Skip to content

Commit d307c85

Browse files
committed
feat: support inline volume
fix: add secretName field add example fix lint update chart file
1 parent c705089 commit d307c85

File tree

7 files changed

+81
-18
lines changed

7 files changed

+81
-18
lines changed
24 Bytes
Binary file not shown.

charts/latest/blob-csi-driver/templates/csi-blob-driver.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,6 @@ metadata:
66
spec:
77
attachRequired: false
88
podInfoOnMount: true
9+
volumeLifecycleModes:
10+
- Persistent
11+
- Ephemeral

deploy/csi-blob-driver.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,6 @@ metadata:
66
spec:
77
attachRequired: false
88
podInfoOnMount: true
9+
volumeLifecycleModes:
10+
- Persistent
11+
- Ephemeral
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
---
2+
kind: Pod
3+
apiVersion: v1
4+
metadata:
5+
name: nginx-blobfuse-inline-volume
6+
spec:
7+
nodeSelector:
8+
"kubernetes.io/os": linux
9+
containers:
10+
- image: mcr.microsoft.com/oss/nginx/nginx:1.19.5
11+
name: nginx-blobfuse
12+
command:
13+
- "/bin/bash"
14+
- "-c"
15+
- set -euo pipefail; while true; do echo $(date) >> /mnt/blobfuse/outfile; sleep 1; done
16+
volumeMounts:
17+
- name: persistent-storage
18+
mountPath: "/mnt/blobfuse"
19+
volumes:
20+
- name: persistent-storage
21+
csi:
22+
driver: blob.csi.azure.com
23+
volumeAttributes:
24+
containerName: EXISTING_CONTAINER_NAME
25+
secretName: azure-secret
26+
secretNamespace: default # optional, if it's empty, use pod.Namespace by default

pkg/blob/blob.go

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ const (
5757
skuNameField = "skuname"
5858
resourceGroupField = "resourcegroup"
5959
locationField = "location"
60+
secretNameField = "secretname"
6061
secretNamespaceField = "secretnamespace"
6162
containerNameField = "containername"
6263
storeAccountKeyField = "storeaccountkey"
@@ -236,6 +237,8 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
236237
var (
237238
accountKey string
238239
accountSasToken string
240+
secretName string
241+
secretNamespace string
239242
keyVaultURL string
240243
keyVaultSecretName string
241244
keyVaultSecretVersion string
@@ -256,6 +259,10 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
256259
accountName = v
257260
case storageAccountNameField: // for compatibility
258261
accountName = v
262+
case secretNameField:
263+
secretName = v
264+
case secretNamespaceField:
265+
secretNamespace = v
259266
case "azurestorageauthtype":
260267
authEnv = append(authEnv, "AZURE_STORAGE_AUTH_TYPE="+v)
261268
case "azurestorageidentityclientid":
@@ -297,7 +304,8 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
297304
} else {
298305
if len(secrets) == 0 {
299306
// read from k8s secret first
300-
accountKey, err = d.GetStorageAccesskeyFromSecret(accountName, attrib[secretNamespaceField])
307+
var name string
308+
name, accountKey, err = d.GetStorageAccountFromSecret(secretName, secretNamespace)
301309
if err != nil {
302310
klog.V(2).Infof("could not get account(%s) key from secret, error: %v, use cluster identity to get account key instead", accountName, err)
303311
if rgName == "" {
@@ -308,6 +316,9 @@ func (d *Driver) GetAuthEnv(ctx context.Context, volumeID, protocol string, attr
308316
return accountName, containerName, authEnv, fmt.Errorf("no key for storage account(%s) under resource group(%s), err %v", accountName, rgName, err)
309317
}
310318
}
319+
if name != "" {
320+
accountName = name
321+
}
311322
} else {
312323
for k, v := range secrets {
313324
switch strings.ToLower(k) {
@@ -516,30 +527,27 @@ func (d *Driver) GetStorageAccesskey(accountOptions *azure.AccountOptions, secre
516527
}
517528

518529
// read from k8s secret first
519-
accountKey, err := d.GetStorageAccesskeyFromSecret(accountOptions.Name, secretNamespace)
530+
_, accountKey, err := d.GetStorageAccountFromSecret(accountOptions.Name, secretNamespace)
520531
if err != nil {
521532
klog.V(2).Infof("could not get account(%s) key from secret, error: %v, use cluster identity to get account key instead", accountOptions.Name, err)
522533
accountKey, err = d.cloud.GetStorageAccesskey(accountOptions.Name, accountOptions.ResourceGroup)
523534
}
524535
return accountOptions.Name, accountKey, err
525536
}
526537

527-
// GetStorageAccesskeyFromSecret get storage account key from k8s secret
528-
func (d *Driver) GetStorageAccesskeyFromSecret(accountName, secretNamespace string) (string, error) {
538+
// GetStorageAccountFromSecret get storage account key from k8s secret
539+
// return <accountName, accountKey, error>
540+
func (d *Driver) GetStorageAccountFromSecret(secretName, secretNamespace string) (string, string, error) {
529541
if d.cloud.KubeClient == nil {
530-
return "", fmt.Errorf("could not get account(%s) key from secret: KubeClient is nil", accountName)
542+
return "", "", fmt.Errorf("could not get account key from secret(%s): KubeClient is nil", secretName)
531543
}
532544

533-
secretName := fmt.Sprintf(secretNameTemplate, accountName)
534-
if secretNamespace == "" {
535-
secretNamespace = defaultSecretNamespace
536-
}
537545
secret, err := d.cloud.KubeClient.CoreV1().Secrets(secretNamespace).Get(context.TODO(), secretName, metav1.GetOptions{})
538546
if err != nil {
539-
return "", fmt.Errorf("could not get secret(%v): %v", secretName, err)
547+
return "", "", fmt.Errorf("could not get secret(%v): %v", secretName, err)
540548
}
541549

542-
return string(secret.Data[defaultSecretAccountKey][:]), nil
550+
return string(secret.Data[defaultSecretAccountName][:]), string(secret.Data[defaultSecretAccountKey][:]), nil
543551
}
544552

545553
// getSubnetResourceID get default subnet resource ID from cloud provider config

pkg/blob/nodeserver.go

Lines changed: 28 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -54,24 +54,46 @@ func NewMountClient(cc *grpc.ClientConn) *MountClient {
5454

5555
// NodePublishVolume mount the volume from staging to target path
5656
func (d *Driver) NodePublishVolume(ctx context.Context, req *csi.NodePublishVolumeRequest) (*csi.NodePublishVolumeResponse, error) {
57-
if req.GetVolumeCapability() == nil {
57+
volCap := req.GetVolumeCapability()
58+
if volCap == nil {
5859
return nil, status.Error(codes.InvalidArgument, "Volume capability missing in request")
5960
}
6061
volumeID := req.GetVolumeId()
6162
if len(req.GetVolumeId()) == 0 {
6263
return nil, status.Error(codes.InvalidArgument, "Volume ID missing in request")
6364
}
6465

65-
source := req.GetStagingTargetPath()
66-
if len(source) == 0 {
67-
return nil, status.Error(codes.InvalidArgument, "Staging target not provided")
68-
}
69-
7066
target := req.GetTargetPath()
7167
if len(target) == 0 {
7268
return nil, status.Error(codes.InvalidArgument, "Target path not provided")
7369
}
7470

71+
context := req.GetVolumeContext()
72+
if context != nil && context["csi.storage.k8s.io/ephemeral"] == "true" {
73+
// if secretNamespace is not set, set same namespace as pod
74+
secretNamespace := context["csi.storage.k8s.io/pod.namespace"]
75+
for k, v := range context {
76+
switch strings.ToLower(k) {
77+
case secretNamespaceField:
78+
secretNamespace = v
79+
}
80+
}
81+
context[secretNamespaceField] = secretNamespace
82+
klog.V(2).Infof("NodePublishVolume: ephemeral volume(%s) mount on %s, VolumeContext: %v", volumeID, target, context)
83+
_, err := d.NodeStageVolume(ctx, &csi.NodeStageVolumeRequest{
84+
StagingTargetPath: target,
85+
VolumeContext: context,
86+
VolumeCapability: volCap,
87+
VolumeId: volumeID,
88+
})
89+
return &csi.NodePublishVolumeResponse{}, err
90+
}
91+
92+
source := req.GetStagingTargetPath()
93+
if len(source) == 0 {
94+
return nil, status.Error(codes.InvalidArgument, "Staging target not provided")
95+
}
96+
7597
mountOptions := []string{"bind"}
7698
if req.GetReadonly() {
7799
mountOptions = append(mountOptions, "ro")

pkg/blob/nodeserver_test.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,8 @@ func TestNodePublishVolume(t *testing.T) {
172172
{
173173
desc: "Stage path missing",
174174
req: csi.NodePublishVolumeRequest{VolumeCapability: &csi.VolumeCapability{AccessMode: &volumeCap},
175-
VolumeId: "vol_1"},
175+
VolumeId: "vol_1",
176+
TargetPath: sourceTest},
176177
expectedErr: status.Error(codes.InvalidArgument, "Staging target not provided"),
177178
},
178179
{

0 commit comments

Comments
 (0)