostPathFileOrCreate),
},
},
"/run/secrets/rhsm": corev1.VolumeSource{
Expand All @@ -95,7 +98,7 @@ var SubscriptionPathMap = map[string]MountPathToVolumeSource{
"/run/secrets/redhat.repo": corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/etc/yum.repos.d/redhat.repo",
Type: ptr.To(corev1.HostPathFile),
Type: ptr.To(corev1.HostPathFileOrCreate),
},
},
"/run/secrets/rhsm": corev1.VolumeSource{
Expand Down Expand Up @@ -183,9 +186,16 @@ func (s *stateDriver) getDriverAdditionalConfigs(ctx context.Context, cr *v1alph
// set up subscription entitlements for RHEL(using K8s with a non-CRIO runtime) and SLES
if (pool.osRelease == "rhel" && openshiftVersion == "" && runtime != consts.CRIO) || pool.osRelease == "sles" || pool.osRelease == "sl-micro" {
logger.Info("Mounting subscriptions into the driver container", "OS", pool.osVersion)
pathToVolumeSource, err := getSubscriptionPathsToVolumeSources(pool.osRelease)
if err != nil {
return nil, fmt.Errorf("ERROR: failed to get path items for subscription entitlements: %v", err)
pathToVolumeSource := MountPathToVolumeSource{}
// Custom repo ConfigMap supplies yum repos in offline/air-gapped installs. Skip
// mounting host RHSM paths (/etc/pki/entitlement, redhat.repo, /etc/rhsm): they may
// be missing or not directories on minimal nodes, and are not needed when packages
// come only from the mounted repo ConfigMap.
if !cr.Spec.IsRepoConfigEnabled() || pool.osRelease != "rhel" {
pathToVolumeSource, err = getSubscriptionPathsToVolumeSources(pool.osRelease)
if err != nil {
return nil, fmt.Errorf("ERROR: failed to get path items for subscription entitlements: %v", err)
}
}

// sort host path volumes to ensure ordering is preserved when adding to pod spec
Expand Down