Handle non-empty EmptyDirs used by GCS Fuse CSI Driver. #11728
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![copybara-service[bot]](https://avatars.githubusercontent.com/in/44061?s=60&v=4){kind=small}
Some CSI drivers, like GCS Fuse CSI driver, inject EmptyDirs into sidecar containers and communicate with the container using files in the EmptyDir. In gVisor terminology, such an EmptyDir is being used as a shared bind (gofer) mount. It is not exclusive to the sandbox. This breaks a fundamental assumption gVisor makes about EmptyDirs; it assumes that they are exclusive to the sandbox and that it has no external observers. So as an optimization, gVisor converts EmptyDir volumes into gVisor-internal tmpfs filesystems that are mounted into all the containers that are using that EmptyDir. As a result: - Any files in the host EmptyDir directory is not reflected within the sandbox. - Any changes made by the sandbox in the EmptyDir are not reflcted on the host. This change uses the heuristic that if the EmptyDir volume's host directory is not empty at sandbox creation time, then it is being shared with some external component which is interacting with the sandbox. We have observed that the GCS Fuse CSI Driver populates the /gcsfuse-tmp EmptyDir with a UDS at path `.volumes/gcsfuse-mount/socket`. PiperOrigin-RevId: 758765841
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Handle non-empty EmptyDirs used by GCS Fuse CSI Driver.
Some CSI drivers, like GCS Fuse CSI driver, inject EmptyDirs into sidecar
containers and communicate with the container using files in the EmptyDir.
In gVisor terminology, such an EmptyDir is being used as a shared bind (gofer)
mount. It is not exclusive to the sandbox. This breaks a fundamental assumption
gVisor makes about EmptyDirs; it assumes that they are exclusive to the sandbox
and that it has no external observers. So as an optimization, gVisor converts
EmptyDir volumes into gVisor-internal tmpfs filesystems that are mounted into
all the containers that are using that EmptyDir. As a result:
This change uses the heuristic that if the EmptyDir volume's host directory is
not empty at sandbox creation time, then it is being shared with some external
component which is interacting with the sandbox. We have observed that the GCS
Fuse CSI Driver populates the /gcsfuse-tmp EmptyDir with a UDS at path
.volumes/gcsfuse-mount/socket.