Merge pull request #314 from dfajmon/volumeattributesclass

STOR-2078: Enable VolumeAttributesClass on AWS EBS for resizer + provisioner

Author: openshift-merge-bot[bot]

assets/base/rbac/volumeattributesclass_reader_provisioner_binding.yaml

@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ${ASSET_SHORT_PREFIX}-csi-volumeattributesclass-reader-provisioner-binding
+subjects:
+  - kind: ServiceAccount
+    name: ${ASSET_PREFIX}-controller-sa
+    namespace: ${NODE_NAMESPACE}
+roleRef:
+  kind: ClusterRole
+  name: openshift-csi-provisioner-volumeattributesclass-reader-role
+  apiGroup: rbac.authorization.k8s.io

assets/base/rbac/volumeattributesclass_reader_resizer_binding.yaml

@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: ${ASSET_SHORT_PREFIX}-csi-volumeattributesclass-reader-resizer-binding
+subjects:
+  - kind: ServiceAccount
+    name: ${ASSET_PREFIX}-controller-sa
+    namespace: ${NODE_NAMESPACE}
+roleRef:
+  kind: ClusterRole
+  name: openshift-csi-resizer-volumeattributesclass-reader-role
+  apiGroup: rbac.authorization.k8s.io

assets/overlays/aws-ebs/generated/hypershift/manifests.yaml

@@ -19,5 +19,7 @@ guestStaticAssetNames:
 - storageclass_gp2.yaml
 - storageclass_gp3.yaml
 - storageclass_reader_resizer_binding.yaml
+- volumeattributesclass_reader_provisioner_binding.yaml
+- volumeattributesclass_reader_resizer_binding.yaml
 - volumesnapshot_reader_provisioner_binding.yaml
 - volumesnapshotclass.yaml

assets/overlays/aws-ebs/generated/hypershift/volumeattributesclass_reader_provisioner_binding.yaml

@@ -0,0 +1,19 @@
+# Generated file. Do not edit. Update using "make update".
+#
+# Loaded from base/rbac/volumeattributesclass_reader_provisioner_binding.yaml
+#   because it's needed by controller sidecar common/sidecars/provisioner.yaml
+#
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ebs-csi-volumeattributesclass-reader-provisioner-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: openshift-csi-provisioner-volumeattributesclass-reader-role
+subjects:
+- kind: ServiceAccount
+  name: aws-ebs-csi-driver-controller-sa
+  namespace: ${NODE_NAMESPACE}

assets/overlays/aws-ebs/generated/hypershift/volumeattributesclass_reader_resizer_binding.yaml

@@ -0,0 +1,19 @@
+# Generated file. Do not edit. Update using "make update".
+#
+# Loaded from base/rbac/volumeattributesclass_reader_resizer_binding.yaml
+#   because it's needed by controller sidecar common/sidecars/resizer.yaml
+#
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ebs-csi-volumeattributesclass-reader-resizer-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: openshift-csi-resizer-volumeattributesclass-reader-role
+subjects:
+- kind: ServiceAccount
+  name: aws-ebs-csi-driver-controller-sa
+  namespace: ${NODE_NAMESPACE}

assets/overlays/aws-ebs/generated/standalone/manifests.yaml

@@ -24,5 +24,7 @@ guestStaticAssetNames:
 - storageclass_gp2.yaml
 - storageclass_gp3.yaml
 - storageclass_reader_resizer_binding.yaml
+- volumeattributesclass_reader_provisioner_binding.yaml
+- volumeattributesclass_reader_resizer_binding.yaml
 - volumesnapshot_reader_provisioner_binding.yaml
 - volumesnapshotclass.yaml

assets/overlays/aws-ebs/generated/standalone/volumeattributesclass_reader_provisioner_binding.yaml

@@ -0,0 +1,19 @@
+# Generated file. Do not edit. Update using "make update".
+#
+# Loaded from base/rbac/volumeattributesclass_reader_provisioner_binding.yaml
+#   because it's needed by controller sidecar common/sidecars/provisioner.yaml
+#
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ebs-csi-volumeattributesclass-reader-provisioner-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: openshift-csi-provisioner-volumeattributesclass-reader-role
+subjects:
+- kind: ServiceAccount
+  name: aws-ebs-csi-driver-controller-sa
+  namespace: ${NODE_NAMESPACE}

assets/overlays/aws-ebs/generated/standalone/volumeattributesclass_reader_resizer_binding.yaml

@@ -0,0 +1,19 @@
+# Generated file. Do not edit. Update using "make update".
+#
+# Loaded from base/rbac/volumeattributesclass_reader_resizer_binding.yaml
+#   because it's needed by controller sidecar common/sidecars/resizer.yaml
+#
+#
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ebs-csi-volumeattributesclass-reader-resizer-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: openshift-csi-resizer-volumeattributesclass-reader-role
+subjects:
+- kind: ServiceAccount
+  name: aws-ebs-csi-driver-controller-sa
+  namespace: ${NODE_NAMESPACE}

pkg/driver/aws-ebs/aws_ebs.go

@@ -3,8 +3,11 @@ package aws_ebs
 import (
 	"context"
 	"fmt"
+	"os"
 	"strings"
+	"time"
 
+	configv1 "github.com/openshift/api/config/v1"
 	opv1 "github.com/openshift/api/operator/v1"
 	"github.com/openshift/csi-operator/assets"
 	"github.com/openshift/csi-operator/pkg/clients"
@@ -13,6 +16,7 @@ import (
 	"github.com/openshift/csi-operator/pkg/generator"
 	"github.com/openshift/csi-operator/pkg/operator/config"
 	"github.com/openshift/library-go/pkg/controller/factory"
+	"github.com/openshift/library-go/pkg/operator/configobserver/featuregates"
 	"github.com/openshift/library-go/pkg/operator/csi/csidrivercontrollerservicecontroller"
 	"github.com/openshift/library-go/pkg/operator/csi/csidrivernodeservicecontroller"
 	"github.com/openshift/library-go/pkg/operator/csi/csistorageclasscontroller"
@@ -23,6 +27,7 @@ import (
 	storagev1 "k8s.io/api/storage/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	corev1listers "k8s.io/client-go/listers/core/v1"
+
 	"k8s.io/klog/v2"
 )
 
@@ -36,6 +41,8 @@ const (
 	trustedCAConfigMap    = "aws-ebs-csi-driver-trusted-ca-bundle"
 	kmsKeyID              = "kmsKeyId"
 
+	operatorImageVersionEnvVarName = "OPERATOR_IMAGE_VERSION"
+
 	generatedAssetBase = "overlays/aws-ebs/generated"
 )
 
@@ -69,6 +76,8 @@ func GetAWSEBSGeneratorConfig() *generator.CSIDriverGeneratorConfig {
 					"--kube-api-qps=20",
 					"--kube-api-burst=100",
 					"--worker-threads=100",
+				).WithAdditionalAssets(
+					"base/rbac/volumeattributesclass_reader_provisioner_binding.yaml",
 				),
 				commongenerator.DefaultAttacher.WithExtraArguments(
 					"--timeout=60s",
@@ -81,6 +90,8 @@ func GetAWSEBSGeneratorConfig() *generator.CSIDriverGeneratorConfig {
 					"--kube-api-qps=20",
 					"--kube-api-burst=100",
 					"--workers=100",
+				).WithAdditionalAssets(
+					"base/rbac/volumeattributesclass_reader_resizer_binding.yaml",
 				),
 				commongenerator.DefaultSnapshotter.WithExtraArguments(
 					"--extra-create-metadata",
@@ -136,12 +147,43 @@ func GetAWSEBSOperatorConfig() *config.OperatorConfig {
 func GetAWSEBSOperatorControllerConfig(ctx context.Context, flavour generator.ClusterFlavour, c *clients.Clients) (*config.OperatorControllerConfig, error) {
 	cfg := operator.NewDefaultOperatorControllerConfig(flavour, c, "AWSEBS")
 
+	// We need featuregate accessor made available to the operator pods
+	desiredVersion := os.Getenv(operatorImageVersionEnvVarName)
+	missingVersion := "0.0.1-snapshot"
+
+	featureGateAccessor := featuregates.NewFeatureGateAccess(
+		desiredVersion,
+		missingVersion,
+		c.ConfigInformers.Config().V1().ClusterVersions(),
+		c.ConfigInformers.Config().V1().FeatureGates(),
+		c.EventRecorder,
+	)
+	go featureGateAccessor.Run(ctx)
+	go c.ConfigInformers.Start(ctx.Done())
+
+	var featureGates featuregates.FeatureGate
+
+	select {
+	case <-featureGateAccessor.InitialFeatureGatesObserved():
+		featureGates, _ = featureGateAccessor.CurrentFeatureGates()
+		klog.Info("FeatureGates initialized", "knownFeatures", featureGates.KnownFeatures())
+	case <-time.After(1 * time.Minute):
+		klog.Error(nil, "timed out waiting for FeatureGate detection")
+		return nil, fmt.Errorf("timed out waiting for FeatureGate detection")
+	}
+
 	// Hooks to run on all clusters
 	cfg.AddDeploymentHookBuilders(c,
 		withAWSRegion,
 		withCustomTags,
 		withCustomEndPoint,
-		withCABundleDeploymentHook)
+		withCABundleDeploymentHook,
+	)
+
+	if featureGates.Enabled(configv1.FeatureGateName("VolumeAttributesClass")) {
+		cfg.AddDeploymentHookBuilders(c, withVolumeAttributesClassHook)
+	}
+
 	cfg.AddDaemonSetHookBuilders(c, withCABundleDaemonSetHook)
 	cfg.AddStorageClassHookBuilders(c, withKMSKeyHook)
 
@@ -434,3 +476,18 @@ func withKMSKeyHook(c *clients.Clients) csistorageclasscontroller.StorageClassHo
 	}
 	return hook
 }
+
+func withVolumeAttributesClassHook(c *clients.Clients) (dc.DeploymentHookFunc, []factory.Informer) {
+	hook := func(_ *opv1.OperatorSpec, deployment *appsv1.Deployment) error {
+		newArg := "--feature-gates=VolumeAttributesClass=true"
+		for i := range deployment.Spec.Template.Spec.Containers {
+			container := &deployment.Spec.Template.Spec.Containers[i]
+			if container.Name == "csi-provisioner" || container.Name == "csi-resizer" {
+				container.Args = append(container.Args, newArg)
+			}
+		}
+
+		return nil
+	}
+	return hook, nil
+}