Skip to content

enhance: remove jindoruntime's fsGroup #3632

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fluid-e2e-bot merged 6 commits into from
Dec 12, 2023
Merged

enhance: remove jindoruntime's fsGroup #3632

fluid-e2e-bot merged 6 commits into from
Dec 12, 2023

Conversation

@TrafalgarZZZ
Copy link
Member

@TrafalgarZZZ TrafalgarZZZ commented Dec 11, 2023
edited
Loading

Ⅰ. Describe what this PR does

  1. Remove any fsGroup related transformation in Jindofsx and JindoCache engine. fsGroup has no critical effect on JindoRuntime's functionality but it will chown mounted persistent volumes which may cause unexpected changes on file ownership and permissions. See Configure volume permission and ownership change policy for Pods for more information:

By default, Kubernetes recursively changes ownership and permissions for the contents of each volume to match the fsGroup specified in a Pod's securityContext when that volume is mounted. For large volumes, checking and changing ownership and permissions can take a lot of time, slowing Pod startup.

  1. mount ufs volumes in read-only mode unless the Dataset is explicitly set to ReadWriteMany

Ⅱ. Does this pull request fix one issue?

fixes #XXXX

Ⅲ. List the added test cases (unit test/integration test) if any, please explain if no tests are needed.

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

@TrafalgarZZZ
Remove jindofsx's securityContext.fsGroup
357b46f 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Remove jindocache's securityContext.fsGroup
eda5cda 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Remove jindocache and jindofsx fsGroup transformation
64bd110 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Mount ufs volumes according to dataset's accessModes
323944d 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@codecov
Copy link

codecov bot commented Dec 11, 2023
edited
Loading

Codecov Report

Attention: 4 lines in your changes are missing coverage. Please review.

Comparison is base (c7c5b72) 64.26% compared to head (de952a0) 64.27%.
Report is 1 commits behind head on master.

Files Patch % Lines
pkg/ddc/jindocache/transform.go 66.66% 1 Missing and 1 partial ⚠️
pkg/ddc/jindofsx/transform.go 66.66% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3632   +/-   ##
=======================================
  Coverage   64.26%   64.27%           
=======================================
  Files         443      443           
  Lines       26739    26749   +10     
=======================================
+ Hits        17185    17193    +8     
- Misses       7541     7542    +1     
- Partials     2013     2014    +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@TrafalgarZZZ
Mount ufs volumes according to dataset's accessModes
3c45874 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Copy link
Member Author

TrafalgarZZZ commented Dec 11, 2023

/test fluid-e2e

cheyang
cheyang requested changes Dec 11, 2023
View reviewed changes
pkg/ddc/jindocache/transform.go
// the dataset is set to ReadWriteMany explicitly.
ufsVolumeReadOnly := true
accessModes := dataset.Spec.AccessModes
if len(accessModes) == 1 && accessModes[0] == corev1.ReadWriteMany {
Copy link
Collaborator

@cheyang cheyang Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How bout ReadWriteOnce?

Copy link
Member Author

@TrafalgarZZZ TrafalgarZZZ Dec 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ReadWriteOnce is now not supported for Fluid datasets.

cheyang
cheyang reviewed Dec 11, 2023
View reviewed changes
charts/jindofsx/templates/fuse/daemonset.yaml
{{- else if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | trim | indent 8 }}
{{- end }}
securityContext:
Copy link
Collaborator

@cheyang cheyang Dec 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also update chart version and changelog. thanks.

Copy link
Member Author

@TrafalgarZZZ TrafalgarZZZ Dec 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@TrafalgarZZZ
Update CHANGELOG.md of jindo helm chart
de952a0 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
cheyang
cheyang approved these changes Dec 12, 2023
View reviewed changes
Copy link
Collaborator

@cheyang cheyang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@fluid-e2e-bot fluid-e2e-bot bot added the lgtm label Dec 12, 2023
@fluid-e2e-bot
Copy link

fluid-e2e-bot bot commented Dec 12, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cheyang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fluid-e2e-bot fluid-e2e-bot bot merged commit f61c3d3 into fluid-cloudnative:master Dec 12, 2023
@TrafalgarZZZ TrafalgarZZZ mentioned this pull request Dec 12, 2023
Merged
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 12, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
8.3% 8.3% Duplication

cheyang pushed a commit to cheyang/fluid that referenced this pull request Dec 14, 2023
@TrafalgarZZZ @cheyang
enhance: remove jindoruntime's fsGroup (fluid-cloudnative#3632)
b6c3baf 
* Remove jindofsx's securityContext.fsGroup

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

---------

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
cheyang pushed a commit to cheyang/fluid that referenced this pull request Dec 14, 2023
@TrafalgarZZZ @cheyang
enhance: remove jindoruntime's fsGroup (fluid-cloudnative#3632)
e10172b 
* Remove jindofsx's securityContext.fsGroup

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

---------

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
Signed-off-by: cheyang <cheyang@163.com>
fluid-e2e-bot bot pushed a commit that referenced this pull request Dec 15, 2023
@cheyang @TrafalgarZZZ
enhance: remove jindoruntime's fsGroup (#3632) (#3641)
1f98a65 
* enhance: remove jindoruntime's fsGroup (#3632)

* Remove jindofsx's securityContext.fsGroup

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>

---------

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
Signed-off-by: cheyang <cheyang@163.com>

* Mount ufs volumes according to datasets' accessModes, To #53506158

Signed-off-by: cheyang <cheyang@163.com>

* Mount ufs volumes according to datasets' accessModes, To #53506158

Signed-off-by: cheyang <cheyang@163.com>

---------

Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
Signed-off-by: cheyang <cheyang@163.com>
Co-authored-by: TzZtzt <trafalgarz@outlook.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cheyang cheyang cheyang approved these changes

Assignees

@cheyang cheyang

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TrafalgarZZZ @cheyang