feat: bring you own service accounts in helm install

andyzhangx · andyzhangx · commit 053d6060e2b2 · 2021-07-09T07:05:21.000Z
diff --git a/charts/README.md b/charts/README.md
@@ -68,9 +68,13 @@ The following table lists the configurable parameters of the latest Azure Blob S
 | `image.csiResizer.pullPolicy`                         | csi-resizer image pull policy                         | IfNotPresent                                                   |
 | `imagePullSecrets`                                    | Specify docker-registry secret names as an array      | [] (does not add image pull secrets to deployed pods)          |
 | `serviceAccount.create`                               | whether create service account of csi-blob-controller | true                                                           |
+| `serviceAccount.controller`                           | name of service account for csi-blob-controller       | csi-blob-controller-sa                                  |
+| `serviceAccount.node`                                 | name of service account for csi-blob-node             | csi-blob-node-sa                                        |
 | `rbac.create`                                         | whether create rbac of csi-blob-controller            | true                                                           |
+| `controller.name`                                     | name of driver deployment                  | `csi-blob-controller`
 | `controller.replicas`                                 | the replicas of csi-blob-controller                   | 2                                                              |
-| `controller.metricsPort`                              | metrics port of csi-blob-controller                   | 29634                                                          |
+| `controller.metricsPort`                              | metrics port of csi-blob-controller                   | `29634`                                                          |
+| `controller.livenessProbe.healthPort `                | health check port for liveness probe                   | `29632` |
 | `controller.runOnMaster`                              | run controller on master node                         | false                                                          |
 | `controller.logLevel`                                 | controller driver log level                           | `5`                                                            |
 | `controller.resources.csiProvisioner.limits.cpu`      | csi-provisioner cpu limits                            | 100m                                                           |
@@ -92,7 +96,9 @@ The following table lists the configurable parameters of the latest Azure Blob S
 | `controller.affinity`                                 | controller pod affinity                               | {}                                                             |
 | `controller.nodeSelector`                             | controller pod node selector                          | {}                                                             |
 | `controller.tolerations`                              | controller pod tolerations                            | []                                                             |
-| `node.metricsPort`                                    | metrics port of csi-blob-node                         | 29635                                                          |
+| `node.name`                                           | name of driver daemonset                  | `csi-blob-node`
+| `node.metricsPort`                                    | metrics port of csi-blob-node                         | `29635`                                                          |
+| `node.livenessProbe.healthPort `                      | health check port for liveness probe                   | `29633` |
 | `node.logLevel`                                       | node driver log level                                 | `5`                                                            |
 | `node.enableBlobfuseProxy`                            | node enable blobfuse-proxy                            | false                                                          |
 | `node.blobfuseCachePath`                              | blobfuse cache path(`tmp-path`)                       | `/mnt`                                                          |
diff --git a/charts/latest/blob-csi-driver-v1.4.0.tgz b/charts/latest/blob-csi-driver-v1.4.0.tgz
diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml
@@ -1,18 +1,18 @@
 kind: Deployment
 apiVersion: apps/v1
 metadata:
-  name: csi-blob-controller
+  name: {{ .Values.controller.name }}
   namespace: {{ .Release.Namespace }}
 {{ include "blob.labels" . | indent 2 }}
 spec:
   replicas: {{ .Values.controller.replicas }}
   selector:
     matchLabels:
-      app: csi-blob-controller
+      app: {{ .Values.controller.name }}
   template:
     metadata:
 {{ include "blob.labels" . | indent 6 }}
-        app: csi-blob-controller
+        app: {{ .Values.controller.name }}
         {{- if .Values.podLabels }}
 {{- toYaml .Values.podLabels | nindent 8 }}
         {{- end }}
@@ -30,7 +30,7 @@ spec:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
       {{- end }}
       hostNetwork: true
-      serviceAccountName: csi-blob-controller-sa
+      serviceAccountName: {{ .Values.serviceAccount.controller }}
       nodeSelector:
         kubernetes.io/os: linux
         {{- if .Values.controller.runOnMaster}}
@@ -66,7 +66,7 @@ spec:
           args:
             - --csi-address=/csi/csi.sock
             - --probe-timeout=3s
-            - --health-port=29632
+            - --health-port={{ .Values.controller.livenessProbe.healthPort }}
           imagePullPolicy: {{ .Values.image.livenessProbe.pullPolicy }}
           volumeMounts:
             - name: socket-dir
@@ -80,7 +80,7 @@ spec:
             - "--metrics-address=0.0.0.0:{{ .Values.controller.metricsPort }}"
             - "--drivername={{ .Values.driver.name }}"
           ports:
-            - containerPort: 29632
+            - containerPort: {{ .Values.controller.livenessProbe.healthPort }}
               name: healthz
               protocol: TCP
             - containerPort: {{ .Values.controller.metricsPort }}
diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml
@@ -1,17 +1,17 @@
 kind: DaemonSet
 apiVersion: apps/v1
 metadata:
-  name: csi-blob-node
+  name: {{ .Values.node.name }}
   namespace: {{ .Release.Namespace }}
 {{ include "blob.labels" . | indent 2 }}
 spec:
   selector:
     matchLabels:
-      app: csi-blob-node
+      app: {{ .Values.node.name }}
   template:
     metadata:
 {{ include "blob.labels" . | indent 6 }}
-        app: csi-blob-node
+        app: {{ .Values.node.name }}
         {{- if .Values.podLabels }}
 {{- toYaml .Values.podLabels | nindent 8 }}
         {{- end }}
@@ -26,7 +26,7 @@ spec:
       {{- end }}
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
-      serviceAccountName: csi-blob-node-sa
+      serviceAccountName: {{ .Values.serviceAccount.node }}
       nodeSelector:
         kubernetes.io/os: linux
 {{- with .Values.node.nodeSelector }}
@@ -94,7 +94,7 @@ spec:
             - "--metrics-address=0.0.0.0:{{ .Values.node.metricsPort }}"
             - "--drivername={{ .Values.driver.name }}"
           ports:
-            - containerPort: 29633
+            - containerPort: {{ .Values.node.livenessProbe.healthPort }}
               name: healthz
               protocol: TCP
           livenessProbe:
diff --git a/charts/latest/blob-csi-driver/templates/rbac-csi-blob-controller.yaml b/charts/latest/blob-csi-driver/templates/rbac-csi-blob-controller.yaml
@@ -2,7 +2,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: blob-external-provisioner-role
+  name: {{ .Values.rbac.name }}-external-provisioner-role
 {{ include "blob.labels" . | indent 2 }}
 rules:
   - apiGroups: [""]
@@ -32,23 +32,23 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: blob-csi-provisioner-binding
+  name: {{ .Values.rbac.name }}-csi-provisioner-binding
 {{ include "blob.labels" . | indent 2 }}
 subjects:
   - kind: ServiceAccount
-    name: csi-blob-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: blob-external-provisioner-role
+  name: {{ .Values.rbac.name }}-external-provisioner-role
   apiGroup: rbac.authorization.k8s.io
 
 ---
 
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: blob-external-resizer-role
+  name: {{ .Values.rbac.name }}-external-resizer-role
 {{ include "blob.labels" . | indent 2 }}
 rules:
   - apiGroups: [""]
@@ -70,22 +70,22 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: blob-csi-resizer-role
+  name: {{ .Values.rbac.name }}-csi-resizer-role
 {{ include "blob.labels" . | indent 2 }}
 subjects:
   - kind: ServiceAccount
-    name: csi-blob-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: blob-external-resizer-role
+  name: {{ .Values.rbac.name }}-external-resizer-role
   apiGroup: rbac.authorization.k8s.io
 
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-blob-controller-secret-role
+  name: csi-{{ .Values.rbac.name }}-controller-secret-role
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
@@ -95,13 +95,13 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-blob-controller-secret-binding
+  name: csi-{{ .Values.rbac.name }}-controller-secret-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-blob-controller-sa
+    name: {{ .Values.serviceAccount.controller }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: csi-blob-controller-secret-role
+  name: csi-{{ .Values.rbac.name }}-controller-secret-role
   apiGroup: rbac.authorization.k8s.io
 {{ end }}
diff --git a/charts/latest/blob-csi-driver/templates/rbac-csi-blob-node.yaml b/charts/latest/blob-csi-driver/templates/rbac-csi-blob-node.yaml
@@ -3,7 +3,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-blob-node-secret-role
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
 rules:
   - apiGroups: [""]
     resources: ["secrets"]
@@ -13,13 +13,13 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: csi-blob-node-secret-binding
+  name: csi-{{ .Values.rbac.name }}-node-secret-binding
 subjects:
   - kind: ServiceAccount
-    name: csi-blob-node-sa
+    name: {{ .Values.serviceAccount.node }}
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: csi-blob-node-secret-role
+  name: csi-{{ .Values.rbac.name }}-node-secret-role
   apiGroup: rbac.authorization.k8s.io
 {{ end }}
diff --git a/charts/latest/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml b/charts/latest/blob-csi-driver/templates/serviceaccount-csi-blob-controller.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: csi-blob-controller-sa
+  name: {{ .Values.serviceAccount.controller }}
   namespace: {{ .Release.Namespace }}
 {{ include "blob.labels" . | indent 2 }}
 {{- end -}}
diff --git a/charts/latest/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml b/charts/latest/blob-csi-driver/templates/serviceaccount-csi-blob-node.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: csi-blob-node-sa
+  name: {{ .Values.serviceAccount.node }}
   namespace: {{ .Release.Namespace }}
 {{ include "blob.labels" . | indent 2 }}
 {{- end -}}
diff --git a/charts/latest/blob-csi-driver/values.yaml b/charts/latest/blob-csi-driver/values.yaml
@@ -26,13 +26,19 @@ imagePullSecrets: []
 # - name: myRegistryKeySecretName
 
 serviceAccount:
-  create: true
+  create: true # When true, service accounts will be created for you. Set to false if you want to use your own.
+  controller: csi-blob-controller-sa # Name of Service Account to be created or used
+  node: csi-blob-node-sa # Name of Service Account to be created or used
 
 rbac:
   create: true
+  name: blob
 
 controller:
+  name: csi-blob-controller
   metricsPort: 29634
+  livenessProbe:
+    healthPort: 29632
   replicas: 2
   runOnMaster: false
   logLevel: 5
@@ -78,7 +84,10 @@ controller:
       effect: "NoSchedule"
 
 node:
+  name: csi-blob-node
   metricsPort: 29635
+  livenessProbe:
+    healthPort: 29633
   logLevel: 5
   enableBlobfuseProxy: false
   blobfuseCachePath: /mnt
diff --git a/test/external-e2e/run.sh b/test/external-e2e/run.sh
@@ -17,6 +17,7 @@
 set -xe
 
 PROJECT_ROOT=$(git rev-parse --show-toplevel)
+DRIVER="test"
 
 install_ginkgo () {
     apt update -y
@@ -33,8 +34,12 @@ setup_e2e_binaries() {
         export EXTRA_HELM_OPTIONS="--set feature.enableFSGroupPolicy=true"
     fi
 
-    # install csi driver
+     # test on alternative driver name
+    EXTRA_HELM_OPTIONS=$EXTRA_HELM_OPTIONS" --set driver.name=$DRIVER.csi.azure.com --set controller.name=csi-$DRIVER-controller --set node.name=csi-$DRIVER-node"
+    sed -i "s/blob.csi.azure.com/$DRIVER.csi.azure.com/g" deploy/example/storageclass-blobfuse.yaml
+    sed -i "s/blob.csi.azure.com/$DRIVER.csi.azure.com/g" deploy/example/storageclass-blob-nfs.yaml
     make e2e-bootstrap
+    sed -i "s/csi-blob-controller/csi-$DRIVER-controller/g" deploy/example/metrics/csi-blob-controller-svc.yaml
     make create-metrics-svc
 }
 
@@ -53,7 +58,7 @@ mkdir -p /tmp/csi
 if [ ! -z ${EXTERNAL_E2E_TEST_BLOBFUSE} ]; then
     echo "begin to run blobfuse tests ...."
     cp deploy/example/storageclass-blobfuse.yaml /tmp/csi/storageclass.yaml
-    ginkgo -p --progress --v -focus='External.Storage.*blob.csi.azure.com' \
+    ginkgo -p --progress --v -focus="External.Storage.*$DRIVER.csi.azure.com" \
         -skip='\[Disruptive\]|\[Slow\]|allow exec of files on the volume|unmount after the subpath directory is deleted' kubernetes/test/bin/e2e.test  -- \
         -storage.testdriver=$PROJECT_ROOT/test/external-e2e/testdriver-blobfuse.yaml \
         --kubeconfig=$KUBECONFIG
@@ -62,7 +67,7 @@ fi
 if [ ! -z ${EXTERNAL_E2E_TEST_NFS} ]; then
     echo "begin to run NFSv3 tests ...."
     cp deploy/example/storageclass-blob-nfs.yaml /tmp/csi/storageclass.yaml
-    ginkgo -p --progress --v -focus='External.Storage.*blob.csi.azure.com' \
+    ginkgo -p --progress --v -focus="External.Storage.*$DRIVER.csi.azure.com" \
         -skip='\[Disruptive\]|\[Slow\]|pod created with an initial fsgroup, volume contents ownership changed in first pod, new pod with same fsgroup skips ownership changes to the volume contents' kubernetes/test/bin/e2e.test  -- \
         -storage.testdriver=$PROJECT_ROOT/test/external-e2e/testdriver-nfs.yaml \
         --kubeconfig=$KUBECONFIG
diff --git a/test/external-e2e/testdriver-blobfuse.yaml b/test/external-e2e/testdriver-blobfuse.yaml
@@ -5,7 +5,7 @@ ShortName: blobfuse
 StorageClass:
   FromFile: /tmp/csi/storageclass.yaml
 DriverInfo:
-  Name: blob.csi.azure.com
+  Name: test.csi.azure.com
   Capabilities:
     persistence: true
     exec: true
diff --git a/test/external-e2e/testdriver-nfs.yaml b/test/external-e2e/testdriver-nfs.yaml
@@ -5,7 +5,7 @@ ShortName: blobfuse
 StorageClass:
   FromFile: /tmp/csi/storageclass.yaml
 DriverInfo:
-  Name: blob.csi.azure.com
+  Name: test.csi.azure.com
   Capabilities:
     persistence: true
     exec: true
