Implement KEP 4876 Mutable CSINode (kubernetes#130007)

* Implement KEP-4876 Mutable CSINode Allocatable Count

Signed-off-by: torredil <[email protected]>

* Update TestGetNodeAllocatableUpdatePeriod

Signed-off-by: torredil <[email protected]>

* Implement CSINodeUpdater

Signed-off-by: torredil <[email protected]>

* Use sync.Once in csiNodeUpdater

Signed-off-by: torredil <[email protected]>

* ImVerify driver is installed before running periodic updates

Signed-off-by: torredil <[email protected]>

* Update NodeAllocatableUpdatePeriodSeconds type comment

Signed-off-by: torredil <[email protected]>

* Leverage apivalidation.ValidateImmutableField in ValidateCSINodeUpdate

Signed-off-by: torredil <[email protected]>

* Update strategy functions

Signed-off-by: torredil <[email protected]>

* Run hack/update-openapi-spec.sh

Signed-off-by: torredil <[email protected]>

* Update VolumeError.ErrorCode field

Signed-off-by: torredil <[email protected]>

* CSINodeUpdater improvements

Signed-off-by: torredil <[email protected]>

* Iron out concurrency in syncDriverUpdater

Signed-off-by: torredil <[email protected]>

* Run hack/update-openapi-spec.sh

Signed-off-by: torredil <[email protected]>

* Revise logging

Signed-off-by: torredil <[email protected]>

* Revise log in VerifyExhaustedResource

Signed-off-by: torredil <[email protected]>

* Update API validation

Signed-off-by: torredil <[email protected]>

* Add more code coverage

Signed-off-by: torredil <[email protected]>

* Fix pull-kubernetes-linter-hints

Signed-off-by: torredil <[email protected]>

* Update API types documentation

Signed-off-by: torredil <[email protected]>

* Update strategy and validation for new errorCode field

Signed-off-by: torredil <[email protected]>

* Update validation tests after strategy changes

Signed-off-by: torredil <[email protected]>

* Update VA status strategy

Signed-off-by: torredil <[email protected]>

---------

Signed-off-by: torredil <[email protected]>

Author: torredil

api/openapi-spec/swagger.json

@@ -203,6 +203,14 @@ type VolumeError struct {
 	// information.
 	// +optional
 	Message string
+
+	// errorCode is a numeric gRPC code representing the error encountered during Attach or Detach operations.
+	//
+	// This is an optional, alpha field that requires the MutableCSINodeAllocatableCount feature gate being enabled to be set.
+	//
+	// +featureGate=MutableCSINodeAllocatableCount
+	// +optional
+	ErrorCode *int32
 }
 
 // VolumeBindingMode indicates how PersistentVolumeClaims should be bound.
@@ -412,6 +420,20 @@ type CSIDriverSpec struct {
 	// +featureGate=SELinuxMountReadWriteOncePod
 	// +optional
 	SELinuxMount *bool
+
+	// nodeAllocatableUpdatePeriodSeconds specifies the interval between periodic updates of
+	// the CSINode allocatable capacity for this driver. When set, both periodic updates and
+	// updates triggered by capacity-related failures are enabled. If not set, no updates
+	// occur (neither periodic nor upon detecting capacity-related failures), and the
+	// allocatable.count remains static. The minimum allowed value for this field is 10 seconds.
+	//
+	// This is an alpha feature and requires the MutableCSINodeAllocatableCount feature gate to be enabled.
+	//
+	// This field is mutable.
+	//
+	// +featureGate=MutableCSINodeAllocatableCount
+	// +optional
+	NodeAllocatableUpdatePeriodSeconds *int64
 }
 
 // FSGroupPolicy specifies if a CSI Driver supports modifying
@@ -495,6 +517,8 @@ const (
 // there are no CSI Drivers available on the node, or the Kubelet version is low
 // enough that it doesn't create this object.
 // CSINode has an OwnerReference that points to the corresponding node object.
+// When the MutableCSINodeAllocatableCount feature gate is enabled, the allocatable.count
+// field in CSINodeDriver can be updated.
 type CSINode struct {
 	metav1.TypeMeta
 

api/openapi-spec/v3/apis__storage.k8s.io__v1_openapi.json

@@ -18,6 +18,7 @@ package validation
 
 import (
 	"fmt"
+	"math"
 	"reflect"
 	"strings"
 	"time"
@@ -26,6 +27,7 @@ import (
 	apimachineryvalidation "k8s.io/apimachinery/pkg/api/validation"
 	metav1validation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
 	"k8s.io/apimachinery/pkg/util/sets"
+	"k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	api "k8s.io/kubernetes/pkg/apis/core"
@@ -237,6 +239,13 @@ func validateVolumeError(e *storage.VolumeError, fldPath *field.Path) field.Erro
 	if len(e.Message) > maxVolumeErrorMessageSize {
 		allErrs = append(allErrs, field.TooLong(fldPath.Child("message"), "" /*unused*/, maxAttachedVolumeMetadataSize))
 	}
+
+	if e.ErrorCode != nil {
+		value := *e.ErrorCode
+		if value < 0 {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("errorCode"), value, validation.InclusiveRangeError(0, math.MaxInt32)))
+		}
+	}
 	return allErrs
 }
 
@@ -304,17 +313,28 @@ func ValidateCSINode(csiNode *storage.CSINode, validationOpts CSINodeValidationO
 func ValidateCSINodeUpdate(new, old *storage.CSINode, validationOpts CSINodeValidationOptions) field.ErrorList {
 	allErrs := ValidateCSINode(new, validationOpts)
 
-	// Validate modifying fields inside an existing CSINodeDriver entry is not allowed
+	// Validate modifying fields inside an existing CSINodeDriver entry
 	for _, oldDriver := range old.Spec.Drivers {
 		for _, newDriver := range new.Spec.Drivers {
 			if oldDriver.Name == newDriver.Name {
-				if !apiequality.Semantic.DeepEqual(oldDriver, newDriver) {
-					allErrs = append(allErrs, field.Invalid(field.NewPath("CSINodeDriver"), newDriver, "field is immutable"))
+				// If MutableCSINodeAllocatableCount feature gate is enabled, compare drivers without the Allocatable field
+				if utilfeature.DefaultFeatureGate.Enabled(features.MutableCSINodeAllocatableCount) {
+					oldDriverCopy := oldDriver.DeepCopy()
+					newDriverCopy := newDriver.DeepCopy()
+					oldDriverCopy.Allocatable = nil // +k8s:verify-mutation:reason=clone
+					newDriverCopy.Allocatable = nil // +k8s:verify-mutation:reason=clone
+
+					allErrs = append(allErrs,
+						apivalidation.ValidateImmutableField(newDriverCopy, oldDriverCopy, field.NewPath("spec").Child("drivers"))...,
+					)
+				} else {
+					allErrs = append(allErrs,
+						apivalidation.ValidateImmutableField(newDriver, oldDriver, field.NewPath("spec").Child("drivers"))...,
+					)
 				}
 			}
 		}
 	}
-
 	return allErrs
 }
 
@@ -435,6 +455,16 @@ func validateCSIDriverSpec(
 	allErrs = append(allErrs, validateTokenRequests(spec.TokenRequests, fldPath.Child("tokenRequests"))...)
 	allErrs = append(allErrs, validateVolumeLifecycleModes(spec.VolumeLifecycleModes, fldPath.Child("volumeLifecycleModes"))...)
 	allErrs = append(allErrs, validateSELinuxMount(spec.SELinuxMount, fldPath.Child("seLinuxMount"))...)
+	allErrs = append(allErrs, validateNodeAllocatableUpdatePeriodSeconds(spec.NodeAllocatableUpdatePeriodSeconds, fldPath.Child("nodeAllocatableUpdatePeriodSeconds"))...)
+	return allErrs
+}
+
+// validateNodeAllocatableUpdatePeriodSeconds tests if NodeAllocatableUpdatePeriodSeconds is valid for CSIDriver.
+func validateNodeAllocatableUpdatePeriodSeconds(period *int64, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+	if period != nil && *period < 10 {
+		allErrs = append(allErrs, field.Invalid(fldPath, *period, "must be greater than or equal to 10 seconds"))
+	}
 	return allErrs
 }