Mount COS CSI socket directory instead of socket (#66)

* Mount COS CSI socket directory instead of socket

Signed-off-by: Mayank Sachan <[email protected]>

* Set COS_CSI_MOUNTER_SOCKET env for csi node server container

Signed-off-by: Mayank Sachan <[email protected]>

---------

Signed-off-by: Mayank Sachan <[email protected]>
Co-authored-by: Ashima <[email protected]>

Author: mssachan

controllers/constants/constants.go

@@ -47,6 +47,7 @@ const (
 	ControllerSocketPath                                  = "/var/lib/csi/sockets/pluginproxy/csi.sock"
 	NodeSocketPath                                        = "/csi/csi.sock"
 	NodeRegistrarSocketPath                               = "/var/lib/kubelet/plugins/cos.s3.csi.ibm.io/csi.sock"
+	COSCSIMounterSocketPath                               = "/var/lib/coscsi-sock/coscsi.sock"
 	CSIEndpoint                                           = "unix:///var/lib/csi/sockets/pluginproxy/csi.sock"
 	CSINodeEndpoint                                       = "unix:///csi/csi.sock"
 	RegistrationVolumeMountPath                           = "/registration"

controllers/syncer/csi_node.go

@@ -173,10 +173,7 @@ func (s *csiNodeSyncer) ensureContainersSpec() []corev1.Container {
 			healthPortArg,
 		},
 	)
-	// livenessprobe sidecar container inherits securityContext defined at NodeServer pod level
-	if livenessProbe.SecurityContext == nil {
-		livenessProbe.SecurityContext = &corev1.SecurityContext{}
-	}
+
 	fillSecurityContextCapabilities(livenessProbe.SecurityContext)
 	livenessProbe.ImagePullPolicy = s.getCSINodeDriverRegistrarPullPolicy()
 	livenessProbe.Resources = getSidecarResourceRequests(s.driver, constants.LivenessProbe)
@@ -219,6 +216,10 @@ func (s *csiNodeSyncer) getEnvFor(name string) []corev1.EnvVar {
 				Name:  "CSI_ENDPOINT",
 				Value: constants.CSINodeEndpoint,
 			},
+			{
+				Name:  "COS_CSI_MOUNTER_SOCKET",
+				Value: constants.COSCSIMounterSocketPath,
+			},
 			envVarFromField("KUBE_NODE_NAME", "spec.nodeName"),
 		}
 
@@ -270,13 +271,12 @@ func (s *csiNodeSyncer) getVolumeMountsFor(name string) []corev1.VolumeMount {
 				MountPath: "/host/var/log",
 			},
 			{
-				Name:      "coscsi-socket",
-				MountPath: "/var/lib/coscsi.sock",
-				ReadOnly:  false,
+				Name:      "coscsi-socket-path",
+				MountPath: "/var/lib/coscsi-sock",
 			},
 			{
-				Name:      "coscsi-mounter-config",
-				MountPath: "/var/lib/cos-csi",
+				Name:      "coscsi-mounter-config-path",
+				MountPath: "/var/lib/coscsi-config",
 			},
 		}
 
@@ -312,8 +312,8 @@ func (s *csiNodeSyncer) ensureVolumes() []corev1.Volume {
 		ensureVolume("fuse-device", ensureHostPathVolumeSource("/dev/fuse", "")),
 		ensureVolume("log-dev", ensureHostPathVolumeSource("/dev/log", "")),
 		ensureVolume("host-log", ensureHostPathVolumeSource("/var/log", "")),
-		ensureVolume("coscsi-socket", ensureHostPathVolumeSource("/var/lib/coscsi.sock", "Socket")),
-		ensureVolume("coscsi-mounter-config", ensureHostPathVolumeSource("/var/lib/cos-csi", "DirectoryOrCreate")),
+		ensureVolume("coscsi-socket-path", ensureHostPathVolumeSource("/var/lib/coscsi-sock", "Directory")),
+		ensureVolume("coscsi-mounter-config-path", ensureHostPathVolumeSource("/var/lib/coscsi-config", "DirectoryOrCreate")),
 	}
 }
 
@@ -357,6 +357,9 @@ func ensureHostPathVolumeSource(path, pathType string) corev1.VolumeSource {
 }
 
 func fillSecurityContextCapabilities(sc *corev1.SecurityContext, add ...string) {
+	if sc == nil {
+		sc = &corev1.SecurityContext{}
+	}
 	sc.Capabilities = &corev1.Capabilities{
 		Drop: []corev1.Capability{"ALL"},
 	}