From f7c4f9621e641b5e0a5a4690108d47098290f2a2 Mon Sep 17 00:00:00 2001 From: nispriha Date: Mon, 1 Jun 2026 16:46:57 +0530 Subject: [PATCH 1/2] Add mountOptions on volumeMounts --- pkg/apis/core/types.go | 4 ++ pkg/apis/core/v1/zz_generated.conversion.go | 2 + pkg/apis/core/validation/validation.go | 13 +++++ pkg/apis/core/zz_generated.deepcopy.go | 5 ++ pkg/features/kube_features.go | 13 +++++ pkg/generated/openapi/zz_generated.openapi.go | 20 ++++++++ pkg/kubelet/container/runtime.go | 3 ++ pkg/kubelet/kubelet_pods.go | 1 + .../kuberuntime/kuberuntime_container.go | 2 + .../src/k8s.io/api/core/v1/generated.pb.go | 48 +++++++++++++++++++ .../src/k8s.io/api/core/v1/generated.proto | 11 +++++ staging/src/k8s.io/api/core/v1/types.go | 10 ++++ .../core/v1/types_swagger_doc_generated.go | 1 + .../api/core/v1/zz_generated.deepcopy.go | 5 ++ .../api/testdata/HEAD/apps.v1.DaemonSet.json | 15 ++++-- .../api/testdata/HEAD/apps.v1.DaemonSet.yaml | 12 +++-- .../api/testdata/HEAD/apps.v1.Deployment.json | 15 ++++-- .../api/testdata/HEAD/apps.v1.Deployment.yaml | 12 +++-- .../api/testdata/HEAD/apps.v1.ReplicaSet.json | 15 ++++-- .../api/testdata/HEAD/apps.v1.ReplicaSet.yaml | 12 +++-- .../testdata/HEAD/apps.v1.StatefulSet.json | 15 ++++-- .../testdata/HEAD/apps.v1.StatefulSet.yaml | 12 +++-- .../HEAD/apps.v1beta1.Deployment.json | 15 ++++-- .../HEAD/apps.v1beta1.Deployment.yaml | 12 +++-- .../HEAD/apps.v1beta1.StatefulSet.json | 15 ++++-- .../HEAD/apps.v1beta1.StatefulSet.yaml | 12 +++-- .../testdata/HEAD/apps.v1beta2.DaemonSet.json | 15 ++++-- .../testdata/HEAD/apps.v1beta2.DaemonSet.yaml | 12 +++-- .../HEAD/apps.v1beta2.Deployment.json | 15 ++++-- .../HEAD/apps.v1beta2.Deployment.yaml | 12 +++-- .../HEAD/apps.v1beta2.ReplicaSet.json | 15 ++++-- .../HEAD/apps.v1beta2.ReplicaSet.yaml | 12 +++-- .../HEAD/apps.v1beta2.StatefulSet.json | 15 ++++-- .../HEAD/apps.v1beta2.StatefulSet.yaml | 12 +++-- .../api/testdata/HEAD/batch.v1.CronJob.json | 15 ++++-- .../api/testdata/HEAD/batch.v1.CronJob.yaml | 12 +++-- .../api/testdata/HEAD/batch.v1.Job.json | 15 ++++-- .../api/testdata/HEAD/batch.v1.Job.yaml | 12 +++-- .../testdata/HEAD/batch.v1beta1.CronJob.json | 15 ++++-- .../testdata/HEAD/batch.v1beta1.CronJob.yaml | 12 +++-- .../k8s.io/api/testdata/HEAD/core.v1.Pod.json | 15 ++++-- .../k8s.io/api/testdata/HEAD/core.v1.Pod.yaml | 12 +++-- .../testdata/HEAD/core.v1.PodTemplate.json | 15 ++++-- .../testdata/HEAD/core.v1.PodTemplate.yaml | 12 +++-- .../HEAD/core.v1.ReplicationController.json | 15 ++++-- .../HEAD/core.v1.ReplicationController.yaml | 12 +++-- .../HEAD/extensions.v1beta1.DaemonSet.json | 15 ++++-- .../HEAD/extensions.v1beta1.DaemonSet.yaml | 12 +++-- .../HEAD/extensions.v1beta1.Deployment.json | 15 ++++-- .../HEAD/extensions.v1beta1.Deployment.yaml | 12 +++-- .../HEAD/extensions.v1beta1.ReplicaSet.json | 15 ++++-- .../HEAD/extensions.v1beta1.ReplicaSet.yaml | 12 +++-- .../core/v1/volumemount.go | 17 +++++++ .../applyconfigurations/internal/internal.go | 6 +++ .../cri-api/pkg/apis/runtime/v1/api.proto | 4 ++ .../reference/versioned_feature_list.yaml | 6 +++ 56 files changed, 570 insertions(+), 114 deletions(-) diff --git a/pkg/apis/core/types.go b/pkg/apis/core/types.go index 1de0cf4495ca4..37bda93a97be2 100644 --- a/pkg/apis/core/types.go +++ b/pkg/apis/core/types.go @@ -2187,6 +2187,10 @@ type VolumeMount struct { // SubPathExpr and SubPath are mutually exclusive. // +optional SubPathExpr string + // mountOptions is a list of mount options (noexec, nodev, nosuid) to apply + // when mounting this volume into the container. + // +optional + MountOptions []string } // MountPropagationMode describes mount propagation. diff --git a/pkg/apis/core/v1/zz_generated.conversion.go b/pkg/apis/core/v1/zz_generated.conversion.go index 3770ea1916b7b..ffdeea9052d45 100644 --- a/pkg/apis/core/v1/zz_generated.conversion.go +++ b/pkg/apis/core/v1/zz_generated.conversion.go @@ -9069,6 +9069,7 @@ func autoConvert_v1_VolumeMount_To_core_VolumeMount(in *corev1.VolumeMount, out out.SubPath = in.SubPath out.MountPropagation = (*core.MountPropagationMode)(unsafe.Pointer(in.MountPropagation)) out.SubPathExpr = in.SubPathExpr + out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) return nil } @@ -9085,6 +9086,7 @@ func autoConvert_core_VolumeMount_To_v1_VolumeMount(in *core.VolumeMount, out *c out.SubPath = in.SubPath out.MountPropagation = (*corev1.MountPropagationMode)(unsafe.Pointer(in.MountPropagation)) out.SubPathExpr = in.SubPathExpr + out.MountOptions = *(*[]string)(unsafe.Pointer(&in.MountOptions)) return nil } diff --git a/pkg/apis/core/validation/validation.go b/pkg/apis/core/validation/validation.go index fbb62132d630d..8f3b7b9bb3c05 100644 --- a/pkg/apis/core/validation/validation.go +++ b/pkg/apis/core/validation/validation.go @@ -3146,6 +3146,19 @@ func ValidateVolumeMounts(mounts []core.VolumeMount, voldevices map[string]strin allErrs = append(allErrs, validateMountPropagation(mnt.MountPropagation, container, fldPath.Child("mountPropagation"))...) } allErrs = append(allErrs, validateMountRecursiveReadOnly(mnt, fldPath.Child("recursiveReadOnly"))...) + + if len(mnt.MountOptions) > 0 { + if !utilfeature.DefaultFeatureGate.Enabled(features.VolumeMountOptions) { + allErrs = append(allErrs, field.Forbidden(idxPath.Child("mountOptions"), "mount options require the VolumeMountOptions feature gate to be enabled")) + } else { + allowedOptions := sets.New("noexec", "nodev", "nosuid") + for j, opt := range mnt.MountOptions { + if !allowedOptions.Has(opt) { + allErrs = append(allErrs, field.NotSupported(idxPath.Child("mountOptions").Index(j), opt, sets.List(allowedOptions))) + } + } + } + } } return allErrs } diff --git a/pkg/apis/core/zz_generated.deepcopy.go b/pkg/apis/core/zz_generated.deepcopy.go index 017ac70cd420a..39817b4f0bb91 100644 --- a/pkg/apis/core/zz_generated.deepcopy.go +++ b/pkg/apis/core/zz_generated.deepcopy.go @@ -6498,6 +6498,11 @@ func (in *VolumeMount) DeepCopyInto(out *VolumeMount) { *out = new(MountPropagationMode) **out = **in } + if in.MountOptions != nil { + in, out := &in.MountOptions, &out.MountOptions + *out = make([]string, len(*in)) + copy(*out, *in) + } return } diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index bff6faf524354..2e3fcb3f6c059 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -1081,6 +1081,13 @@ const ( // co-ordinate better with cluster-autoscaler for storage limits. VolumeLimitScaling featuregate.Feature = "VolumeLimitScaling" + // owner: @nispriha + // kep: https://kep.k8s.io/5855 + // + // Enables mount options (noexec, nodev, nosuid) on volumeMounts, passed + // through CRI to the container runtime. + VolumeMountOptions featuregate.Feature = "VolumeMountOptions" + // owner: @ksubrmnn // // Allows kube-proxy to create DSR loadbalancers for Windows @@ -1907,6 +1914,10 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate {Version: version.MustParse("1.35"), Default: false, PreRelease: featuregate.Alpha}, }, + VolumeMountOptions: { + {Version: version.MustParse("1.37"), Default: false, PreRelease: featuregate.Alpha}, + }, + WinDSR: { {Version: version.MustParse("1.14"), Default: false, PreRelease: featuregate.Alpha}, {Version: version.MustParse("1.33"), Default: true, PreRelease: featuregate.Beta}, @@ -2480,6 +2491,8 @@ var defaultKubernetesFeatureGateDependencies = map[featuregate.Feature][]feature VolumeLimitScaling: {}, + VolumeMountOptions: {}, + WinDSR: {}, WinOverlay: {}, diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index 9b4f5c04533d9..111eca7eb6042 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -34283,6 +34283,26 @@ func schema_k8sio_api_core_v1_VolumeMount(ref common.ReferenceCallback) common.O Format: "", }, }, + "mountOptions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "mountOptions is a list of mount options (noexec, nodev, nosuid) to apply when mounting this volume into the container. These options are passed through CRI to the container runtime and enforced at the OS level. Only VFS-level bind mount flags are permitted; filesystem-specific options are not allowed. This is an alpha field and requires the VolumeMountOptions feature gate.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, Required: []string{"name", "mountPath"}, }, diff --git a/pkg/kubelet/container/runtime.go b/pkg/kubelet/container/runtime.go index 46deb9da07b80..f010e35ec0ac4 100644 --- a/pkg/kubelet/container/runtime.go +++ b/pkg/kubelet/container/runtime.go @@ -495,6 +495,9 @@ type Mount struct { // ImageSubPath is set if an image volume sub path should get mounted. This // field is only required if the above Image is set. ImageSubPath string + // MountOptions specifies additional mount options (noexec, nodev, nosuid) + // to pass through CRI to the container runtime. + MountOptions []string } // ImageVolumes is a map of image specs by volume name. diff --git a/pkg/kubelet/kubelet_pods.go b/pkg/kubelet/kubelet_pods.go index 42a58b0dfdcd5..4f3d78d29c940 100644 --- a/pkg/kubelet/kubelet_pods.go +++ b/pkg/kubelet/kubelet_pods.go @@ -409,6 +409,7 @@ func makeMounts(pod *v1.Pod, podDir string, container *v1.Container, hostName, h RecursiveReadOnly: rro, SELinuxRelabel: relabelVolume, Propagation: propagation, + MountOptions: mount.MountOptions, }) } if mountEtcHostsFile { diff --git a/pkg/kubelet/kuberuntime/kuberuntime_container.go b/pkg/kubelet/kuberuntime/kuberuntime_container.go index 88b34a14ea67a..6e3ec8766fea1 100644 --- a/pkg/kubelet/kuberuntime/kuberuntime_container.go +++ b/pkg/kubelet/kuberuntime/kuberuntime_container.go @@ -492,6 +492,7 @@ func (m *kubeGenericRuntimeManager) makeMounts(opts *kubecontainer.RunContainerO RecursiveReadOnly: v.RecursiveReadOnly, Image: v.Image, ImageSubPath: v.ImageSubPath, + MountOptions: v.MountOptions, } volumeMounts = append(volumeMounts, mount) @@ -759,6 +760,7 @@ func (m *kubeGenericRuntimeManager) toKubeContainerStatus(ctx context.Context, p Propagation: mount.Propagation, Image: mount.Image, ImageSubPath: mount.ImageSubPath, + MountOptions: mount.MountOptions, }) } return cStatus diff --git a/staging/src/k8s.io/api/core/v1/generated.pb.go b/staging/src/k8s.io/api/core/v1/generated.pb.go index b7de1bea54d37..f5677492ac9d8 100644 --- a/staging/src/k8s.io/api/core/v1/generated.pb.go +++ b/staging/src/k8s.io/api/core/v1/generated.pb.go @@ -14084,6 +14084,15 @@ func (m *VolumeMount) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.MountOptions) > 0 { + for iNdEx := len(m.MountOptions) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.MountOptions[iNdEx]) + copy(dAtA[i:], m.MountOptions[iNdEx]) + i = encodeVarintGenerated(dAtA, i, uint64(len(m.MountOptions[iNdEx]))) + i-- + dAtA[i] = 0x42 + } + } if m.RecursiveReadOnly != nil { i -= len(*m.RecursiveReadOnly) copy(dAtA[i:], *m.RecursiveReadOnly) @@ -20023,6 +20032,12 @@ func (m *VolumeMount) Size() (n int) { l = len(*m.RecursiveReadOnly) n += 1 + l + sovGenerated(uint64(l)) } + if len(m.MountOptions) > 0 { + for _, s := range m.MountOptions { + l = len(s) + n += 1 + l + sovGenerated(uint64(l)) + } + } return n } @@ -24105,6 +24120,7 @@ func (this *VolumeMount) String() string { `MountPropagation:` + valueToStringGenerated(this.MountPropagation) + `,`, `SubPathExpr:` + fmt.Sprintf("%v", this.SubPathExpr) + `,`, `RecursiveReadOnly:` + valueToStringGenerated(this.RecursiveReadOnly) + `,`, + `MountOptions:` + fmt.Sprintf("%v", this.MountOptions) + `,`, `}`, }, "") return s @@ -67956,6 +67972,38 @@ func (m *VolumeMount) Unmarshal(dAtA []byte) error { s := RecursiveReadOnlyMode(dAtA[iNdEx:postIndex]) m.RecursiveReadOnly = &s iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MountOptions", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthGenerated + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.MountOptions = append(m.MountOptions, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) diff --git a/staging/src/k8s.io/api/core/v1/generated.proto b/staging/src/k8s.io/api/core/v1/generated.proto index 570b4d3438928..9f864ae531979 100644 --- a/staging/src/k8s.io/api/core/v1/generated.proto +++ b/staging/src/k8s.io/api/core/v1/generated.proto @@ -6866,6 +6866,17 @@ message VolumeMount { // SubPathExpr and SubPath are mutually exclusive. // +optional optional string subPathExpr = 6; + + // mountOptions is a list of mount options (noexec, nodev, nosuid) to apply + // when mounting this volume into the container. These options are passed + // through CRI to the container runtime and enforced at the OS level. + // Only VFS-level bind mount flags are permitted; filesystem-specific + // options are not allowed. + // This is an alpha field and requires the VolumeMountOptions feature gate. + // +featureGate=VolumeMountOptions + // +optional + // +listType=atomic + repeated string mountOptions = 8; } // VolumeMountStatus shows status of volume mounts. diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go index 705c82083cc50..15986d72bf046 100644 --- a/staging/src/k8s.io/api/core/v1/types.go +++ b/staging/src/k8s.io/api/core/v1/types.go @@ -2413,6 +2413,16 @@ type VolumeMount struct { // SubPathExpr and SubPath are mutually exclusive. // +optional SubPathExpr string `json:"subPathExpr,omitempty" protobuf:"bytes,6,opt,name=subPathExpr"` + // mountOptions is a list of mount options (noexec, nodev, nosuid) to apply + // when mounting this volume into the container. These options are passed + // through CRI to the container runtime and enforced at the OS level. + // Only VFS-level bind mount flags are permitted; filesystem-specific + // options are not allowed. + // This is an alpha field and requires the VolumeMountOptions feature gate. + // +featureGate=VolumeMountOptions + // +optional + // +listType=atomic + MountOptions []string `json:"mountOptions,omitempty" protobuf:"bytes,8,rep,name=mountOptions"` } // MountPropagationMode describes mount propagation. diff --git a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go index 0f5e44e917a41..67a19b41eb86d 100644 --- a/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -2770,6 +2770,7 @@ var map_VolumeMount = map[string]string{ "subPath": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", "mountPropagation": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).", "subPathExpr": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "mountOptions": "mountOptions is a list of mount options (noexec, nodev, nosuid) to apply when mounting this volume into the container. These options are passed through CRI to the container runtime and enforced at the OS level. Only VFS-level bind mount flags are permitted; filesystem-specific options are not allowed. This is an alpha field and requires the VolumeMountOptions feature gate.", } func (VolumeMount) SwaggerDoc() map[string]string { diff --git a/staging/src/k8s.io/api/core/v1/zz_generated.deepcopy.go b/staging/src/k8s.io/api/core/v1/zz_generated.deepcopy.go index 15bc2ee0331e0..24597c2e448d1 100644 --- a/staging/src/k8s.io/api/core/v1/zz_generated.deepcopy.go +++ b/staging/src/k8s.io/api/core/v1/zz_generated.deepcopy.go @@ -6508,6 +6508,11 @@ func (in *VolumeMount) DeepCopyInto(out *VolumeMount) { *out = new(MountPropagationMode) **out = **in } + if in.MountOptions != nil { + in, out := &in.MountOptions, &out.MountOptions + *out = make([]string, len(*in)) + copy(*out, *in) + } return } diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.json index 48b204ffd730e..e8a3e83e2467b 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.json @@ -615,7 +615,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -929,7 +932,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1243,7 +1249,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.yaml index e57a716d19c38..b4ea1c42bf7b5 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.DaemonSet.yaml @@ -418,7 +418,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -647,7 +649,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -877,7 +881,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.json index 5168ada9be23f..2aa7c6569a19c 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.json @@ -616,7 +616,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -930,7 +933,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1244,7 +1250,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.yaml index e730e6296ddb6..7e730fef91fb9 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.Deployment.yaml @@ -426,7 +426,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -655,7 +657,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -885,7 +889,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.json index 77dbe6c40b1e2..aa5a280adda77 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.json @@ -617,7 +617,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -931,7 +934,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1245,7 +1251,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.yaml index 7ba70c61ad092..ca5ca29105005 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.ReplicaSet.yaml @@ -418,7 +418,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -647,7 +649,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -877,7 +881,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.json index 66c5c1bbf8e2a..227d9848c8298 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.json @@ -616,7 +616,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -930,7 +933,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1244,7 +1250,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.yaml index 593d4a368d45e..3f785bd4e301d 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1.StatefulSet.yaml @@ -426,7 +426,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -655,7 +657,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -885,7 +889,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.json index 1a2a057e02f9e..83578a28722b3 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.json @@ -616,7 +616,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -930,7 +933,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1244,7 +1250,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.yaml index d04c97bfc7c7a..952fa2087b391 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.Deployment.yaml @@ -428,7 +428,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -657,7 +659,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -887,7 +891,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.json index 064d41d805f09..b585dfcc5c8a8 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.json @@ -616,7 +616,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -930,7 +933,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1244,7 +1250,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.yaml index fb99d0e602cab..4c5ca73faddc9 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta1.StatefulSet.yaml @@ -426,7 +426,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -655,7 +657,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -885,7 +889,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.json index d6eee9ea6e9d0..562ac0295ae38 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.json @@ -615,7 +615,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -929,7 +932,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1243,7 +1249,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.yaml index 6c5827f42d10b..5626e6dcb804a 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.DaemonSet.yaml @@ -418,7 +418,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -647,7 +649,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -877,7 +881,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.json index 62cd655717b2c..6bb2355eab6aa 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.json @@ -616,7 +616,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -930,7 +933,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1244,7 +1250,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.yaml index 9dc11ada486c0..fe6a9a8cbaae3 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.Deployment.yaml @@ -426,7 +426,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -655,7 +657,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -885,7 +889,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.json index d2e880c58f0d5..201013f703f87 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.json @@ -617,7 +617,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -931,7 +934,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1245,7 +1251,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.yaml index ec1574bc98b76..71ac343a8eb77 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.ReplicaSet.yaml @@ -418,7 +418,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -647,7 +649,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -877,7 +881,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.json b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.json index 28a32b44dcd41..973de16cc3c7e 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.json @@ -616,7 +616,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -930,7 +933,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1244,7 +1250,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.yaml index 1a799675be072..7718fd8872615 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/apps.v1beta2.StatefulSet.yaml @@ -426,7 +426,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -655,7 +657,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -885,7 +889,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.json b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.json index 1f5b8df2388be..4f05af9861d24 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.json +++ b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.json @@ -699,7 +699,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1013,7 +1016,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1327,7 +1333,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.yaml b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.yaml index b08dfe35206ff..f9fdb42dadd1f 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.CronJob.yaml @@ -478,7 +478,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -707,7 +709,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -937,7 +941,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.json b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.json index cae93ab95027e..b10246c850d92 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.json +++ b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.json @@ -650,7 +650,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -964,7 +967,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1278,7 +1284,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.yaml b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.yaml index 3d25c120ee32f..92b9f86621423 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/batch.v1.Job.yaml @@ -442,7 +442,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -671,7 +673,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -901,7 +905,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.json b/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.json index 5436d0cf4e83d..7e627ddd857e6 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.json +++ b/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.json @@ -699,7 +699,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1013,7 +1016,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1327,7 +1333,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.yaml b/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.yaml index 21d9f01c16bd4..bce99128841e7 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/batch.v1beta1.CronJob.yaml @@ -478,7 +478,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -707,7 +709,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -937,7 +941,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.json b/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.json index 8316bb1654163..49e912e1576b7 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.json +++ b/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.json @@ -557,7 +557,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -871,7 +874,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1185,7 +1191,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.yaml b/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.yaml index 1335003613c70..bd7f7219cba58 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/core.v1.Pod.yaml @@ -374,7 +374,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -603,7 +605,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -833,7 +837,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.json b/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.json index 52e8ad2c7d6d6..2ebc3bfb67620 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.json +++ b/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.json @@ -600,7 +600,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -914,7 +917,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1228,7 +1234,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.yaml b/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.yaml index 4080ec597c8b8..678cfd3bb041e 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/core.v1.PodTemplate.yaml @@ -407,7 +407,9 @@ template: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -636,7 +638,9 @@ template: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -866,7 +870,9 @@ template: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.json b/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.json index f4db5d62148a6..60aa1be6b00e7 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.json +++ b/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.json @@ -606,7 +606,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -920,7 +923,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1234,7 +1240,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.yaml b/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.yaml index 7bee55311ba73..709ab3fba6c5b 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/core.v1.ReplicationController.yaml @@ -412,7 +412,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -641,7 +643,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -871,7 +875,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.json b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.json index dbde12274e6af..b1b0439b234d2 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.json @@ -615,7 +615,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -929,7 +932,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1243,7 +1249,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.yaml index 6512376d9748c..87138080b71eb 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.DaemonSet.yaml @@ -418,7 +418,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -647,7 +649,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -877,7 +881,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.json b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.json index be0cd57a8cf09..ca41dc62ac73f 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.json +++ b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.json @@ -616,7 +616,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -930,7 +933,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1244,7 +1250,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.yaml b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.yaml index b47e20398aebb..0d1bbee82b3f6 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.Deployment.yaml @@ -428,7 +428,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -657,7 +659,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -887,7 +891,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.json b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.json index 760674be7cd34..aff27bee061d5 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.json +++ b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.json @@ -617,7 +617,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -931,7 +934,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ @@ -1245,7 +1251,10 @@ "mountPath": "mountPathValue", "subPath": "subPathValue", "mountPropagation": "mountPropagationValue", - "subPathExpr": "subPathExprValue" + "subPathExpr": "subPathExprValue", + "mountOptions": [ + "mountOptionsValue" + ] } ], "volumeDevices": [ diff --git a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.yaml b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.yaml index d983d21a3fbb1..6364afad3f324 100644 --- a/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.yaml +++ b/staging/src/k8s.io/api/testdata/HEAD/extensions.v1beta1.ReplicaSet.yaml @@ -418,7 +418,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -647,7 +649,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true @@ -877,7 +881,9 @@ spec: - devicePath: devicePathValue name: nameValue volumeMounts: - - mountPath: mountPathValue + - mountOptions: + - mountOptionsValue + mountPath: mountPathValue mountPropagation: mountPropagationValue name: nameValue readOnly: true diff --git a/staging/src/k8s.io/client-go/applyconfigurations/core/v1/volumemount.go b/staging/src/k8s.io/client-go/applyconfigurations/core/v1/volumemount.go index 83b71eb659015..bb32159519e63 100644 --- a/staging/src/k8s.io/client-go/applyconfigurations/core/v1/volumemount.go +++ b/staging/src/k8s.io/client-go/applyconfigurations/core/v1/volumemount.go @@ -67,6 +67,13 @@ type VolumeMountApplyConfiguration struct { // Defaults to "" (volume's root). // SubPathExpr and SubPath are mutually exclusive. SubPathExpr *string `json:"subPathExpr,omitempty"` + // mountOptions is a list of mount options (noexec, nodev, nosuid) to apply + // when mounting this volume into the container. These options are passed + // through CRI to the container runtime and enforced at the OS level. + // Only VFS-level bind mount flags are permitted; filesystem-specific + // options are not allowed. + // This is an alpha field and requires the VolumeMountOptions feature gate. + MountOptions []string `json:"mountOptions,omitempty"` } // VolumeMountApplyConfiguration constructs a declarative configuration of the VolumeMount type for use with @@ -130,3 +137,13 @@ func (b *VolumeMountApplyConfiguration) WithSubPathExpr(value string) *VolumeMou b.SubPathExpr = &value return b } + +// WithMountOptions adds the given value to the MountOptions field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the MountOptions field. +func (b *VolumeMountApplyConfiguration) WithMountOptions(values ...string) *VolumeMountApplyConfiguration { + for i := range values { + b.MountOptions = append(b.MountOptions, values[i]) + } + return b +} diff --git a/staging/src/k8s.io/client-go/applyconfigurations/internal/internal.go b/staging/src/k8s.io/client-go/applyconfigurations/internal/internal.go index 2d66c9ba08bf1..d5415c0de55ae 100644 --- a/staging/src/k8s.io/client-go/applyconfigurations/internal/internal.go +++ b/staging/src/k8s.io/client-go/applyconfigurations/internal/internal.go @@ -8912,6 +8912,12 @@ var schemaYAML = typed.YAMLObject(`types: - name: io.k8s.api.core.v1.VolumeMount map: fields: + - name: mountOptions + type: + list: + elementType: + scalar: string + elementRelationship: atomic - name: mountPath type: scalar: string diff --git a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto index 9e7b26aa72e41..8dae1cb84bcf8 100644 --- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto +++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto @@ -267,6 +267,10 @@ message Mount { // return an error. // Introduced in the Image Volume Source KEP beta graduation: https://kep.k8s.io/4639 string image_sub_path = 10; + // MountOptions specifies additional mount options (e.g., noexec, nodev, + // nosuid) that the runtime MUST apply when mounting this volume into the + // container. These are passed as OCI mount options. + repeated string mount_options = 11; } // IDMapping describes host to container ID mappings for a pod sandbox. diff --git a/test/compatibility_lifecycle/reference/versioned_feature_list.yaml b/test/compatibility_lifecycle/reference/versioned_feature_list.yaml index a803c87a98576..5e3b6ff04c673 100644 --- a/test/compatibility_lifecycle/reference/versioned_feature_list.yaml +++ b/test/compatibility_lifecycle/reference/versioned_feature_list.yaml @@ -1997,6 +1997,12 @@ lockToDefault: false preRelease: Alpha version: "1.35" +- name: VolumeMountOptions + versionedSpecs: + - default: false + lockToDefault: false + preRelease: Alpha + version: "1.37" - name: WatchCacheInitializationPostStartHook versionedSpecs: - default: false From 516f2b8f2cc53aac16a1b7a06de8680d8ba166c9 Mon Sep 17 00:00:00 2001 From: nispriha Date: Sat, 6 Jun 2026 01:14:23 +0530 Subject: [PATCH 2/2] Add MountOptions field to vendored CRI Mount struct --- .../src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go index ab5bda03a6a57..f0fd3c77918d2 100644 --- a/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go +++ b/staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go @@ -1129,6 +1129,9 @@ type Mount struct { // return an error. // Introduced in the Image Volume Source KEP beta graduation: https://kep.k8s.io/4639 ImageSubPath string `protobuf:"bytes,10,opt,name=image_sub_path,json=imageSubPath,proto3" json:"image_sub_path,omitempty"` + // MountOptions specifies additional mount options (e.g., noexec, nodev, + // nosuid) for bind mounts. + MountOptions []string `protobuf:"bytes,11,rep,name=mount_options,json=mountOptions,proto3" json:"mount_options,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1233,6 +1236,13 @@ func (x *Mount) GetImageSubPath() string { return "" } +func (x *Mount) GetMountOptions() []string { + if x != nil { + return x.MountOptions + } + return nil +} + // IDMapping describes host to container ID mappings for a pod sandbox. type IDMapping struct { state protoimpl.MessageState `protogen:"open.v1"`