csi: add enable-fencing flag to csi containers

Ceph-CSI added 'enable-fencing' flag in ceph/ceph-csi@e77ce04

Introduced a new flag 'enable-fencing' disabled-by-default.
When enabled driver can set the client address per node in
the volume metadata during NodeStageVolume operation and
fence the node in ControllerUnpublishVolume and unfence
the node in ControllerPublishVolume using the address stored
in the volume metadata.

Signed-off-by: Praveen M <m.praveen@ibm.com>

Author: iPraveenParihar

api/v1/driver_types.go

@@ -297,6 +297,11 @@ type DriverSpec struct {
 	//+kubebuilder:validation:Optional
 	EnableMetadata *bool `json:"enableMetadata,omitempty"`
 
+	// Set to true to enable fencing for the driver.
+	// Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+	//+kubebuilder:validation:Optional
+	EnableFencing *bool `json:"enableFencing,omitempty"`
+
 	// Set the gRPC timeout for gRPC call issued by the driver components
 	//+kubebuilder:validation:Optional
 	//+kubebuilder:validation:Minimum:=0

api/v1/zz_generated.deepcopy.go

@@ -3527,6 +3527,11 @@ spec:
               deployCsiAddons:
                 description: a list of additional sidecars?
                 type: boolean
+              enableFencing:
+                description: |-
+                  Set to true to enable fencing for the driver.
+                  Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                type: boolean
               enableMetadata:
                 description: |-
                   Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.

config/crd/bases/csi.ceph.io_drivers.yaml

@@ -3565,6 +3565,11 @@ spec:
                   deployCsiAddons:
                     description: a list of additional sidecars?
                     type: boolean
+                  enableFencing:
+                    description: |-
+                      Set to true to enable fencing for the driver.
+                      Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                    type: boolean
                   enableMetadata:
                     description: |-
                       Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.

config/crd/bases/csi.ceph.io_operatorconfigs.yaml

@@ -4003,6 +4003,11 @@ spec:
               deployCsiAddons:
                 description: a list of additional sidecars?
                 type: boolean
+              enableFencing:
+                description: |-
+                  Set to true to enable fencing for the driver.
+                  Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                type: boolean
               enableMetadata:
                 description: |-
                   Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.
@@ -17911,6 +17916,11 @@ spec:
                   deployCsiAddons:
                     description: a list of additional sidecars?
                     type: boolean
+                  enableFencing:
+                    description: |-
+                      Set to true to enable fencing for the driver.
+                      Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                    type: boolean
                   enableMetadata:
                     description: |-
                       Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.

deploy/all-in-one/install.yaml

@@ -3524,6 +3524,11 @@ spec:
               deployCsiAddons:
                 description: a list of additional sidecars?
                 type: boolean
+              enableFencing:
+                description: |-
+                  Set to true to enable fencing for the driver.
+                  Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                type: boolean
               enableMetadata:
                 description: |-
                   Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.

deploy/charts/ceph-csi-operator/templates/driver-crd.yaml

@@ -3554,6 +3554,11 @@ spec:
                   deployCsiAddons:
                     description: a list of additional sidecars?
                     type: boolean
+                  enableFencing:
+                    description: |-
+                      Set to true to enable fencing for the driver.
+                      Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                    type: boolean
                   enableMetadata:
                     description: |-
                       Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.

deploy/charts/ceph-csi-operator/templates/operatorconfig-crd.yaml

@@ -3994,6 +3994,11 @@ spec:
               deployCsiAddons:
                 description: a list of additional sidecars?
                 type: boolean
+              enableFencing:
+                description: |-
+                  Set to true to enable fencing for the driver.
+                  Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                type: boolean
               enableMetadata:
                 description: |-
                   Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.
@@ -17902,6 +17907,11 @@ spec:
                   deployCsiAddons:
                     description: a list of additional sidecars?
                     type: boolean
+                  enableFencing:
+                    description: |-
+                      Set to true to enable fencing for the driver.
+                      Fencing is a feature that allows the driver to fence a node when it is tainted with node.kubernetes.io/out-of-service.
+                    type: boolean
                   enableMetadata:
                     description: |-
                       Set to true to enable adding volume metadata on the CephFS subvolumes and RBD images.

deploy/multifile/crd.yaml

@@ -602,6 +602,7 @@ func (r *driverReconcile) reconcileControllerPluginDeployment() error {
 										utils.DriverNameContainerArg(r.driver.Name),
 										utils.PidlimitContainerArg,
 										utils.SetMetadataContainerArg(ptr.Deref(r.driver.Spec.EnableMetadata, false)),
+										utils.SetFencingContainerArg(ptr.Deref(r.driver.Spec.EnableFencing, false)),
 										utils.ClusterNameContainerArg(ptr.Deref(r.driver.Spec.ClusterName, "")),
 										utils.If(forceKernelClient, utils.ForceCephKernelClientContainerArg, ""),
 										utils.If(
@@ -1263,6 +1264,7 @@ func (r *driverReconcile) reconcileNodePluginDeamonSet() error {
 										utils.NodeServerContainerArg,
 										utils.NodeIdContainerArg,
 										utils.DriverNameContainerArg(r.driver.Name),
+										utils.SetFencingContainerArg(ptr.Deref(r.driver.Spec.EnableFencing, false)),
 										utils.EndpointContainerArg,
 										utils.PidlimitContainerArg,
 										utils.If(forceKernelClient, utils.ForceCephKernelClientContainerArg, ""),

internal/controller/driver_controller.go

@@ -419,6 +419,9 @@ func TypeContainerArg(t string) string {
 func SetMetadataContainerArg(on bool) string {
 	return If(on, "--setmetadata=true", "")
 }
+func SetFencingContainerArg(on bool) string {
+	return If(on, "--enable-fencing=true", "")
+}
 func TimeoutContainerArg(timeout int) string {
 	return fmt.Sprintf("--timeout=%ds", timeout)
 }