Merge pull request #172 from andyzhangx/private-link

k8s-ci-robot · web-flow · commit 3ced4169be36 · 2020-06-23T20:01:18.000-07:00
feat: add storage account private link support
diff --git a/deploy/example/pv-blobfuse-csi.yaml b/deploy/example/pv-blobfuse-csi.yaml
@@ -18,6 +18,7 @@ spec:
     volumeHandle: uniqe-volumeid  # make sure this volumeid is unique in the cluster
     volumeAttributes:
       containerName: EXISTING_CONTAINER_NAME
+      server: SERVER_ADDRESS  # optional, provide a new address to replace default "accountname.blob.core.windows.net"
     nodeStageSecretRef:
       name: azure-secret
       namespace: default
diff --git a/deploy/example/storageclass-blobfuse-csi-existing-container.yaml b/deploy/example/storageclass-blobfuse-csi-existing-container.yaml
@@ -9,5 +9,6 @@ parameters:
   resourceGroup: EXISTING_RESOURCE_GROUP
   storageAccount: EXISTING_STORAGE_ACCOUNT
   containerName: EXISTING_CONTAINER_NAME
+  server: SERVER_ADDRESS  # optional, provide a new address to replace default "accountname.blob.core.windows.net"
 reclaimPolicy: Retain  # if set as "Delete" container would be removed after pvc deletion
 volumeBindingMode: Immediate
diff --git a/docs/driver-parameters.md b/docs/driver-parameters.md
@@ -15,6 +15,7 @@ location | specify the location in which blobfuse share will be created | `eastu
 resourceGroup | specify the existing resource group name where the container is | existing resource group name | No | if empty, driver will use the same resource group name as current k8s cluster
 storageAccount | specify the storage account name in which blobfuse share will be created | STORAGE_ACCOUNT_NAME | No | if empty, driver will find a suitable storage account that matches `skuName` in the same resource group; if a storage account name is provided, it means that storage account must exist otherwise there would be error
 containerName | specify the existing container name where blob storage will be created | existing container name | No | if empty, driver will create a new container name, starting with `pvc-fuse`
+server | specify azure storage account server address | existing server address, e.g. `accountname.privatelink.blob.core.windows.net` | No | if empty, driver will use default `accountname.blob.core.windows.net` or other sovereign cloud account address
 
  - `fsGroup` securityContext setting
 
diff --git a/pkg/blobfuse/blobfuse.go b/pkg/blobfuse/blobfuse.go
@@ -42,6 +42,7 @@ const (
 	defaultFileMode  = "0777"
 	defaultDirMode   = "0777"
 	defaultVers      = "3.0"
+	serverNameField  = "server"
 
 	// See https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names
 	containerNameMinLength = 3
diff --git a/pkg/blobfuse/nodeserver.go b/pkg/blobfuse/nodeserver.go
@@ -138,7 +138,18 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 	for _, opt := range mountOptions {
 		args = args + " " + opt
 	}
-	blobStorageEndPoint := fmt.Sprintf("%s.blob.%s", accountName, d.cloud.Environment.StorageEndpointSuffix)
+
+	var blobStorageEndPoint string
+	for k, v := range attrib {
+		switch strings.ToLower(k) {
+		case serverNameField:
+			blobStorageEndPoint = v
+		}
+	}
+	if strings.TrimSpace(blobStorageEndPoint) == "" {
+		// server address is "accountname.blob.core.windows.net" by default
+		blobStorageEndPoint = fmt.Sprintf("%s.blob.%s", accountName, d.cloud.Environment.StorageEndpointSuffix)
+	}
 
 	klog.V(2).Infof("target %v\nfstype %v\n\nvolumeId %v\ncontext %v\nmountflags %v\nmountOptions %v\nargs %v\nblobStorageEndPoint %v",
 		targetPath, fsType, volumeID, attrib, mountFlags, mountOptions, args, blobStorageEndPoint)
