Merge https://github.com/kubernetes-csi/csi-driver-nfs:master into ma…

…ster

.github/workflows/linux.yaml

@@ -13,7 +13,7 @@ jobs:
  - name: Set up Go 1.x
  uses: actions/setup-go@v2
  with:
- go-version: ^1.16
+ go-version: ^1.17
  id: go
 
  - name: Check out code into the Go module directory

.github/workflows/static.yaml

@@ -12,8 +12,8 @@ jobs:
  - name: Run linter
  uses: golangci/golangci-lint-action@v2
  with:
- version: v1.29
- args: -E=gofmt,deadcode,unused,varcheck,ineffassign,golint,misspell --timeout=30m0s
+ version: v1.43
+ args: -E=gofmt,deadcode,unused,varcheck,ineffassign,revive,misspell,exportloopref,asciicheck,bodyclose,contextcheck --timeout=30m0s
  verify-helm:
  name: Verify Helm
  runs-on: ubuntu-latest

Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.0.0
+FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0
 
 # Architecture for bin folder
 ARG ARCH
@@ -23,6 +23,6 @@ COPY bin/${ARCH}/nfsplugin /nfsplugin
 RUN apt update && apt-mark unhold libcap2
 RUN clean-install ca-certificates mount nfs-common netbase
 # install updated packages to fix CVE issues
-RUN clean-install libssl1.1 libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 libgmp10
+RUN clean-install libgmp10 bsdutils
 
 ENTRYPOINT ["/nfsplugin"]

Makefile

@@ -27,7 +27,7 @@ include release-tools/build.make
 
 GIT_COMMIT = $(shell git rev-parse HEAD)
 BUILD_DATE = $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
-IMAGE_VERSION ?= v3.1.0
+IMAGE_VERSION ?= v3.2.0
 LDFLAGS = -X ${PKG}/pkg/nfs.driverVersion=${IMAGE_VERSION} -X ${PKG}/pkg/nfs.gitCommit=${GIT_COMMIT} -X ${PKG}/pkg/nfs.buildDate=${BUILD_DATE}
 EXT_LDFLAGS = -s -w -extldflags "-static"
 # Use a custom version for E2E tests if we are testing in CI
@@ -42,7 +42,7 @@ REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
 IMAGE_TAG = $(REGISTRY)/$(IMAGENAME):$(IMAGE_VERSION)
 IMAGE_TAG_LATEST = $(REGISTRY)/$(IMAGENAME):latest
 
-E2E_HELM_OPTIONS ?= --set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) --set image.nfs.tag=$(IMAGE_VERSION) --set image.nfs.pullPolicy=Always
+E2E_HELM_OPTIONS ?= --set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) --set image.nfs.tag=$(IMAGE_VERSION) --set image.nfs.pullPolicy=Always --set feature.enableInlineVolume=true
 E2E_HELM_OPTIONS += ${EXTRA_HELM_OPTIONS}
 
 # Output type of docker buildx build

README.md

@@ -10,7 +10,8 @@ This is a repository for [NFS](https://en.wikipedia.org/wiki/Network_File_System
 ### Container Images & Kubernetes Compatibility:
 |driver version | supported k8s version | status |
 |----------------|-----------------------|--------|
-|master branch | 1.19+ | beta |
+|master branch | 1.20+ | beta |
+|v3.1.0 | 1.19+ | beta |
 |v3.0.0 | 1.19+ | beta |
 |v2.0.0 | 1.14+ | alpha |
 

charts/README.md

@@ -6,16 +6,15 @@
 ### Tips
  - make controller only run on master node: `--set controller.runOnMaster=true`
  - set replica of controller as `1`: `--set controller.replicas=1`
- - enable `fsGroupPolicy` on a k8s 1.20+ cluster (this feature is in beta, check details [here](../deploy/example/fsgroup)): `--set feature.enableFSGroupPolicy=true`
 
 ### install a specific version
 ```console
 helm repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
-helm install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --version v3.0.0
+helm install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --version v3.1.0
 ```
 
 ### install driver with customized driver name, deployment name
-> only supported from `v3.0.0`+
+> only supported from `v3.1.0`+
  - following example would install a driver with name `nfs2`
 ```console
 helm install csi-driver-nfs2 csi-driver-nfs/csi-driver-nfs --namespace kube-system --set driver.name="nfs2.csi.k8s.io" --set controller.name="csi-nfs2-controller" --set rbac.name=nfs2 --set serviceAccount.controller=csi-nfs2-controller-sa --set serviceAccount.node=csi-nfs2-node-sa --set node.name=csi-nfs2-node --set node.livenessProbe.healthPort=39653
@@ -39,12 +38,13 @@ The following table lists the configurable parameters of the latest NFS CSI Driv
 |---------------------------------------------------|------------------------------------------------------------|-------------------------------------------------------------------|
 | `driver.name` | alternative driver name | `nfs.csi.k8s.io` |
 | `driver.mountPermissions` | mounted folder permissions name | `0777`
-| `feature.enableFSGroupPolicy` | enable `fsGroupPolicy` on a k8s 1.20+ cluster | `false` |
+| `feature.enableFSGroupPolicy` | enable `fsGroupPolicy` on a k8s 1.20+ cluster | `true` |
+| `feature.enableInlineVolume` | enable inline volume | `false` |
 | `image.nfs.repository` | csi-driver-nfs image | `mcr.microsoft.com/k8s/csi/nfs-csi` |
 | `image.nfs.tag` | csi-driver-nfs image tag | `latest` |
 | `image.nfs.pullPolicy` | csi-driver-nfs image pull policy | `IfNotPresent` |
 | `image.csiProvisioner.repository` | csi-provisioner docker image | `k8s.gcr.io/sig-storage/csi-provisioner` |
-| `image.csiProvisioner.tag` | csi-provisioner docker image tag | `v2.0.4` |
+| `image.csiProvisioner.tag` | csi-provisioner docker image tag | `v3.1.0` |
 | `image.csiProvisioner.pullPolicy` | csi-provisioner image pull policy | `IfNotPresent` |
 | `image.livenessProbe.repository` | liveness-probe docker image | `k8s.gcr.io/sig-storage/livenessprobe` |
 | `image.livenessProbe.tag` | liveness-probe docker image tag | `v2.5.0` |
@@ -58,6 +58,7 @@ The following table lists the configurable parameters of the latest NFS CSI Driv
 | `controller.replicas` | the replicas of csi-nfs-controller | `2` |
 | `controller.runOnMaster` | run controller on master node | `false` |
 | `controller.logLevel` | controller driver log level |`5` |
+| `controller.workingMountDir` | working directory for provisioner to mount nfs shares temporarily | `/tmp` |
 | `controller.tolerations` | controller pod tolerations | |
 | `controller.resources.csiProvisioner.limits.memory` | csi-provisioner memory limits | 100Mi |
 | `controller.resources.csiProvisioner.requests.cpu` | csi-provisioner cpu requests limits | 10m |

charts/index.yaml

@@ -3,16 +3,25 @@ entries:
  csi-driver-nfs:
  - apiVersion: v1
  appVersion: latest
- created: "2021-12-03T09:32:27.922454757Z"
+ created: "2022-01-16T02:03:42.985827759Z"
  description: CSI NFS Driver for Kubernetes
- digest: 12bfa47c9b4d8d70374af58c3ffcb17f063587ec374422290ddbaeba8be1e2d7
+ digest: 327a5a82966527f18eebfd36b66b45c467eda0046cc0ac87271123cc9b788fd1
  name: csi-driver-nfs
  urls:
- - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/latest/csi-driver-nfs-v3.1.0.tgz
+ - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/latest/csi-driver-nfs-v3.2.0.tgz
+ version: v3.2.0
+ - apiVersion: v1
+ appVersion: v3.1.0
+ created: "2022-01-16T02:03:42.988838576Z"
+ description: CSI NFS Driver for Kubernetes
+ digest: be2757357ed0a4c5c689b1c06de8eaa75da43430f08f04c8fb42fd17fffb0959
+ name: csi-driver-nfs
+ urls:
+ - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v3.1.0/csi-driver-nfs-v3.1.0.tgz
  version: v3.1.0
  - apiVersion: v1
  appVersion: v3.0.0
- created: "2021-12-03T09:32:27.923670465Z"
+ created: "2022-01-16T02:03:42.987551869Z"
  description: CSI NFS Driver for Kubernetes
  digest: c19a1780bbdf240ff4628666a5cf70fea9d44fc20966b63796550e83a45ef50a
  name: csi-driver-nfs
@@ -21,11 +30,11 @@ entries:
  version: v3.0.0
  - apiVersion: v1
  appVersion: v2.0.0
- created: "2021-12-03T09:32:27.92288436Z"
+ created: "2022-01-16T02:03:42.986145361Z"
  description: CSI NFS Driver for Kubernetes
  digest: f537a133eaa965f1c053ffac130f82c9b2b624e1f8bd42937c9c48818464eaac
  name: csi-driver-nfs
  urls:
  - https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts/v2.0.0/csi-driver-nfs-v2.0.0.tgz
  version: v2.0.0
-generated: "2021-12-03T09:32:27.921439951Z"
+generated: "2022-01-16T02:03:42.985065955Z"

charts/latest/csi-driver-nfs/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: latest
 description: CSI NFS Driver for Kubernetes
 name: csi-driver-nfs
-version: v3.1.0
+version: v3.2.0

charts/latest/csi-driver-nfs/templates/csi-nfs-controller.yaml

@@ -73,6 +73,7 @@ spec:
  - "--endpoint=$(CSI_ENDPOINT)"
  - "--drivername={{ .Values.driver.name }}"
  - "--mount-permissions={{ .Values.driver.mountPermissions }}"
+ - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
  env:
  - name: NODE_ID
  valueFrom:

charts/latest/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml

@@ -6,6 +6,9 @@ spec:
  attachRequired: false
  volumeLifecycleModes:
  - Persistent
+ {{- if .Values.feature.enableInlineVolume}}
+ - Ephemeral
+ {{- end}}
  {{- if .Values.feature.enableFSGroupPolicy}}
  fsGroupPolicy: File
  {{- end}}

charts/latest/csi-driver-nfs/values.yaml

@@ -5,7 +5,7 @@ image:
  pullPolicy: IfNotPresent
  csiProvisioner:
  repository: k8s.gcr.io/sig-storage/csi-provisioner
- tag: v2.2.2
+ tag: v3.1.0
  pullPolicy: IfNotPresent
  livenessProbe:
  repository: k8s.gcr.io/sig-storage/livenessprobe
@@ -26,10 +26,11 @@ rbac:
 
 driver:
  name: nfs.csi.k8s.io
- mountPermissions: "0777"
+ mountPermissions: 0777
 
 feature:
- enableFSGroupPolicy: false
+ enableFSGroupPolicy: true
+ enableInlineVolume: false
 
 controller:
  name: csi-nfs-controller
@@ -38,6 +39,7 @@ controller:
  livenessProbe:
  healthPort: 29652
  logLevel: 5
+ workingMountDir: "/tmp"
  tolerations:
  - key: "node-role.kubernetes.io/master"
  operator: "Exists"

charts/v3.1.0/csi-driver-nfs/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/v3.1.0/csi-driver-nfs/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: v3.1.0
+description: CSI NFS Driver for Kubernetes
+name: csi-driver-nfs
+version: v3.1.0

charts/v3.1.0/csi-driver-nfs/templates/NOTES.txt

@@ -0,0 +1,5 @@
+ The CSI NFS Driver is getting deployed to your cluster.
+
+To check CSI NFS Driver pods status, please run:
+
+ kubectl --namespace={{ .Release.Namespace }} get pods --selector="release={{ .Release.Name }}" --watch

charts/v3.1.0/csi-driver-nfs/templates/_helpers.tpl

@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/* Expand the name of the chart.*/}}
+{{- define "nfs.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* labels for helm resources */}}
+{{- define "nfs.labels" -}}
+labels:
+ app.kubernetes.io/instance: "{{ .Release.Name }}"
+ app.kubernetes.io/managed-by: "{{ .Release.Service }}"
+ app.kubernetes.io/name: "{{ template "nfs.name" . }}"
+ app.kubernetes.io/version: "{{ .Chart.AppVersion }}"
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+{{- end -}}

charts/v3.1.0/csi-driver-nfs/templates/csi-nfs-controller.yaml

@@ -0,0 +1,109 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: {{ .Values.controller.name }}
+ namespace: {{ .Release.Namespace }}
+{{ include "nfs.labels" . | indent 2 }}
+spec:
+ replicas: {{ .Values.controller.replicas }}
+ selector:
+ matchLabels:
+ app: {{ .Values.controller.name }}
+ template:
+ metadata:
+{{ include "nfs.labels" . | indent 6 }}
+ app: {{ .Values.controller.name }}
+ spec:
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ hostNetwork: true # controller also needs to mount nfs to create dir
+ dnsPolicy: ClusterFirstWithHostNet
+ serviceAccountName: {{ .Values.serviceAccount.controller }}
+ nodeSelector:
+ kubernetes.io/os: linux
+ {{- if .Values.controller.runOnMaster}}
+ kubernetes.io/role: master
+ {{- end}}
+ priorityClassName: system-cluster-critical
+{{- with .Values.controller.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}
+ containers:
+ - name: csi-provisioner
+ image: "{{ .Values.image.csiProvisioner.repository }}:{{ .Values.image.csiProvisioner.tag }}"
+ args:
+ - "-v=2"
+ - "--csi-address=$(ADDRESS)"
+ - "--leader-election"
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ imagePullPolicy: {{ .Values.image.csiProvisioner.pullPolicy }}
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ resources: {{- toYaml .Values.controller.resources.csiProvisioner | nindent 12 }}
+ - name: liveness-probe
+ image: "{{ .Values.image.livenessProbe.repository }}:{{ .Values.image.livenessProbe.tag }}"
+ args:
+ - --csi-address=/csi/csi.sock
+ - --probe-timeout=3s
+ - --health-port={{ .Values.controller.livenessProbe.healthPort }}
+ - --v=2
+ imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources: {{- toYaml .Values.controller.resources.livenessProbe | nindent 12 }}
+ - name: nfs
+ image: "{{ .Values.image.nfs.repository }}:{{ .Values.image.nfs.tag }}"
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["SYS_ADMIN"]
+ allowPrivilegeEscalation: true
+ imagePullPolicy: {{ .Values.image.nfs.pullPolicy }}
+ args:
+ - "--v={{ .Values.controller.logLevel }}"
+ - "--nodeid=$(NODE_ID)"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--drivername={{ .Values.driver.name }}"
+ - "--mount-permissions={{ .Values.driver.mountPermissions }}"
+ - "--working-mount-dir={{ .Values.controller.workingMountDir }}"
+ env:
+ - name: NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: CSI_ENDPOINT
+ value: unix:https:///csi/csi.sock
+ ports:
+ - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
+ name: healthz
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 30
+ timeoutSeconds: 10
+ periodSeconds: 30
+ volumeMounts:
+ - name: pods-mount-dir
+ mountPath: /var/lib/kubelet/pods
+ mountPropagation: "Bidirectional"
+ - mountPath: /csi
+ name: socket-dir
+ resources: {{- toYaml .Values.controller.resources.nfs | nindent 12 }}
+ volumes:
+ - name: pods-mount-dir
+ hostPath:
+ path: /var/lib/kubelet/pods
+ type: Directory
+ - name: socket-dir
+ emptyDir: {}

charts/v3.1.0/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml

@@ -0,0 +1,14 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+ name: {{ .Values.driver.name }}
+spec:
+ attachRequired: false
+ volumeLifecycleModes:
+ - Persistent
+ {{- if .Values.feature.enableInlineVolume}}
+ - Ephemeral
+ {{- end}}
+ {{- if .Values.feature.enableFSGroupPolicy}}
+ fsGroupPolicy: File
+ {{- end}}