add storage driver support for built-in dind (#4371)

* add storage driver support for built-in dind

Signed-off-by: Min Min <[email protected]>

* fix dind not upgrading

Signed-off-by: Min Min <[email protected]>

* add sts support

Signed-off-by: Min Min <[email protected]>

* logic update and fix bug

Signed-off-by: Min Min <[email protected]>

* fix bug

Signed-off-by: Min Min <[email protected]>

* add cluster ID hex

Signed-off-by: Min Min <[email protected]>

* debug

Signed-off-by: Min Min <[email protected]>

* added debug logs

Signed-off-by: Min Min <[email protected]>

* fix panic bug

Signed-off-by: Min Min <[email protected]>

* fix panic

Signed-off-by: Min Min <[email protected]>

* debug

Signed-off-by: Min Min <[email protected]>

* debug logs

Signed-off-by: Min Min <[email protected]>

* possibly fix bugs

Signed-off-by: Min Min <[email protected]>

* restore debug logs

Signed-off-by: Min Min <[email protected]>

* remove unecessary code and change logic on how we update dind

Signed-off-by: Min Min <[email protected]>

* add retry logic so the service does not panic on conflict

Signed-off-by: Min Min <[email protected]>

---------

Signed-off-by: Min Min <[email protected]>

Author: jamsman94

pkg/microservice/aslan/core/common/repository/models/k8s_cluster.go

@@ -108,10 +108,11 @@ type Resources struct {
 }
 
 type DindCfg struct {
-	Replicas   int          `json:"replicas"    bson:"replicas"`
-	Resources  *Resources   `json:"resources"   bson:"resources"`
-	Storage    *DindStorage `json:"storage"     bson:"storage"`
-	StrategyID string       `json:"strategy_id" bson:"strategy_id"`
+	Replicas      int          `json:"replicas"    bson:"replicas"`
+	Resources     *Resources   `json:"resources"      bson:"resources"`
+	Storage       *DindStorage `json:"storage"        bson:"storage"`
+	StrategyID    string       `json:"strategy_id"    bson:"strategy_id"`
+	StorageDriver string       `json:"storage_driver" bson:"storage_driver"`
 }
 
 type DindStorageType string

pkg/microservice/aslan/core/common/service/kube/helm.go

@@ -540,7 +540,6 @@ func EnsureDeleteZadigServiceBySvcName(ctx context.Context, env *commonmodels.Pr
 	}
 	return nil
 }
-
 func DeploySingleHelmRelease(product *commonmodels.Product, productSvc *commonmodels.ProductService,
 	svcTemp *commonmodels.Service, images []string, maxHistory, timeout int, user string) error {
 	chartInfo := productSvc.GetServiceRender()

pkg/microservice/aslan/core/common/service/kube/service.go

@@ -305,7 +305,7 @@ func (s *Service) GetYaml(id, agentImage, aslanURL, hubURI string, useDeployment
 		return nil, err
 	}
 
-	dindReplicas, dindLimitsCPU, dindLimitsMemory, dindEnablePV, dindSCName, dindStorageSizeInGiB := getDindCfg(cluster)
+	dindReplicas, dindLimitsCPU, dindLimitsMemory, dindEnablePV, dindSCName, dindStorageSizeInGiB, dindStorageDriver := getDindCfg(cluster)
 
 	yaml := agentYaml
 	if cluster.AdvancedConfig != nil {
@@ -356,6 +356,7 @@ func (s *Service) GetYaml(id, agentImage, aslanURL, hubURI string, useDeployment
 			DindEnablePV:         dindEnablePV,
 			DindStorageClassName: dindSCName,
 			DindStorageSizeInGiB: dindStorageSizeInGiB,
+			DindStorageDriver:    dindStorageDriver,
 			ScheduleWorkflow:     scheduleWorkflow,
 			EnableIRSA:           cluster.AdvancedConfig.EnableIRSA,
 			IRSARoleARN:          cluster.AdvancedConfig.IRSARoleARM,
@@ -380,6 +381,7 @@ func (s *Service) GetYaml(id, agentImage, aslanURL, hubURI string, useDeployment
 			DindEnablePV:         dindEnablePV,
 			DindStorageClassName: dindSCName,
 			DindStorageSizeInGiB: dindStorageSizeInGiB,
+			DindStorageDriver:    dindStorageDriver,
 			EnableIRSA:           cluster.AdvancedConfig.EnableIRSA,
 			NodeSelector:         cluster.AdvancedConfig.AgentNodeSelector,
 			Toleration:           cluster.AdvancedConfig.AgentToleration,
@@ -406,13 +408,14 @@ func (s *Service) UpdateUpgradeAgentInfo(id, updateHubagentErrorMsg string) erro
 	return err
 }
 
-func getDindCfg(cluster *models.K8SCluster) (replicas int, limitsCPU, limitsMemory string, enablePV bool, scName string, storageSizeInGiB int) {
+func getDindCfg(cluster *models.K8SCluster) (replicas int, limitsCPU, limitsMemory string, enablePV bool, scName string, storageSizeInGiB int, storageDriver string) {
 	replicas = DefaultDindReplicas
 	limitsCPU = strconv.Itoa(DefaultDindLimitsCPU) + setting.CpuUintM
 	limitsMemory = strconv.Itoa(DefaultDindLimitsMemory) + setting.MemoryUintMi
 	enablePV = DefaultDindEnablePV
 	scName = DefaultDindStorageClassName
 	storageSizeInGiB = DefaultDindStorageSizeInGiB
+	storageDriver = ""
 
 	if cluster.DindCfg != nil {
 		if cluster.DindCfg.Replicas > 0 {
@@ -433,6 +436,10 @@ func getDindCfg(cluster *models.K8SCluster) (replicas int, limitsCPU, limitsMemo
 			scName = cluster.DindCfg.Storage.StorageClass
 			storageSizeInGiB = int(cluster.DindCfg.Storage.StorageSizeInGiB)
 		}
+
+		if cluster.DindCfg.StorageDriver != "" {
+			storageDriver = cluster.DindCfg.StorageDriver
+		}
 	}
 
 	return
@@ -676,6 +683,7 @@ type TemplateSchema struct {
 	DindEnablePV         bool
 	DindStorageClassName string
 	DindStorageSizeInGiB int
+	DindStorageDriver    string
 	ScheduleWorkflow     bool
 	EnableIRSA           bool
 	IRSARoleARN          string
@@ -1047,6 +1055,10 @@ spec:
       containers:
         - name: dind
           image: {{.DindImage}}
+          {{- if .DindStorageDriver }}
+          args:
+            - --storage-driver={{.DindStorageDriver}}
+          {{- end }}
           env:
             - name: DOCKER_TLS_CERTDIR
               value: ""
@@ -1188,6 +1200,10 @@ spec:
       containers:
         - name: dind
           image: {{.DindImage}}
+          {{- if .DindStorageDriver }}
+          args:
+            - --storage-driver={{.DindStorageDriver}}
+          {{- end }}
           env:
             - name: DOCKER_TLS_CERTDIR
               value: ""

pkg/microservice/aslan/core/multicluster/service/clusters.go

@@ -1172,26 +1172,43 @@ func UpgradeDind(kclient client.Client, cluster *commonmodels.K8SCluster, ns str
 	}
 
 	ctx := context.TODO()
-	dindSts := &appsv1.StatefulSet{}
-	err := kclient.Get(ctx, client.ObjectKey{
-		Name:      types.DindStatefulSetName,
-		Namespace: ns,
-	}, dindSts)
-	if err != nil {
-		return fmt.Errorf("failed to get dind StatefulSet in local cluster: %s", err)
-	}
 
-	scaleupd := false
-	if *dindSts.Spec.Replicas < int32(cluster.DindCfg.Replicas) {
-		scaleupd = true
+	// Retry logic for handling concurrent modifications
+	err := retryOnConflict(func() error {
+		dindSts := &appsv1.StatefulSet{}
+		err := kclient.Get(ctx, client.ObjectKey{
+			Name:      types.DindStatefulSetName,
+			Namespace: ns,
+		}, dindSts)
+		if err != nil {
+			return fmt.Errorf("failed to get dind StatefulSet in local cluster: %s", err)
+		}
+
+		originalSts := new(appsv1.StatefulSet)
+		err = util.DeepCopy(originalSts, dindSts)
+		if err != nil {
+			return fmt.Errorf("failed to deep copy original dind statefulset, error: %s", err)
+		}
+
+		return applyDindUpgrade(kclient, ctx, dindSts, originalSts, cluster, ns)
+	})
+
+	if err != nil {
+		return err
 	}
 
-	originalSts := new(appsv1.StatefulSet)
-	err = util.DeepCopy(originalSts, dindSts)
+	// Sync registry configuration after successful update
+	err = commonutil.SyncDinDForRegistries()
 	if err != nil {
-		return fmt.Errorf("failed to deep copy original dind statefulset, error: %s", err)
+		log.Errorf("SyncDinDForRegistries error: %v", err)
 	}
 
+	return nil
+}
+
+func applyDindUpgrade(kclient client.Client, ctx context.Context, dindSts, originalSts *appsv1.StatefulSet, cluster *commonmodels.K8SCluster, ns string) error {
+	var err error
+
 	dindSts.Spec.Replicas = util.GetInt32Pointer(int32(cluster.DindCfg.Replicas))
 
 	if cluster.DindCfg.Resources != nil && cluster.DindCfg.Resources.Limits != nil {
@@ -1311,6 +1328,28 @@ func UpgradeDind(kclient client.Client, cluster *commonmodels.K8SCluster, ns str
 		dindSts.Spec.Template.Spec.Affinity = commonutil.AddNodeAffinity(cluster.AdvancedConfig, cluster.DindCfg.StrategyID)
 	}
 
+	// Update storage driver argument if configured
+	if len(dindSts.Spec.Template.Spec.Containers) > 0 {
+		currentArgs := dindSts.Spec.Template.Spec.Containers[0].Args
+		finalArgs := make([]string, 0)
+
+		// Filter out existing storage-driver arguments
+		for _, arg := range currentArgs {
+			if strings.HasPrefix(arg, "--storage-driver=") {
+				continue
+			}
+			finalArgs = append(finalArgs, arg)
+		}
+
+		// Add storage driver arg if configured
+		if cluster.DindCfg.StorageDriver != "" {
+			expectedStorageDriverArg := fmt.Sprintf("--storage-driver=%s", cluster.DindCfg.StorageDriver)
+			finalArgs = append(finalArgs, expectedStorageDriverArg)
+		}
+
+		dindSts.Spec.Template.Spec.Containers[0].Args = finalArgs
+	}
+
 	if stsHasImmutableFieldChanged(originalSts, dindSts) {
 		log.Infof("dind has immutable field changed, recreating dind.")
 		err = kclient.Delete(ctx, dindSts)
@@ -1347,24 +1386,53 @@ func UpgradeDind(kclient client.Client, cluster *commonmodels.K8SCluster, ns str
 			return err
 		}
 	} else {
-		err = kclient.Update(ctx, dindSts)
-		if err != nil {
-			err = fmt.Errorf("failed to update StatefulSet `dind`: %s", err)
-			log.Error(err)
-			return err
+		// Check if StatefulSet is stuck (e.g., due to wrong storage driver) and handle it
+		isStuck := kube.IsStatefulSetStuckInUpdate(dindSts, log.SugaredLogger())
+		if isStuck {
+			log.Warnf("StatefulSet %s/%s is stuck, attempting to fix by deleting stuck pods before update", ns, types.DindStatefulSetName)
+			clusterID := cluster.ID.Hex()
+			clientSet, err := clientmanager.NewKubeClientManager().GetKubernetesClientSet(clusterID)
+			if err != nil {
+				log.Warnf("Failed to get clientset for cluster %s to handle stuck StatefulSet: %v", clusterID, err)
+				// Continue with update even if we can't get clientset
+			} else {
+				if fixErr := kube.HandleStuckStatefulSet(dindSts, clientSet, log.SugaredLogger()); fixErr != nil {
+					log.Warnf("Failed to clean up stuck pods for StatefulSet %s/%s: %v", ns, types.DindStatefulSetName, fixErr)
+					// Continue with update even if cleanup fails
+				}
+			}
 		}
-	}
 
-	if scaleupd {
-		err = commonutil.SyncDinDForRegistries()
+		err := kclient.Update(ctx, dindSts)
 		if err != nil {
-			log.Errorf("SyncDinDForRegistries error: %v", err)
+			return fmt.Errorf("failed to update StatefulSet `dind`: %s", err)
 		}
 	}
 
 	return nil
 }
 
+// retryOnConflict retries the given function on conflict errors
+func retryOnConflict(fn func() error) error {
+	for i := 0; i < 5; i++ {
+		err := fn()
+		if err == nil {
+			return nil
+		}
+
+		if apierrors.IsConflict(err) {
+			log.Warnf("Conflict updating StatefulSet (attempt %d/5), retrying: %s", i+1, err)
+			time.Sleep(time.Duration(100*(i+1)) * time.Millisecond)
+			continue
+		}
+
+		// Non-conflict error, return immediately
+		return err
+	}
+
+	return fmt.Errorf("failed to update after 5 retries due to conflicts")
+}
+
 func GetPVCName(prefix string, nfsProperties *types.NFSProperties) string {
 	name := fmt.Sprintf("%s-storage-%s-%d", prefix, nfsProperties.StorageClass, nfsProperties.StorageSizeInGiB)
 	return util.TruncateName(name, 63)

pkg/microservice/hubagent/server/server.go

@@ -96,7 +96,11 @@ func Serve(ctx context.Context) error {
 }
 
 func initResource() {
-	client := aslan.NewExternal(config2.AslanBaseAddr(), "")
+	token, err := login.GetInternalToken("hub-agent")
+	if err != nil {
+		log.Fatalf("failed to get internal token, err: %s", err)
+	}
+	client := aslan.NewExternal(config2.AslanBaseAddr(), token)
 
 	scheduleWorkflow := config2.ScheduleWorkflow()
 	if scheduleWorkflow == "" {
@@ -110,13 +114,7 @@ func initResource() {
 	}
 
 	if schedule {
-		token, err := login.GetInternalToken("hub-agent")
-		if err != nil {
-			log.Fatalf("failed to get internal token, err: %s", err)
-		}
-		log.Infof("token: %s", token)
-
-		ls, err := client.ListRegistries(token)
+		ls, err := client.ListRegistries()
 		if err != nil {
 			log.Fatalf("failed to list registries from zadig server, error: %s", err)
 		}

pkg/shared/client/aslan/multicluster.go

@@ -97,6 +97,7 @@ type ClusterDetail struct {
 	Provider     int8                     `json:"provider"                  bson:"provider"`
 	Local        bool                     `json:"local"                     bson:"local"`
 	Cache        types.Cache              `json:"cache"                     bson:"cache"`
+	DindCfg      *DindCfg                 `json:"dind_cfg"                  bson:"dind_cfg"`
 
 	// new field in 1.14, intended to enable kubeconfig for cluster management
 	Type       string `json:"type"           bson:"type"` // either agent or kubeconfig supported
@@ -117,6 +118,29 @@ type AdvancedConfig struct {
 	IRSARoleARM       string   `json:"irsa_role_arn"            bson:"irsa_role_arn"`
 }
 
+type DindCfg struct {
+	Replicas      int          `json:"replicas"       bson:"replicas"`
+	Resources     *Resources   `json:"resources"      bson:"resources"`
+	Storage       *DindStorage `json:"storage"        bson:"storage"`
+	StrategyID    string       `json:"strategy_id"    bson:"strategy_id"`
+	StorageDriver string       `json:"storage_driver" bson:"storage_driver"`
+}
+
+type Resources struct {
+	Limits *Limits `json:"limits" bson:"limits"`
+}
+
+type Limits struct {
+	CPU    int `json:"cpu"    bson:"cpu"`
+	Memory int `json:"memory" bson:"memory"`
+}
+
+type DindStorage struct {
+	Type             string `json:"type"                bson:"type"`
+	StorageClass     string `json:"storage_class"       bson:"storage_class"`
+	StorageSizeInGiB int64  `json:"storage_size_in_gib" bson:"storage_size_in_gib"`
+}
+
 func (c *Client) GetClusterInfo(clusterID string) (*ClusterDetail, error) {
 	url := fmt.Sprintf("/cluster/clusters/%s", clusterID)
 

pkg/shared/client/aslan/registries.go

@@ -18,12 +18,11 @@ package aslan
 
 import "github.com/koderover/zadig/v2/pkg/tool/httpclient"
 
-func (c *Client) ListRegistries(token string) ([]*RegistryInfo, error) {
+func (c *Client) ListRegistries() ([]*RegistryInfo, error) {
 	url := "/system/registry/project"
 	res := make([]*RegistryInfo, 0)
 
 	_, err := c.Get(url,
-		httpclient.SetHeader("Authorization", "Bearer "+token),
 		httpclient.SetResult(&res),
 	)
 	if err != nil {