Merge pull request #434 from andyzhangx/inline-volume

feat: support inline volume

Author: andyzhangx

charts/latest/blob-csi-driver-v1.2.0.tgz

@@ -6,3 +6,6 @@ metadata:
 spec:
   attachRequired: false
   podInfoOnMount: true
+  volumeLifecycleModes:
+    - Persistent
+    - Ephemeral

charts/latest/blob-csi-driver/templates/csi-blob-driver.yaml

@@ -6,3 +6,6 @@ metadata:
 spec:
   attachRequired: false
   podInfoOnMount: true
+  volumeLifecycleModes:
+    - Persistent
+    - Ephemeral

deploy/csi-blob-driver.yaml

@@ -0,0 +1,26 @@
+---
+kind: Pod
+apiVersion: v1
+metadata:
+  name: nginx-blobfuse-inline-volume
+spec:
+  nodeSelector:
+    "kubernetes.io/os": linux
+  containers:
+    - image: mcr.microsoft.com/oss/nginx/nginx:1.19.5
+      name: nginx-blobfuse
+      command:
+        - "/bin/bash"
+        - "-c"
+        - set -euo pipefail; while true; do echo $(date) >> /mnt/blobfuse/outfile; sleep 1; done
+      volumeMounts:
+        - name: persistent-storage
+          mountPath: "/mnt/blobfuse"
+  volumes:
+    - name: persistent-storage
+      csi:
+        driver: blob.csi.azure.com
+        volumeAttributes:
+          containerName: EXISTING_CONTAINER_NAME
+          secretName: azure-secret
+          secretNamespace: default  # optional, if it's empty, use pod.Namespace by default

deploy/example/nginx-blobfuse-inline-volume.yaml

@@ -57,6 +57,7 @@ const (
 	skuNameField               = "skuname"
 	resourceGroupField         = "resourcegroup"
 	locationField              = "location"
+	secretNameField            = "secretname"
 	secretNamespaceField       = "secretnamespace"
 	containerNameField         = "containername"
 	storeAccountKeyField       = "storeaccountkey"
@@ -236,6 +237,8 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
 	var (
 		accountKey            string
 		accountSasToken       string
+		secretName            string
+		secretNamespace       string
 		keyVaultURL           string
 		keyVaultSecretName    string
 		keyVaultSecretVersion string
@@ -256,6 +259,10 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
 			accountName = v
 		case storageAccountNameField: // for compatibility
 			accountName = v
+		case secretNameField:
+			secretName = v
+		case secretNamespaceField:
+			secretNamespace = v
 		case "azurestorageauthtype":
 			authEnv = append(authEnv, "AZURE_STORAGE_AUTH_TYPE="+v)
 		case "azurestorageidentityclientid":
@@ -297,7 +304,8 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
 	} else {
 		if len(secrets) == 0 {
 			// read from k8s secret first
-			accountKey, err = d.GetStorageAccesskeyFromSecret(accountName, attrib[secretNamespaceField])
+			var name string
+			name, accountKey, err = d.GetStorageAccountFromSecret(secretName, secretNamespace)
 			if err != nil {
 				klog.V(2).Infof("could not get account(%s) key from secret, error: %v, use cluster identity to get account key instead", accountName, err)
 				if rgName == "" {
@@ -308,6 +316,9 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
 					return accountName, containerName, authEnv, fmt.Errorf("no key for storage account(%s) under resource group(%s), err %v", accountName, rgName, err)
 				}
 			}
+			if name != "" {
+				accountName = name
+			}
 		} else {
 			for k, v := range secrets {
 				switch strings.ToLower(k) {
@@ -516,30 +527,27 @@ func (d *Driver) GetStorageAccesskey(accountOptions *azure.AccountOptions, secre
 	}
 
 	// read from k8s secret first
-	accountKey, err := d.GetStorageAccesskeyFromSecret(accountOptions.Name, secretNamespace)
+	_, accountKey, err := d.GetStorageAccountFromSecret(accountOptions.Name, secretNamespace)
 	if err != nil {
 		klog.V(2).Infof("could not get account(%s) key from secret, error: %v, use cluster identity to get account key instead", accountOptions.Name, err)
 		accountKey, err = d.cloud.GetStorageAccesskey(accountOptions.Name, accountOptions.ResourceGroup)
 	}
 	return accountOptions.Name, accountKey, err
 }
 
-// GetStorageAccesskeyFromSecret get storage account key from k8s secret
-func (d *Driver) GetStorageAccesskeyFromSecret(accountName, secretNamespace string) (string, error) {
+// GetStorageAccountFromSecret get storage account key from k8s secret
+// return <accountName, accountKey, error>
+func (d *Driver) GetStorageAccountFromSecret(secretName, secretNamespace string) (string, string, error) {
 	if d.cloud.KubeClient == nil {
-		return "", fmt.Errorf("could not get account(%s) key from secret: KubeClient is nil", accountName)
+		return "", "", fmt.Errorf("could not get account key from secret(%s): KubeClient is nil", secretName)
 	}
 
-	secretName := fmt.Sprintf(secretNameTemplate, accountName)
-	if secretNamespace == "" {
-		secretNamespace = defaultSecretNamespace
-	}
 	secret, err := d.cloud.KubeClient.CoreV1().Secrets(secretNamespace).Get(context.TODO(), secretName, metav1.GetOptions{})
 	if err != nil {
-		return "", fmt.Errorf("could not get secret(%v): %v", secretName, err)
+		return "", "", fmt.Errorf("could not get secret(%v): %v", secretName, err)
 	}
 
-	return string(secret.Data[defaultSecretAccountKey][:]), nil
+	return string(secret.Data[defaultSecretAccountName][:]), string(secret.Data[defaultSecretAccountKey][:]), nil
 }
 
 // getSubnetResourceID get default subnet resource ID from cloud provider config

pkg/blob/blob.go

@@ -54,24 +54,46 @@ func NewMountClient(cc *grpc.ClientConn) *MountClient {
 
 // NodePublishVolume mount the volume from staging to target path
 func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolumeRequest) (*csi.NodePublishVolumeResponse, error) {
-	if req.GetVolumeCapability() == nil {
+	volCap := req.GetVolumeCapability()
+	if volCap == nil {
 		return nil, status.Error(codes.InvalidArgument, "Volume capability missing in request")
 	}
 	volumeID := req.GetVolumeId()
 	if len(req.GetVolumeId()) == 0 {
 		return nil, status.Error(codes.InvalidArgument, "Volume ID missing in request")
 	}
 
-	source := req.GetStagingTargetPath()
-	if len(source) == 0 {
-		return nil, status.Error(codes.InvalidArgument, "Staging target not provided")
-	}
-
 	target := req.GetTargetPath()
 	if len(target) == 0 {
 		return nil, status.Error(codes.InvalidArgument, "Target path not provided")
 	}
 
+	context := req.GetVolumeContext()
+	if context != nil && context["csi.storage.k8s.io/ephemeral"] == "true" {
+		// if secretNamespace is not set, set same namespace as pod
+		secretNamespace := context["csi.storage.k8s.io/pod.namespace"]
+		for k, v := range context {
+			switch strings.ToLower(k) {
+			case secretNamespaceField:
+				secretNamespace = v
+			}
+		}
+		context[secretNamespaceField] = secretNamespace
+		klog.V(2).Infof("NodePublishVolume: ephemeral volume(%s) mount on %s, VolumeContext: %v", volumeID, target, context)
+		_, err := d.NodeStageVolume(ctx, &csi.NodeStageVolumeRequest{
+			StagingTargetPath: target,
+			VolumeContext:     context,
+			VolumeCapability:  volCap,
+			VolumeId:          volumeID,
+		})
+		return &csi.NodePublishVolumeResponse{}, err
+	}
+
+	source := req.GetStagingTargetPath()
+	if len(source) == 0 {
+		return nil, status.Error(codes.InvalidArgument, "Staging target not provided")
+	}
+
 	mountOptions := []string{"bind"}
 	if req.GetReadonly() {
 		mountOptions = append(mountOptions, "ro")

pkg/blob/nodeserver.go

@@ -172,7 +172,8 @@ func TestNodePublishVolume(t *testing.T) {
 		{
 			desc: "Stage path missing",
 			req: csi.NodePublishVolumeRequest{VolumeCapability: &csi.VolumeCapability{AccessMode: &volumeCap},
-				VolumeId: "vol_1"},
+				VolumeId:   "vol_1",
+				TargetPath: sourceTest},
 			expectedErr: status.Error(codes.InvalidArgument, "Staging target not provided"),
 		},
 		{

pkg/blob/nodeserver_test.go

@@ -17,6 +17,7 @@ limitations under the License.
 package e2e
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"os"
@@ -277,18 +278,37 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 		test.Run(cs, ns)
 	})
 
-	ginkgo.It("should create a NFSv3 volume on demand with mount options [nfs]", func() {
-		if isAzureStackCloud {
-			ginkgo.Skip("test case is not available for Azure Stack")
-		}
+	ginkgo.It("should create a volume on demand (Bring Your Own Key)", func() {
+		// get storage account secret name
+		err := os.Chdir("../..")
+		gomega.Expect(err).NotTo(gomega.HaveOccurred())
+		defer func() {
+			err := os.Chdir("test/e2e")
+			gomega.Expect(err).NotTo(gomega.HaveOccurred())
+		}()
+
+		getSecretNameScript := "test/utils/get_storage_account_secret_name.sh"
+		log.Printf("run script: %s\n", getSecretNameScript)
+
+		cmd := exec.Command("bash", getSecretNameScript)
+		output, err := cmd.CombinedOutput()
+		log.Printf("got output: %v, error: %v\n", string(output), err)
+		gomega.Expect(err).NotTo(gomega.HaveOccurred())
+
+		secretName := strings.TrimSuffix(string(output), "\n")
+		log.Printf("got storage account secret name: %v\n", secretName)
+		bringKeyStorageClassParameters["csi.storage.k8s.io/provisioner-secret-name"] = secretName
+		bringKeyStorageClassParameters["csi.storage.k8s.io/node-stage-secret-name"] = secretName
+
 		pods := []testsuites.PodDetails{
 			{
 				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
 				Volumes: []testsuites.VolumeDetails{
 					{
 						ClaimSize: "10Gi",
 						MountOptions: []string{
-							"nconnect=16",
+							"-o allow_other",
+							"--file-cache-timeout-in-seconds=120",
 						},
 						VolumeMount: testsuites.VolumeMountDetails{
 							NameGenerate:      "test-volume-",
@@ -299,17 +319,37 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 			},
 		}
 		test := testsuites.DynamicallyProvisionedCmdVolumeTest{
-			CSIDriver: testDriver,
-			Pods:      pods,
-			StorageClassParameters: map[string]string{
-				"skuName":  "Premium_LRS",
-				"protocol": "nfs",
+			CSIDriver:              testDriver,
+			Pods:                   pods,
+			StorageClassParameters: bringKeyStorageClassParameters,
+		}
+		test.Run(cs, ns)
+	})
+
+	ginkgo.It("should create a volume on demand and resize it [blob.csi.azure.com]", func() {
+		pods := []testsuites.PodDetails{
+			{
+				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
+				Volumes: []testsuites.VolumeDetails{
+					{
+						ClaimSize: "10Gi",
+						VolumeMount: testsuites.VolumeMountDetails{
+							NameGenerate:      "test-volume-",
+							MountPathGenerate: "/mnt/test-",
+						},
+					},
+				},
 			},
 		}
+		test := testsuites.DynamicallyProvisionedResizeVolumeTest{
+			CSIDriver:              testDriver,
+			Pods:                   pods,
+			StorageClassParameters: map[string]string{"skuName": "Standard_LRS"},
+		}
 		test.Run(cs, ns)
 	})
 
-	ginkgo.It("should create a volume on demand (Bring Your Own Key)", func() {
+	ginkgo.It("should create an CSI inline volume [blob.csi.azure.com]", func() {
 		// get storage account secret name
 		err := os.Chdir("../..")
 		gomega.Expect(err).NotTo(gomega.HaveOccurred())
@@ -328,15 +368,27 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 
 		secretName := strings.TrimSuffix(string(output), "\n")
 		log.Printf("got storage account secret name: %v\n", secretName)
-		bringKeyStorageClassParameters["csi.storage.k8s.io/provisioner-secret-name"] = secretName
-		bringKeyStorageClassParameters["csi.storage.k8s.io/node-stage-secret-name"] = secretName
+		segments := strings.Split(secretName, "-")
+		if len(segments) != 5 {
+			ginkgo.Fail(fmt.Sprintf("%s have %d elements, expected: %d ", secretName, len(segments), 5))
+		}
+		accountName := segments[3]
+
+		containerName := "csi-inline-blobfuse-volume"
+		req := makeCreateVolumeReq(containerName)
+		req.Parameters["storageAccount"] = accountName
+		resp, err := blobDriver.CreateVolume(context.Background(), req)
+		if err != nil {
+			ginkgo.Fail(fmt.Sprintf("create volume error: %v", err))
+		}
+		volumeID := resp.Volume.VolumeId
+		ginkgo.By(fmt.Sprintf("Successfully provisioned Blobfuse volume: %q\n", volumeID))
 
 		pods := []testsuites.PodDetails{
 			{
-				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
 				Volumes: []testsuites.VolumeDetails{
 					{
-						ClaimSize: "10Gi",
+						ClaimSize: "100Gi",
 						MountOptions: []string{
 							"-o allow_other",
 							"--file-cache-timeout-in-seconds=120",
@@ -349,21 +401,30 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 				},
 			},
 		}
-		test := testsuites.DynamicallyProvisionedCmdVolumeTest{
-			CSIDriver:              testDriver,
-			Pods:                   pods,
-			StorageClassParameters: bringKeyStorageClassParameters,
+
+		test := testsuites.DynamicallyProvisionedInlineVolumeTest{
+			CSIDriver:     testDriver,
+			Pods:          pods,
+			SecretName:    secretName,
+			ContainerName: containerName,
+			ReadOnly:      false,
 		}
 		test.Run(cs, ns)
 	})
 
-	ginkgo.It("should create a volume on demand and resize it [blob.csi.azure.com]", func() {
+	ginkgo.It("should create a NFSv3 volume on demand with mount options [nfs]", func() {
+		if isAzureStackCloud {
+			ginkgo.Skip("test case is not available for Azure Stack")
+		}
 		pods := []testsuites.PodDetails{
 			{
 				Cmd: "echo 'hello world' > /mnt/test-1/data && grep 'hello world' /mnt/test-1/data",
 				Volumes: []testsuites.VolumeDetails{
 					{
 						ClaimSize: "10Gi",
+						MountOptions: []string{
+							"nconnect=16",
+						},
 						VolumeMount: testsuites.VolumeMountDetails{
 							NameGenerate:      "test-volume-",
 							MountPathGenerate: "/mnt/test-",
@@ -372,10 +433,13 @@ var _ = ginkgo.Describe("[blob-csi-e2e] Dynamic Provisioning", func() {
 				},
 			},
 		}
-		test := testsuites.DynamicallyProvisionedResizeVolumeTest{
-			CSIDriver:              testDriver,
-			Pods:                   pods,
-			StorageClassParameters: map[string]string{"skuName": "Standard_LRS"},
+		test := testsuites.DynamicallyProvisionedCmdVolumeTest{
+			CSIDriver: testDriver,
+			Pods:      pods,
+			StorageClassParameters: map[string]string{
+				"skuName":  "Premium_LRS",
+				"protocol": "nfs",
+			},
 		}
 		test.Run(cs, ns)
 	})