From 0d589da56eb60df4fcc9e8e8441a3ba618144b65 Mon Sep 17 00:00:00 2001
From: Amarendra Kumar <amar.arawat@gmail.com>
Date: Mon, 6 Jan 2025 23:53:56 +0530
Subject: [PATCH] Add support for hostPath (#15648)

* 15546: Add support for hostPath

* 15546: Fix additional Space and eof

* Fix eof

* update for EOF

* revert mess up

* remove white spaces

* added Comment

* remove extra validations as its there in K8
---
 config/core/300-resources/configuration.yaml   |  4 ++++
 config/core/300-resources/revision.yaml        |  4 ++++
 config/core/300-resources/service.yaml         |  4 ++++
 config/core/configmaps/features.yaml           | 10 +++++++++-
 hack/schemapatch-config.yaml                   |  7 +++++++
 pkg/apis/config/features.go                    |  3 +++
 pkg/apis/config/features_test.go               | 18 ++++++++++++++++++
 pkg/apis/serving/fieldmask.go                  |  4 ++++
 pkg/reconciler/route/resources/service_test.go |  1 +
 9 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/config/core/300-resources/configuration.yaml b/config/core/300-resources/configuration.yaml
index 65bf809eb612..7e23eba933ee 100644
--- a/config/core/300-resources/configuration.yaml
+++ b/config/core/300-resources/configuration.yaml
@@ -1220,6 +1220,10 @@ spec:
                                 description: This is accessible behind a feature flag - kubernetes.podspec-emptydir
                                 type: object
                                 x-kubernetes-preserve-unknown-fields: true
+                              hostPath:
+                                description: This is accessible behind a feature flag - kubernetes.podspec-hostpath
+                                type: object
+                                x-kubernetes-preserve-unknown-fields: true
                               name:
                                 description: |-
                                   name of the volume.
diff --git a/config/core/300-resources/revision.yaml b/config/core/300-resources/revision.yaml
index 71bee879eb96..ec86072eba2b 100644
--- a/config/core/300-resources/revision.yaml
+++ b/config/core/300-resources/revision.yaml
@@ -1197,6 +1197,10 @@ spec:
                         description: This is accessible behind a feature flag - kubernetes.podspec-emptydir
                         type: object
                         x-kubernetes-preserve-unknown-fields: true
+                      hostPath:
+                        description: This is accessible behind a feature flag - kubernetes.podspec-hostpath
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
                       name:
                         description: |-
                           name of the volume.
diff --git a/config/core/300-resources/service.yaml b/config/core/300-resources/service.yaml
index 69dbe087012d..4d9765a4d97a 100644
--- a/config/core/300-resources/service.yaml
+++ b/config/core/300-resources/service.yaml
@@ -1240,6 +1240,10 @@ spec:
                                 description: This is accessible behind a feature flag - kubernetes.podspec-emptydir
                                 type: object
                                 x-kubernetes-preserve-unknown-fields: true
+                              hostPath:
+                                description: This is accessible behind a feature flag - kubernetes.podspec-hostpath
+                                type: object
+                                x-kubernetes-preserve-unknown-fields: true
                               name:
                                 description: |-
                                   name of the volume.
diff --git a/config/core/configmaps/features.yaml b/config/core/configmaps/features.yaml
index 55d64127acdd..51830a89b6d5 100644
--- a/config/core/configmaps/features.yaml
+++ b/config/core/configmaps/features.yaml
@@ -22,7 +22,7 @@ metadata:
     app.kubernetes.io/component: controller
     app.kubernetes.io/version: devel
   annotations:
-    knative.dev/example-checksum: "9ff569ad"
+    knative.dev/example-checksum: "63a13754"
 data:
   _example: |-
     ################################
@@ -200,6 +200,14 @@ data:
     # 2. Disabled: disabling EmptyDir volume support
     kubernetes.podspec-volumes-emptydir: "enabled"
 
+    # Controls whether volume support for HostPath is enabled or not.
+    # WARNING: Cannot safely be disabled once enabled.
+    # WARNING: If you can avoid using a hostPath volume, you should.
+    # Please read https://kubernetes.io/docs/concepts/storage/volumes/#hostpath before enabling this feature.
+    # 1. Enabled: enabling HostPath volume support
+    # 2. Disabled: disabling HostPath volume support
+    kubernetes.podspec-volumes-hostpath: "disabled"
+
     # Controls whether init containers support is enabled or not.
     # 1. Enabled: enabling init containers support
     # 2. Disabled: disabling init containers support
diff --git a/hack/schemapatch-config.yaml b/hack/schemapatch-config.yaml
index abd6846a04e4..23109fa79738 100644
--- a/hack/schemapatch-config.yaml
+++ b/hack/schemapatch-config.yaml
@@ -12,6 +12,7 @@ k8s.io/api/core/v1.VolumeSource:
     # Following are behind feature flags
     - EmptyDir
     - PersistentVolumeClaim
+    - HostPath
 k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource:
   description: "This is accessible behind a feature flag - kubernetes.podspec-persistent-volume-claim"
   additionalMarkers:
@@ -24,6 +25,12 @@ k8s.io/api/core/v1.EmptyDirVolumeSource:
   # Part of a feature flag - so we want to omit the schema and preserve unknown fields
   - kubebuilder:validation:DropProperties
   - kubebuilder:pruning:PreserveUnknownFields
+k8s.io/api/core/v1.HostPathVolumeSource:
+  description: "This is accessible behind a feature flag - kubernetes.podspec-hostpath"
+  additionalMarkers:
+  # Part of a feature flag - so we want to omit the schema and preserve unknown fields
+  - kubebuilder:validation:DropProperties
+  - kubebuilder:pruning:PreserveUnknownFields
 k8s.io/api/core/v1.VolumeProjection:
   fieldMask:
     - Secret
diff --git a/pkg/apis/config/features.go b/pkg/apis/config/features.go
index 57b0bbe495d2..79f381d451c8 100644
--- a/pkg/apis/config/features.go
+++ b/pkg/apis/config/features.go
@@ -72,6 +72,7 @@ func defaultFeaturesConfig() *Features {
 		ContainerSpecAddCapabilities:     Disabled,
 		PodSpecTolerations:               Disabled,
 		PodSpecVolumesEmptyDir:           Enabled,
+		PodSpecVolumesHostPath:           Disabled,
 		PodSpecPersistentVolumeClaim:     Disabled,
 		PodSpecPersistentVolumeWrite:     Disabled,
 		QueueProxyMountPodInfo:           Disabled,
@@ -107,6 +108,7 @@ func NewFeaturesConfigFromMap(data map[string]string) (*Features, error) {
 		asFlag("kubernetes.containerspec-addcapabilities", &nc.ContainerSpecAddCapabilities),
 		asFlag("kubernetes.podspec-tolerations", &nc.PodSpecTolerations),
 		asFlag("kubernetes.podspec-volumes-emptydir", &nc.PodSpecVolumesEmptyDir),
+		asFlag("kubernetes.podspec-volumes-hostpath", &nc.PodSpecVolumesHostPath),
 		asFlag("kubernetes.podspec-hostipc", &nc.PodSpecHostIPC),
 		asFlag("kubernetes.podspec-hostpid", &nc.PodSpecHostPID),
 		asFlag("kubernetes.podspec-hostnetwork", &nc.PodSpecHostNetwork),
@@ -151,6 +153,7 @@ type Features struct {
 	ContainerSpecAddCapabilities     Flag
 	PodSpecTolerations               Flag
 	PodSpecVolumesEmptyDir           Flag
+	PodSpecVolumesHostPath           Flag
 	PodSpecInitContainers            Flag
 	PodSpecPersistentVolumeClaim     Flag
 	PodSpecPersistentVolumeWrite     Flag
diff --git a/pkg/apis/config/features_test.go b/pkg/apis/config/features_test.go
index 82696c4f9667..0995c2f56061 100644
--- a/pkg/apis/config/features_test.go
+++ b/pkg/apis/config/features_test.go
@@ -438,6 +438,24 @@ func TestFeaturesConfiguration(t *testing.T) {
 			data: map[string]string{
 				"kubernetes.podspec-volumes-emptydir": "Enabled",
 			},
+		}, {
+			name:    "kubernetes.podspec-volumes-hostpath Disabled",
+			wantErr: false,
+			wantFeatures: defaultWith(&Features{
+				PodSpecVolumesHostPath: Disabled,
+			}),
+			data: map[string]string{
+				"kubernetes.podspec-volumes-hostpath": "Disabled",
+			},
+		}, {
+			name:    "kubernetes.podspec-volumes-hostpath Enabled",
+			wantErr: false,
+			wantFeatures: defaultWith(&Features{
+				PodSpecVolumesHostPath: Enabled,
+			}),
+			data: map[string]string{
+				"kubernetes.podspec-volumes-hostpath": "Enabled",
+			},
 		}, {
 			name:    "kubernetes.podspec-persistent-volume-claim Disabled",
 			wantErr: false,
diff --git a/pkg/apis/serving/fieldmask.go b/pkg/apis/serving/fieldmask.go
index ab859740d913..142d42d36fac 100644
--- a/pkg/apis/serving/fieldmask.go
+++ b/pkg/apis/serving/fieldmask.go
@@ -66,6 +66,10 @@ func VolumeSourceMask(ctx context.Context, in *corev1.VolumeSource) *corev1.Volu
 		out.PersistentVolumeClaim = in.PersistentVolumeClaim
 	}
 
+	if cfg.Features.PodSpecVolumesHostPath != config.Disabled {
+		out.HostPath = in.HostPath
+	}
+
 	// Too many disallowed fields to list
 
 	return out
diff --git a/pkg/reconciler/route/resources/service_test.go b/pkg/reconciler/route/resources/service_test.go
index e35af05898f8..829dfe914254 100644
--- a/pkg/reconciler/route/resources/service_test.go
+++ b/pkg/reconciler/route/resources/service_test.go
@@ -434,6 +434,7 @@ func testConfig() *config.Config {
 			PodSpecNodeSelector:          apiConfig.Disabled,
 			PodSpecTolerations:           apiConfig.Disabled,
 			PodSpecVolumesEmptyDir:       apiConfig.Disabled,
+			PodSpecVolumesHostPath:       apiConfig.Disabled,
 			PodSpecPersistentVolumeClaim: apiConfig.Disabled,
 			PodSpecPersistentVolumeWrite: apiConfig.Disabled,
 			PodSpecInitContainers:        apiConfig.Disabled,