nodeup: drop containerized mounter and Archive task

mounter.tar (kubernetes-release/gci-mounter, frozen since Jan 2017)
was the sole caller of nodetasks.Archive and the only consumer of
kubelet's --experimental-mounter-path flag, which has been deprecated
upstream since k8s 1.19 with three stalled removal attempts in k/k.

The last real consumer was in-tree NFS PVs resolving cluster-internal
Service DNS names on COS; affected users should migrate to
kubernetes-csi/csi-driver-nfs.

Author: hakman

nodeup/pkg/model/kubelet.go

@@ -23,7 +23,6 @@ import (
 	"io"
 	"net"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 	"time"
@@ -50,9 +49,6 @@ import (
 )
 
 const (
-	// containerizedMounterHome is the path where we install the containerized mounter (on ContainerOS)
-	containerizedMounterHome = "/home/kubernetes/containerized_mounter"
-
 	// kubeletService is the name of the kubelet service
 	kubeletService = "kubelet.service"
 
@@ -183,10 +179,6 @@ func (b *KubeletBuilder) Build(c *fi.NodeupModelBuilderContext) error {
 		})
 	}
 
-	if err := b.addContainerizedMounter(c); err != nil {
-		return err
-	}
-
 	if b.UseExternalKubeletCredentialProvider() {
 		switch b.CloudProvider() {
 		case kops.CloudProviderGCE:
@@ -363,11 +355,6 @@ func (b *KubeletBuilder) buildSystemdEnvironmentFile(ctx context.Context, kubele
 		}
 	}
 
-	if b.usesContainerizedMounter() {
-		// We don't want to expose this in the model while it is experimental, but it is needed on COS
-		flags += " --experimental-mounter-path=" + path.Join(containerizedMounterHome, "mounter")
-	}
-
 	// Add container runtime spcific flags
 	flags += " --runtime-request-timeout=15m"
 	if b.NodeupConfig.ContainerdConfig.Address == nil {
@@ -449,16 +436,6 @@ func (b *KubeletBuilder) buildSystemdService() *nodetasks.Service {
 	return service
 }
 
-// usesContainerizedMounter returns true if we use the containerized mounter
-func (b *KubeletBuilder) usesContainerizedMounter() bool {
-	switch b.Distribution {
-	case distributions.DistributionContainerOS:
-		return true
-	default:
-		return false
-	}
-}
-
 // addECRCredentialProvider installs the ECR Kubelet Credential Provider
 func (b *KubeletBuilder) addECRCredentialProvider(c *fi.NodeupModelBuilderContext) error {
 	{
@@ -599,93 +576,6 @@ providers:
 	return nil
 }
 
-// addContainerizedMounter downloads and installs the containerized mounter, that we need on ContainerOS
-func (b *KubeletBuilder) addContainerizedMounter(c *fi.NodeupModelBuilderContext) error {
-	if !b.usesContainerizedMounter() {
-		return nil
-	}
-
-	// This is not a race because /etc is ephemeral on COS, and we start kubelet (also in /etc on COS)
-
-	// So what we do here is we download a tarred container image, expand it to containerizedMounterHome, then
-	// set up bind mounts so that the script is executable (most of containeros is noexec),
-	// and set up some bind mounts of proc and dev so that mounting can take place inside that container
-	// - it isn't a full docker container.
-
-	{
-		// @TODO Extract to common function?
-		assetName := "mounter"
-		assetPath := ""
-		asset, err := b.Assets.Find(assetName, assetPath)
-		if err != nil {
-			return fmt.Errorf("trying to locate asset %q: %v", assetName, err)
-		}
-		if asset == nil {
-			return fmt.Errorf("unable to locate asset %q", assetName)
-		}
-
-		t := &nodetasks.File{
-			Path:     path.Join(containerizedMounterHome, "mounter"),
-			Contents: asset,
-			Type:     nodetasks.FileType_File,
-			Mode:     s("0755"),
-		}
-		c.AddTask(t)
-	}
-
-	c.AddTask(&nodetasks.File{
-		Path: containerizedMounterHome,
-		Type: nodetasks.FileType_Directory,
-	})
-
-	// TODO: leverage assets for this tar file (but we want to avoid expansion of the archive)
-	c.AddTask(&nodetasks.Archive{
-		Name:      "containerized_mounter",
-		Source:    "https://storage.googleapis.com/kubernetes-release/gci-mounter/mounter.tar",
-		Hash:      "6a9f5f52e0b066183e6b90a3820b8c2c660d30f6ac7aeafb5064355bf0a5b6dd",
-		TargetDir: path.Join(containerizedMounterHome, "rootfs"),
-	})
-
-	c.AddTask(&nodetasks.File{
-		Path: path.Join(containerizedMounterHome, "rootfs/var/lib/kubelet"),
-		Type: nodetasks.FileType_Directory,
-	})
-
-	c.AddTask(&nodetasks.BindMount{
-		Source:     containerizedMounterHome,
-		Mountpoint: containerizedMounterHome,
-		Options:    []string{"exec"},
-	})
-
-	c.AddTask(&nodetasks.BindMount{
-		Source:     "/var/lib/kubelet/",
-		Mountpoint: path.Join(containerizedMounterHome, "rootfs/var/lib/kubelet"),
-		Options:    []string{"rshared"},
-		Recursive:  true,
-	})
-
-	c.AddTask(&nodetasks.BindMount{
-		Source:     "/proc",
-		Mountpoint: path.Join(containerizedMounterHome, "rootfs/proc"),
-		Options:    []string{"ro"},
-	})
-
-	c.AddTask(&nodetasks.BindMount{
-		Source:     "/dev",
-		Mountpoint: path.Join(containerizedMounterHome, "rootfs/dev"),
-		Options:    []string{"ro"},
-	})
-
-	// kube-up does a file cp, but we probably want to make changes visible (e.g. for gossip DNS)
-	c.AddTask(&nodetasks.BindMount{
-		Source:     "/etc/resolv.conf",
-		Mountpoint: path.Join(containerizedMounterHome, "rootfs/etc/resolv.conf"),
-		Options:    []string{"ro"},
-	})
-
-	return nil
-}
-
 // NodeLabels are defined in the InstanceGroup, but set flags on the kubelet config.
 // We have a conflict here: on the one hand we want an easy to use abstract specification
 // for the cluster, on the other hand we don't want two fields that do the same thing.

pkg/nodemodel/fileassets.go

@@ -56,10 +56,6 @@ func BuildKubernetesFileAssets(ig model.InstanceGroup, assetBuilder *assets.Asse
 			fmt.Sprintf("/bin/linux/%s/kubectl", arch),
 		}
 
-		if needsMounterAsset(ig) {
-			k8sAssetsNames = append(k8sAssetsNames, fmt.Sprintf("/bin/linux/%s/mounter", arch))
-		}
-
 		for _, an := range k8sAssetsNames {
 			k, err := url.Parse(baseURL)
 			if err != nil {
@@ -178,15 +174,3 @@ func BuildNodeUpAssets(ctx context.Context, assetBuilder *assets.AssetBuilder) (
 		NodeUpAssets: nodeUpAssets,
 	}, nil
 }
-
-// needsMounterAsset checks if we need the mounter program
-// This is only needed currently on ContainerOS i.e. GCE, but we don't have a nice way to detect it yet
-func needsMounterAsset(ig model.InstanceGroup) bool {
-	// TODO: Do real detection of ContainerOS (but this has to work with image names, and maybe even forked images)
-	switch ig.GetCloudProvider() {
-	case kops.CloudProviderGCE:
-		return true
-	default:
-		return false
-	}
-}