Detect support for fuse-overlayfs

[cgruver]

Add logic to entrypoint.sh to detect support for fuse-overlayfs

[ibuziuk]

@dkwon17 with this change we should probably update the docs as well, right?
e.g. https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.17/html-single/user_guide/index?extIdCarryOver=true&sc_cid=701f2000001Css5AAC#enabling-overlay-with-a-configmap
Now UDI will be smart enough to detect fuse automatically

[dkwon17]

@ibuziuk , yes, a configmap will not be needed anymore if the tooling container image is based on ubi/udi

[ibuziuk]

verified on Developer Sandbox:

containers $ podman version
WARN[0000] Using cgroups-v1 which is deprecated in favor of cgroups-v2 with Podman v5 and will be removed in a future version. Set environment variable `PODMAN_IGNORE_CGROUPSV1_WARNING` to hide this warning. 
Client:       Podman Engine
Version:      5.2.2
API Version:  5.2.2
Go Version:   go1.22.7 (Red Hat 1.22.7-2.el9_5)
Built:        Wed Oct 23 09:08:59 2024
OS/Arch:      linux/amd64
containers $ cat storage.conf 
[storage]
driver = "vfs"
containers $ stat /dev/fuse

[isuftin]

What happens if persistent home is enabled and fuse-overlayfs gets disabled? Would ${HOME}/.config/containers/storage.conf need to be rewritten? Would the outer if block stop that from happening?

[cgruver]

The only way to disable fuse-overlayfs would be to apply a machine-config to the cluster, so I would say it's not likely. And if it did happen, that would be a disruptive change.

The reason that I put the first if block there is to not overwrite any existing podman config. The user might have added additional config to storage.conf which we would not want to clobber on a workspace restart.

[cgruver]

The if block could be a bit more targeted to look specifically for storage.conf I suppose.

if [ ! -f "${HOME}/.config/containers/storage.conf" ]; then

But, there are valid configs where there is no storage.conf file, but other content under ${HOME}/.config/containers. Which is why I just check for the existence of the directory, not the file.

[isuftin]

@cgruver that makes sense, thanks!

[cgruver]

Note: As of OCP 4.15 /dev/fuse is available for leaking into a container OOTB. No cluster change required.

With OCP 4.17 /dev/net/tun is also available.

Pod annotation: io.kubernetes.cri-o.Devices: "/dev/fuse,/dev/net/tun"

So, to disable fuse-overlayfs support would require disruptive intervention on the part of cluster admins.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: cgruver, dkwon17, ibuziuk

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment