fix: ephemeral containers does not support volume mounts with subpath

tsuru · Feb 20, 2025 · f5dd40c · f5dd40c
1 parent c8a620b
commit f5dd40c
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 11 deletions.
diff --git a/internal/pkg/rpaas/k8s.go b/internal/pkg/rpaas/k8s.go
@@ -205,13 +205,26 @@ func (m *k8sRpaasManager) debugPodWithContainerStatus(ctx context.Context, args
 	return instance, debugContainerName, status, nil
 }
 
-func removeCertVolumeMounts(volumeMounts []corev1.VolumeMount) []corev1.VolumeMount {
+func assembleEphemeralVolumeMounts(volumeMounts []corev1.VolumeMount) []corev1.VolumeMount {
 	var result []corev1.VolumeMount
 	for _, vm := range volumeMounts {
-		if !strings.HasPrefix(vm.MountPath, "/etc/nginx/certs") {
-			result = append(result, vm)
+		// NOTE(ravilock): K8s does not support ephemeral containers with volume mounts that have subpaths.
+		if vm.SubPath != "" {
+			continue
+		}
+		if strings.HasPrefix(vm.MountPath, "/etc/nginx/certs") {
+			continue
 		}
+		if vm.Name == "nginx-config" {
+			continue
+		}
+		result = append(result, vm)
 	}
+	result = append(result, corev1.VolumeMount{
+		Name:      "nginx-config",
+		MountPath: "/etc/nginx",
+		ReadOnly:  true,
+	})
 	return result
 }
 
@@ -238,7 +251,7 @@ func (m *k8sRpaasManager) getDebugContainer(ctx context.Context, args *CommonTer
 	if nginxContainer == nil {
 		return "", errors.New("nginx container not found in pod")
 	}
-	rpaasInstanceVolumeMounts := removeCertVolumeMounts(nginxContainer.VolumeMounts)
+	rpaasInstanceVolumeMounts := assembleEphemeralVolumeMounts(nginxContainer.VolumeMounts)
 	debugContainer := &corev1.EphemeralContainer{
 		EphemeralContainerCommon: corev1.EphemeralContainerCommon{
 			Name:            debugContainerName,

diff --git a/internal/pkg/rpaas/k8s_test.go b/internal/pkg/rpaas/k8s_test.go
@@ -5275,7 +5275,7 @@ func Test_k8sRpaasManager_Debug(t *testing.T) {
 		{
 			Name:      "certs-test",
 			ReadOnly:  true,
-			MountPath: "/etc/nginx/certs/",
+			MountPath: "/etc/nginx/certs/test",
 		},
 		{
 			Name:      "extra-files-0",
@@ -5289,19 +5289,28 @@ func Test_k8sRpaasManager_Debug(t *testing.T) {
 			SubPath:   "binary.exe",
 			ReadOnly:  true,
 		},
+		{
+			Name:      "extra-files-2",
+			MountPath: "/etc/nginx/extra_files_2",
+			ReadOnly:  true,
+		},
+		{
+			Name:      "nginx-config",
+			MountPath: "/etc/nginx/nginx.conf",
+			SubPath:   "nginx.conf",
+			ReadOnly:  true,
+		},
 	}
 
 	expectedVolumeMounts := []corev1.VolumeMount{
 		{
-			Name:      "extra-files-0",
-			MountPath: "/etc/nginx/extra_files/waf.cfg",
-			SubPath:   "waf.cfg",
+			Name:      "extra-files-2",
+			MountPath: "/etc/nginx/extra_files_2",
 			ReadOnly:  true,
 		},
 		{
-			Name:      "extra-files-1",
-			MountPath: "/etc/nginx/extra_files/binary.exe",
-			SubPath:   "binary.exe",
+			Name:      "nginx-config",
+			MountPath: "/etc/nginx",
 			ReadOnly:  true,
 		},
 	}