feat: Add DaemonSet mount mode for shared StorageClass mount pods

Introduces a new DaemonSet deployment mode for JuiceFS mount pods when
using StorageClass with mount sharing enabled. This feature provides
better resource management by deploying mount pods as DaemonSets instead
of individual shared pods, with configurable node affinity control
through ConfigMaps.

- **Three mount modes**: per-pvc (default), shared-pod, and daemonset
- **ConfigMap-based configuration**: Control mount mode and node
affinity via `juicefs-mount-config` ConfigMap
- **Node affinity support**: Restrict DaemonSet deployment to specific
nodes using standard Kubernetes node affinity
- **Automatic fallback**: Falls back to shared-pod mode if DaemonSet
cannot schedule on a node
- **Seamless transition**: Works with existing StorageClasses without
modification

- `pkg/juicefs/mount/mount_selector.go`: Dynamic mount type selection
based on configuration
- `pkg/juicefs/mount/daemonset_mount.go`: DaemonSet mount implementation
with scheduling error handling
- `pkg/config/mount_config.go`: ConfigMap parsing for mount mode and
node affinity
- `pkg/config/mount_config_helper.go`: Helper functions for DaemonSet
configuration
- `pkg/juicefs/mount/builder/daemonset.go`: DaemonSet resource builder

Mount modes are configured via ConfigMap in kube-system namespace:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: juicefs-mount-config
  namespace: kube-system
data:
  default: |
    mode: shared-pod  # Options: per-pvc, shared-pod, daemonset
  my-storageclass: |
    mode: daemonset
    nodeAffinity:  # Required for daemonset mode
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: node.kubernetes.io/workload
            operator: In
            values: ["compute"]
```

- **pod_driver.go**: Skip DaemonSet pods in deletion/recreation handlers
- **juicefs.go**: Add MountSelector for dynamic mount type selection and
AuthFs serialization
- **k8sclient**: Add DaemonSet CRUD operations
- **RBAC**: Add DaemonSet permissions to CSI node service account

- `docs/en/guide/daemonset-mount.md`: Comprehensive usage documentation
- `docs/en/guide/mount-pod-configuration.md`: Mount pod configuration
guide
- `deploy/kubernetes/csi-daemonset-mount/`: Example DaemonSet
configurations
- `deploy/kubernetes/mount-config/`: Example ConfigMap configurations

- Unit tests for mount selector logic
- Unit tests for DaemonSet mount implementation
- ConfigMap parsing and validation tests

1. **Better resource utilization**: One mount pod per node instead of
per PVC
2. **Improved control**: Node affinity ensures mount pods only run where
needed
3. **Simplified operations**: Easier to manage and monitor as DaemonSets
4. **Automatic lifecycle**: DaemonSet controller handles pod
creation/deletion
5. **Backward compatible**: Works with existing StorageClasses and mount
sharing

1. Enable `STORAGE_CLASS_SHARE_MOUNT` in CSI Controller and Node
2. Grant DaemonSet RBAC permissions (included in updated manifests)
3. Create ConfigMap with desired mount mode configuration
4. New PVCs will automatically use configured mount mode

- Updated `deploy/k8s.yaml` and `deploy/k8s_before_v1_18.yaml` with
DaemonSet RBAC
- Added DaemonSet resource configurations
- Updated Docker build process for consistency

This feature enhances the JuiceFS CSI Driver's flexibility in managing
mount pods, particularly beneficial for large-scale deployments where
mount pod proliferation can become a resource management challenge.

Author: elijah-rou

.gitignore

@@ -20,3 +20,4 @@ cov2.out
 yalc.lock
 .ropeproject
 dist/
+*.test

.markdownlint-cli2.jsonc

@@ -47,6 +47,7 @@
     },
     "link-fragments": false,
     "no-trailing-slash-in-links": true,
+    "MD029": false,
     "enhanced-proper-names": {
       "code_blocks": false,
       "html_elements": false,

deploy/k8s.yaml

@@ -255,7 +255,19 @@ rules:
   resources:
   - nodes
   verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - get
   - list
+  - watch
+  - create
+  - update
+  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

deploy/k8s_before_v1_18.yaml

@@ -255,7 +255,19 @@ rules:
   resources:
   - nodes
   verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - get
   - list
+  - watch
+  - create
+  - update
+  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

deploy/kubernetes/base/resources.yaml

@@ -555,7 +555,27 @@ spec:
       dnsPolicy: ClusterFirstWithHostNet
       priorityClassName: system-node-critical
       tolerations:
-        - key: CriticalAddonsOnly
+        - operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/disk-pressure
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/memory-pressure
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/pid-pressure
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/unschedulable
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/network-unavailable
           operator: Exists
       containers:
         - name: juicefs-plugin

deploy/kubernetes/csi-daemonset-mount/daemonset.yaml

@@ -0,0 +1,93 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: juicefs-csi-node
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app: juicefs-csi-node
+  template:
+    metadata:
+      labels:
+        app: juicefs-csi-node
+    spec:
+      tolerations:
+        - operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/not-ready
+          operator: Exists
+        - effect: NoExecute
+          key: node.kubernetes.io/unreachable
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/disk-pressure
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/memory-pressure
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/pid-pressure
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/unschedulable
+          operator: Exists
+        - effect: NoSchedule
+          key: node.kubernetes.io/network-unavailable
+          operator: Exists
+      containers:
+        - name: juicefs-plugin
+          image: juicedata/juicefs-csi-driver:latest
+          args:
+            - --endpoint=$(CSI_ENDPOINT)
+            - --logtostderr
+            - --nodeid=$(NODE_NAME)
+            - --v=1
+            - --enable-manager=true
+          env:
+            - name: CSI_ENDPOINT
+              value: unix:/csi/csi.sock
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: JUICEFS_MOUNT_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: JUICEFS_MOUNT_PATH
+              value: /var/lib/juicefs/volume
+            - name: JUICEFS_CONFIG_PATH
+              value: /var/lib/juicefs/config
+            # Enable StorageClass mount sharing
+            - name: STORAGE_CLASS_SHARE_MOUNT
+              value: "true"
+            # Enable DaemonSet deployment for shared mounts
+            - name: STORAGE_CLASS_DAEMONSET
+              value: "true"
+          volumeMounts:
+            - name: kubelet-dir
+              mountPath: /var/lib/kubelet
+              mountPropagation: Bidirectional
+            - name: plugin-dir
+              mountPath: /csi
+            - name: device-dir
+              mountPath: /dev
+              mountPropagation: HostToContainer
+      volumes:
+        - name: kubelet-dir
+          hostPath:
+            path: /var/lib/kubelet
+            type: Directory
+        - name: plugin-dir
+          hostPath:
+            path: /var/lib/kubelet/plugins/csi.juicefs.com
+            type: DirectoryOrCreate
+        - name: device-dir
+          hostPath:
+            path: /dev
+            type: Directory

deploy/kubernetes/csi-daemonset-mount/mount-config.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: juicefs-mount-config
+  namespace: juicefs
+data:
+  # Default configuration for all StorageClasses
+  default: |
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: node-role.kubernetes.io/control-plane
+            operator: DoesNotExist
+
+  # StorageClass "juicefs-sc" configuration
+  juicefs-sc: |
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: juicefs/mount-node
+            operator: In
+            values:
+            - "true"

deploy/kubernetes/csi-daemonset-mount/storageclass-example.yaml

@@ -0,0 +1,49 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: juicefs-sc-daemonset
+provisioner: csi.juicefs.com
+volumeBindingMode: Immediate
+parameters:
+  csi.storage.k8s.io/provisioner-secret-name: juicefs-secret
+  csi.storage.k8s.io/provisioner-secret-namespace: kube-system
+  csi.storage.k8s.io/node-publish-secret-name: juicefs-secret
+  csi.storage.k8s.io/node-publish-secret-namespace: kube-system
+  
+  # JuiceFS specific parameters
+  pathPattern: "${pvc.name}"
+  
+  # Node affinity configuration for DaemonSet mount pods
+  # This example will deploy mount pods only on nodes with specific labels
+  nodeAffinity: |
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: juicefs/mount-node
+          operator: In
+          values:
+          - "true"
+        - key: node-role.kubernetes.io/worker
+          operator: Exists
+    preferredDuringSchedulingIgnoredDuringExecution:
+    - weight: 100
+      preference:
+        matchExpressions:
+        - key: juicefs/high-performance
+          operator: In
+          values:
+          - "true"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: juicefs-secret
+  namespace: kube-system
+type: Opaque
+stringData:
+  name: "test-volume"
+  metaurl: "redis://redis-service:6379/1"
+  storage: "s3"
+  bucket: "https://mybucket.s3.us-west-2.amazonaws.com"
+  access-key: "ACCESS_KEY"
+  secret-key: "SECRET_KEY"

deploy/kubernetes/mount-config/configmap-examples.yaml

@@ -0,0 +1,131 @@
+# Example 1: Default configuration with mixed modes
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: juicefs-mount-config
+  namespace: kube-system
+data:
+  # Default configuration for all StorageClasses
+  default: |
+    mode: shared-pod  # Use shared mount pods by default
+  
+  # High-performance StorageClass uses DaemonSet on specific nodes
+  high-performance-sc: |
+    mode: daemonset
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: node.kubernetes.io/instance-type
+            operator: In
+            values:
+            - m5.xlarge
+            - m5.2xlarge
+            - m5.4xlarge
+  
+  # Development StorageClass uses per-PVC pods for isolation
+  development-sc: |
+    mode: per-pvc
+  
+  # Production StorageClass uses DaemonSet with node affinity
+  production-sc: |
+    mode: daemonset
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: juicefs/mount-node
+            operator: In
+            values:
+            - "true"
+          - key: node-role.kubernetes.io/control-plane
+            operator: DoesNotExist
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 100
+        preference:
+          matchExpressions:
+          - key: juicefs/high-performance
+            operator: In
+            values:
+            - "true"
+
+---
+# Example 2: Simple configuration - all StorageClasses use shared pods
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: juicefs-mount-config
+  namespace: kube-system
+data:
+  default: |
+    mode: shared-pod
+
+---
+# Example 3: DaemonSet-only configuration with different node affinities
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: juicefs-mount-config
+  namespace: kube-system
+data:
+  # Default: DaemonSet on all worker nodes
+  default: |
+    mode: daemonset
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: node-role.kubernetes.io/worker
+            operator: Exists
+  
+  # GPU workloads: DaemonSet only on GPU nodes
+  gpu-storage: |
+    mode: daemonset
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: nvidia.com/gpu
+            operator: Exists
+  
+  # Database storage: DaemonSet on dedicated database nodes
+  database-storage: |
+    mode: daemonset
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: workload-type
+            operator: In
+            values:
+            - database
+
+---
+# Example 4: Migration scenario - gradually move from per-PVC to shared/DaemonSet
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: juicefs-mount-config
+  namespace: kube-system
+data:
+  # Default: Keep existing per-PVC behavior
+  default: |
+    mode: per-pvc
+  
+  # New StorageClasses use shared pods
+  juicefs-sc-v2: |
+    mode: shared-pod
+  
+  # High-traffic StorageClass uses DaemonSet
+  juicefs-sc-high-traffic: |
+    mode: daemonset
+    nodeAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 50
+        preference:
+          matchExpressions:
+          - key: node.kubernetes.io/instance-type
+            operator: In
+            values:
+            - m5.large
+            - m5.xlarge

depot.json

@@ -0,0 +1,3 @@
+{
+  "id": "rbk8l125wg"
+}