Merge pull request #694 from andyzhangx/runOnControlPlane

feat: add runOnControlPlane in chart config

Author: andyzhangx

Makefile

@@ -89,7 +89,6 @@ e2e-bootstrap: install-helm
 	docker pull $(IMAGE_TAG) || make blob-container push
 	helm install blob-csi-driver ./charts/latest/blob-csi-driver --namespace kube-system --wait --timeout=15m -v=5 --debug \
 		--set controller.replicas=1 \
-		--set controller.runOnMaster=true \
 		--set cloud=$(CLOUD) \
 		$(E2E_HELM_OPTIONS)
 

charts/README.md

@@ -6,8 +6,7 @@
 ### Tips
  - configure with [blobfuse-proxy](../deploy/blobfuse-proxy) to make blobfuse mount still available after driver restart
    - specify `node.enableBlobfuseProxy=true` together with [blobfuse-proxy](../deploy/blobfuse-proxy)
- - make controller only run on master node: `--set controller.runOnMaster=true`
- - enable `fsGroupPolicy` on a k8s 1.20+ cluster: `--set feature.enableFSGroupPolicy=true`
+ - run controller on control plane node: `--set controller.runOnControlPlane=true`
  - set replica of controller as `1`: `--set controller.replicas=1`
  - specify different cloud config secret for the driver:
    - `--set controller.cloudConfigSecretName`
@@ -92,11 +91,12 @@ The following table lists the configurable parameters of the latest Azure Blob S
 | `controller.cloudConfigSecretName`                    | cloud config secret name of controller driver               | `azure-cloud-provider`
 | `controller.cloudConfigSecretNamespace`               | cloud config secret namespace of controller driver          | `kube-system`
 | `controller.allowEmptyCloudConfig`                    | Whether allow running controller driver without cloud config          | `true`
-| `controller.replicas`                                 | the replicas of csi-blob-controller                   | `2`                                                              |
+| `controller.replicas`                                 | replica number of csi-blob-controller                   | `2`                                                              |
 | `controller.hostNetwork`                              | `hostNetwork` setting on controller driver(could be disabled if controller does not depend on MSI setting)                            | `true`                                                            | `true`, `false`
 | `controller.metricsPort`                              | metrics port of csi-blob-controller                   | `29634`                                                          |
 | `controller.livenessProbe.healthPort `                | health check port for liveness probe                   | `29632` |
-| `controller.runOnMaster`                              | run controller on master node                         | `true`                                                          |
+| `controller.runOnMaster`                              | run controller on master node                         | `false`                                                          |
+| `controller.runOnControlPlane`                        | run controller on control plane node                                                          |`false`                                                           |
 | `controller.logLevel`                                 | controller driver log level                           | `5`                                                            |
 | `controller.resources.csiProvisioner.limits.memory`   | csi-provisioner memory limits                         | 100Mi                                                          |
 | `controller.resources.csiProvisioner.requests.cpu`    | csi-provisioner cpu requests                   | 10m                                                            |

charts/latest/blob-csi-driver-v1.14.0.tgz

@@ -40,6 +40,9 @@ spec:
         {{- if .Values.controller.runOnMaster}}
         node-role.kubernetes.io/master: ""
         {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
 {{- with .Values.controller.nodeSelector }}
 {{ toYaml . | indent 8 }}
 {{- end }}

charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml

@@ -64,6 +64,7 @@ controller:
     healthPort: 29632
   replicas: 2
   runOnMaster: false
+  runOnControlPlane: false
   logLevel: 5
   resources:
     csiProvisioner:

charts/latest/blob-csi-driver/values.yaml

@@ -803,3 +803,18 @@ func createStorageAccountSecret(account, key string) map[string]string {
 	secret[defaultSecretAccountKey] = key
 	return secret
 }
+
+// setKeyValueInMap set key/value pair in map
+// key in the map is case insensitive, if key already exists, overwrite existing value
+func setKeyValueInMap(m map[string]string, key, value string) {
+	if m == nil {
+		return
+	}
+	for k := range m {
+		if strings.EqualFold(k, key) {
+			m[k] = value
+			return
+		}
+	}
+	m[key] = value
+}

pkg/blob/blob.go

@@ -950,3 +950,57 @@ func TestCreateStorageAccountSecret(t *testing.T) {
 		t.Errorf("Expected account name(%s), Actual account name(%s); Expected account key(%s), Actual account key(%s)", "TestAccountName", result[defaultSecretAccountName], "TestAccountKey", result[defaultSecretAccountKey])
 	}
 }
+
+func TestSetKeyValueInMap(t *testing.T) {
+	tests := []struct {
+		desc     string
+		m        map[string]string
+		key      string
+		value    string
+		expected map[string]string
+	}{
+		{
+			desc:  "nil map",
+			key:   "key",
+			value: "value",
+		},
+		{
+			desc:     "empty map",
+			m:        map[string]string{},
+			key:      "key",
+			value:    "value",
+			expected: map[string]string{"key": "value"},
+		},
+		{
+			desc:  "non-empty map",
+			m:     map[string]string{"k": "v"},
+			key:   "key",
+			value: "value",
+			expected: map[string]string{
+				"k":   "v",
+				"key": "value",
+			},
+		},
+		{
+			desc:     "same key already exists",
+			m:        map[string]string{"subDir": "value2"},
+			key:      "subDir",
+			value:    "value",
+			expected: map[string]string{"subDir": "value"},
+		},
+		{
+			desc:     "case insentive key already exists",
+			m:        map[string]string{"subDir": "value2"},
+			key:      "subdir",
+			value:    "value",
+			expected: map[string]string{"subDir": "value"},
+		},
+	}
+
+	for _, test := range tests {
+		setKeyValueInMap(test.m, test.key, test.value)
+		if !reflect.DeepEqual(test.m, test.expected) {
+			t.Errorf("test[%s]: unexpected output: %v, expected result: %v", test.desc, test.m, test.expected)
+		}
+	}
+}

pkg/blob/blob_test.go

@@ -296,7 +296,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 			validContainerName = containerNamePrefix + "-" + volName
 		}
 		validContainerName = getValidContainerName(validContainerName, protocol)
-		parameters[containerNameField] = validContainerName
+		setKeyValueInMap(parameters, containerNameField, validContainerName)
 	}
 
 	var volumeID string
@@ -343,7 +343,7 @@ func (d *Driver) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest)
 
 	isOperationSucceeded = true
 	// reset secretNamespace field in VolumeContext
-	parameters[secretNamespaceField] = secretNamespace
+	setKeyValueInMap(parameters, secretNamespaceField, secretNamespace)
 	return &csi.CreateVolumeResponse{
 		Volume: &csi.Volume{
 			VolumeId:      volumeID,

pkg/blob/controllerserver.go

@@ -76,11 +76,11 @@ func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolu
 	context := req.GetVolumeContext()
 	if context != nil {
 		if strings.EqualFold(context[ephemeralField], trueValue) {
-			context[secretNamespaceField] = context[podNamespaceField]
+			setKeyValueInMap(context, secretNamespaceField, context[podNamespaceField])
 			if !d.allowInlineVolumeKeyAccessWithIdentity {
 				// only get storage account from secret
-				context[getAccountKeyFromSecretField] = trueValue
-				context[storageAccountField] = ""
+				setKeyValueInMap(context, getAccountKeyFromSecretField, trueValue)
+				setKeyValueInMap(context, storageAccountField, "")
 			}
 			klog.V(2).Infof("NodePublishVolume: ephemeral volume(%s) mount on %s, VolumeContext: %v", volumeID, target, context)
 			_, err := d.NodeStageVolume(ctx, &csi.NodeStageVolumeRequest{