Add support for hostPath

[amarflybot]

Fixes #15546

Description

This feature introduces support for the hostPath volume type in Knative Serving, enabling users to mount directories from the host node’s filesystem into their service containers. This allows direct access to node-specific data or preloaded resources like certificates, enhancing flexibility while retaining Knative’s serverless capabilities.

Proposed Changes

• Add support for the hostPath volume type in Knative Serving.
• Enable users to mount directories from the host node's filesystem into their Knative service containers.
• Update relevant documentation and examples to include usage of hostPath volumes.

Release Note

Adding support for the "hostPath" volume type. The feature allows users to mount directories from the host node's filesystem into their Knative service containers. It enables access to local storage on the node, facilitating use cases such as accessing node-specific data or utilizing local caches. The feature is behind the flag `kubernetes.podspec-volumes-hostpath`.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: amarflybot / name: Amarendra Kumar (937a132, e1c0c42, 66daefb, 36b1d84, 01bb99f, eb10a2e, 7fc8884, 5cd7605)

[knative-prow]

Hi @amarflybot. Thanks for your PR.

I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[codecov]

Codecov Report

Attention: Patch coverage is 40.00000% with 3 lines in your changes missing coverage. Please review.

Project coverage is 83.52%. Comparing base (2d5a1e9) to head (01bb99f).
Report is 12 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/apis/serving/fieldmask.go	0.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #15648      +/-   ##
==========================================
+ Coverage   83.51%   83.52%   +0.01%     
==========================================
  Files         219      219              
  Lines       17427    17432       +5     
==========================================
+ Hits        14554    14560       +6     
+ Misses       2502     2499       -3     
- Partials      371      373       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[skonto]

--- a/config/core/300-resources/configuration.yaml +++ b/config/core/300-resources/configuration.yaml @@ -1582,4 +1582,4 @@ spec: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer - format: int64 \ No newline at end of file + format: int64

This needs fix.

[skonto]

/ok-to-test

[skonto]

Could you remove additional space?

[amarflybot]

Fixed

[amarflybot]

--- a/config/core/300-resources/configuration.yaml +++ b/config/core/300-resources/configuration.yaml @@ -1582,4 +1582,4 @@ spec: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer - format: int64 \ No newline at end of file + format: int64

This needs fix.

Fixed

[skonto]

This is the revision file this should not be changed.

[skonto]

A new line is missing.

[amarflybot]

/retest

[skonto]

@amarflybot could you update the description and add release notes. Also we need a follow up PR at the knative/docs repo to document this addition.

[amarflybot]

@amarflybot could you update the description and add release notes.

I have added. Will that do ?

[skonto]

/lgtm
/approve

/hold for @dprotaso for any additional comments.

[amarflybot]

/retest

[amarflybot]

/retest

[skonto]

/lgtm
/approve

[skonto]

/unhold

[skonto]

@dprotaso hi, gentle ping.

[dprotaso]

one minor thing for feedback

[dprotaso]

/lgtm
/approve

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amarflybot, dprotaso, skonto

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dprotaso,skonto]
• pkg/apis/OWNERS [dprotaso]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dprotaso]

thanks for the changes @amarflybot

[dprotaso]

/retest

[amarflybot]

/retest

[vthurimella]

Adding a hostPath to a serving.knative.dev/v1 Service will fail the validateVolume with this change. I think serving/pkg/apis/serving/k8s_validation.go needs to be updated as well to be the following

func validateVolume(ctx context.Context, volume corev1.Volume) *apis.FieldError {
	features := config.FromContextOrDefaults(ctx).Features
	errs := validatePersistentVolumeClaims(volume.VolumeSource, features)
	if volume.EmptyDir != nil && features.PodSpecVolumesEmptyDir != config.Enabled {
		errs = errs.Also(&apis.FieldError{Message: fmt.Sprintf("EmptyDir volume support is disabled, "+
			"but found EmptyDir volume %s", volume.Name)})
	}
	errs = errs.Also(apis.CheckDisallowedFields(volume, *VolumeMask(ctx, &volume)))
	if volume.Name == "" {
		errs = apis.ErrMissingField("name")
	} else if len(validation.IsDNS1123Label(volume.Name)) != 0 {
		errs = apis.ErrInvalidValue(volume.Name, "name")
	}
	vs := volume.VolumeSource
	errs = errs.Also(apis.CheckDisallowedFields(vs, *VolumeSourceMask(ctx, &vs)))
	var specified []string
	if vs.Secret != nil {
		specified = append(specified, "secret")
		for i, item := range vs.Secret.Items {
			errs = errs.Also(validateKeyToPath(item).ViaFieldIndex("items", i))
		}
	}
	if vs.ConfigMap != nil {
		specified = append(specified, "configMap")
		for i, item := range vs.ConfigMap.Items {
			errs = errs.Also(validateKeyToPath(item).ViaFieldIndex("items", i))
		}
	}
	if vs.Projected != nil {
		specified = append(specified, "projected")
		for i, proj := range vs.Projected.Sources {
			errs = errs.Also(validateProjectedVolumeSource(proj).ViaFieldIndex("projected", i))
		}
	}
	if vs.EmptyDir != nil {
		specified = append(specified, "emptyDir")
		errs = errs.Also(validateEmptyDirFields(vs.EmptyDir).ViaField("emptyDir"))
	}

	if vs.PersistentVolumeClaim != nil {
		specified = append(specified, "persistentVolumeClaim")
	}

	// Add hostPath to the list of specified volumes if it is enabled.
	if vs.HostPath != nil {
		specified = append(specified, "hostPath")
	}

	if len(specified) == 0 {
		fieldPaths := []string{"secret", "configMap", "projected"}
		cfg := config.FromContextOrDefaults(ctx)
		if cfg.Features.PodSpecVolumesEmptyDir == config.Enabled {
			fieldPaths = append(fieldPaths, "emptyDir")
		}
		if cfg.Features.PodSpecPersistentVolumeClaim == config.Enabled {
			fieldPaths = append(fieldPaths, "persistentVolumeClaim")
		}

		// Add hostPath to the list of specified volumes if it is enabled.
		if cfg.Features.PodSpecVolumesHostPath == config.Enabled {
			fieldPaths = append(fieldPaths, "hostPath")
		}
		errs = errs.Also(apis.ErrMissingOneOf(fieldPaths...))
	} else if len(specified) > 1 {
		errs = errs.Also(apis.ErrMultipleOneOf(specified...))
	}

	return errs
}

[dprotaso]

@vthurimella can you make a PR - i can't tell what the diff is from your code block

[vthurimella]

I created a PR here vthurimella#1

[dprotaso]

Can you make the PR against this repo?

Ideally, add a unit test that demonstrates the failure you describe along with your fix.

cheers

[vthurimella]

Can you make the PR against this repo?

Here is my PR: #15669

Ideally, add a unit test that demonstrates the failure you describe along with your fix.

I included some unit tests