Merge pull request #184 from red-hat-storage/sync_us--main

Syncing latest changes from upstream main for kubernetes-csi-addons
red-hat-storage · Aug 15, 2024 · 9dc5499 · 9dc5499
2 parents b5990a7 + 230f81d
commit 9dc5499
Show file tree

Hide file tree

Showing 9 changed files with 164 additions and 23 deletions.
diff --git a/api/csiaddons/v1alpha1/csiaddonsnode_types.go b/api/csiaddons/v1alpha1/csiaddonsnode_types.go
@@ -74,6 +74,9 @@ type CSIAddonsNodeStatus struct {
 	// for machine parsing and tidy display in the CLI.
 	// +optional
 	Reason string `json:"reason,omitempty"`
+
+	// A list of capabilities advertised by the sidecar
+	Capabilities []string `json:"capabilities,omitempty"`
 }
 
 //+kubebuilder:object:root=true

diff --git a/api/csiaddons/v1alpha1/zz_generated.deepcopy.go b/api/csiaddons/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/csiaddons.openshift.io_csiaddonsnodes.yaml b/config/crd/bases/csiaddons.openshift.io_csiaddonsnodes.yaml
@@ -94,6 +94,11 @@ spec:
           status:
             description: CSIAddonsNodeStatus defines the observed state of CSIAddonsNode
             properties:
+              capabilities:
+                description: A list of capabilities advertised by the sidecar
+                items:
+                  type: string
+                type: array
               message:
                 description: |-
                   Message is a human-readable message indicating details about why the CSIAddonsNode

diff --git a/deploy/controller/crds.yaml b/deploy/controller/crds.yaml
@@ -93,6 +93,11 @@ spec:
           status:
             description: CSIAddonsNodeStatus defines the observed state of CSIAddonsNode
             properties:
+              capabilities:
+                description: A list of capabilities advertised by the sidecar
+                items:
+                  type: string
+                type: array
               message:
                 description: |-
                   Message is a human-readable message indicating details about why the CSIAddonsNode

diff --git a/docs/deploy-controller.md b/docs/deploy-controller.md
@@ -16,25 +16,27 @@ The CSI-Addons Controller can be deployed by different ways:
 
 > Note: Some of the above configuration options can also be configured using [`"csi-addons-config"` configmap](./csi-addons-config.md).
 
+## Installation for latest deployments
+
+The latest CSI-Addons Controller can be installed using the YAML files in `deploy/controller` from `main` branch.
+
 ## Installation for versioned deployments
 
-The CSI-Addons Controller can also be installed  using the YAML files in `deploy/controller`.
-The versioned deployment is possible with the YAML files that get generated for the
-[latest release](https://github.com/csi-addons/kubernetes-csi-addons/releases/latest).
-You can download the YAML files from there, or use them directly with kubectl.
-This is the recommended and easiest way to deploy the controller.
+The versioned deployment of the CSI-Addons Controller can be installed using the specific version's YAML files as shown below:
+
+>Note: set the `RELEASE` variable to the required version.
 
 ```console
-$ cd deploy/controller
+$ export RELEASE="v0.8.0"
 
-$ kubectl create -f crds.yaml
+$ kubectl create -f https://github.com/csi-addons/kubernetes-csi-addons/releases/download/${RELEASE}/crds.yaml
 ...
 customresourcedefinition.apiextensions.k8s.io/csiaddonsnodes.csiaddons.openshift.io created
 customresourcedefinition.apiextensions.k8s.io/networkfences.csiaddons.openshift.io created
 customresourcedefinition.apiextensions.k8s.io/reclaimspacecronjobs.csiaddons.openshift.io created
 customresourcedefinition.apiextensions.k8s.io/reclaimspacejobs.csiaddons.openshift.io created
 
-$ kubectl create -f rbac.yaml
+$ kubectl create -f https://github.com/csi-addons/kubernetes-csi-addons/releases/download/${RELEASE}/rbac.yaml
 ...
 serviceaccount/csi-addons-controller-manager created
 role.rbac.authorization.k8s.io/csi-addons-leader-election-role created
@@ -47,12 +49,14 @@ clusterrolebinding.rbac.authorization.k8s.io/csi-addons-proxy-rolebinding create
 configmap/csi-addons-manager-config created
 service/csi-addons-controller-manager-metrics-service created
 
-$ kubectl create -f setup-controller.yaml
+$ kubectl create -f https://github.com/csi-addons/kubernetes-csi-addons/releases/download/${RELEASE}/setup-controller.yaml
 ...
 deployment.apps/csi-addons-controller-manager created
 ```
 
-* The "crds.yaml" create the required crds for reclaimspace operation.
+This is the recommended and easiest way to deploy the controller.
+
+* The "crds.yaml" create the required crds for csi-addons operations.
 
 * The "rbac.yaml" creates the required rbac.
 

diff --git a/internal/controller/csiaddons/csiaddonsnode_controller.go b/internal/controller/csiaddons/csiaddonsnode_controller.go
@@ -27,6 +27,7 @@ import (
 	csiaddonsv1alpha1 "github.com/csi-addons/kubernetes-csi-addons/api/csiaddons/v1alpha1"
 	"github.com/csi-addons/kubernetes-csi-addons/internal/connection"
 	"github.com/csi-addons/kubernetes-csi-addons/internal/util"
+	"github.com/csi-addons/spec/lib/go/identity"
 
 	"github.com/go-logr/logr"
 	corev1 "k8s.io/api/core/v1"
@@ -142,6 +143,7 @@ func (r *CSIAddonsNodeReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 
 	csiAddonsNode.Status.State = csiaddonsv1alpha1.CSIAddonsNodeStateConnected
 	csiAddonsNode.Status.Message = "Successfully established connection with sidecar"
+	csiAddonsNode.Status.Capabilities = parseCapabilities(newConn.Capabilities)
 	err = r.Client.Status().Update(ctx, csiAddonsNode)
 	if err != nil {
 		logger.Error(err, "Failed to update status")
@@ -271,3 +273,23 @@ func validateCSIAddonsNodeSpec(csiaddonsnode *csiaddonsv1alpha1.CSIAddonsNode) e
 
 	return nil
 }
+
+// parseCapabilities returns a list of capabilities in the format
+// capability.Type
+// e.g. A cap.String with value "service:{type:NODE_SERVICE}"
+// Will be parsed and returned as "service.NODE_SERVICE"
+func parseCapabilities(caps []*identity.Capability) []string {
+	if len(caps) == 0 {
+		return []string{}
+	}
+
+	capabilities := make([]string, len(caps))
+
+	for i, cap := range caps {
+		capStr := strings.ReplaceAll(cap.String(), ":{type:", ".")
+		capStr = strings.ReplaceAll(capStr, "}", "")
+		capabilities[i] = capStr
+	}
+
+	return capabilities
+}
diff --git a/internal/controller/csiaddons/csiaddonsnode_controller_test.go b/internal/controller/csiaddons/csiaddonsnode_controller_test.go
@@ -20,6 +20,8 @@ import (
 	"errors"
 	"testing"
 
+	"github.com/csi-addons/spec/lib/go/identity"
+
 	"github.com/stretchr/testify/assert"
 )
 
@@ -42,3 +44,77 @@ func TestParseEndpoint(t *testing.T) {
 	_, _, _, err = parseEndpoint("pod://pod.ns.cluster.local:5678")
 	assert.Error(t, err)
 }
+
+func TestParseCapabilities(t *testing.T) {
+	tests := []struct {
+		name     string
+		caps     []*identity.Capability
+		expected []string
+	}{
+		{
+			name:     "Empty capabilities",
+			caps:     []*identity.Capability{},
+			expected: []string{},
+		},
+		{
+			name: "Single capability",
+			caps: []*identity.Capability{
+				{
+					Type: &identity.Capability_Service_{
+						Service: &identity.Capability_Service{
+							Type: identity.Capability_Service_NODE_SERVICE,
+						},
+					},
+				},
+			},
+			expected: []string{"service.NODE_SERVICE"},
+		},
+		{
+			name: "Multiple capabilities",
+			caps: []*identity.Capability{
+				{
+					Type: &identity.Capability_Service_{
+						Service: &identity.Capability_Service{
+							Type: identity.Capability_Service_NODE_SERVICE,
+						},
+					},
+				},
+				{
+					Type: &identity.Capability_ReclaimSpace_{
+						ReclaimSpace: &identity.Capability_ReclaimSpace{
+							Type: identity.Capability_ReclaimSpace_ONLINE,
+						},
+					},
+				},
+			},
+			expected: []string{"service.NODE_SERVICE", "reclaim_space.ONLINE"},
+		},
+		{
+			name: "Same capability with different types",
+			caps: []*identity.Capability{
+				{
+					Type: &identity.Capability_ReclaimSpace_{
+						ReclaimSpace: &identity.Capability_ReclaimSpace{
+							Type: identity.Capability_ReclaimSpace_ONLINE,
+						},
+					},
+				},
+				{
+					Type: &identity.Capability_ReclaimSpace_{
+						ReclaimSpace: &identity.Capability_ReclaimSpace{
+							Type: identity.Capability_ReclaimSpace_OFFLINE,
+						},
+					},
+				},
+			},
+			expected: []string{"reclaim_space.ONLINE", "reclaim_space.OFFLINE"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := parseCapabilities(tt.caps)
+			assert.Equal(t, tt.expected, result)
+		})
+	}
+}
diff --git a/internal/controller/csiaddons/persistentvolumeclaim_controller.go b/internal/controller/csiaddons/persistentvolumeclaim_controller.go
@@ -293,7 +293,12 @@ func (r *PersistentVolumeClaimReconciler) determineScheduleAndRequeue(
 // storageClassEventHandler returns an EventHandler that responds to changes
 // in StorageClass objects and generates reconciliation requests for all
 // PVCs associated with the changed StorageClass.
-// PVCs with rsCronJobScheduleTimeAnnotation are not enqueued.
+//
+// PVCs are enqueued for reconciliation if one of the following is true -
+//   - If the StorageClass has ReclaimSpace annotation,
+//     PVCs without ReclaimSpace annotations will be enqueued.
+//   - If the StorageClass has KeyRotation annotation,
+//     PVCs without the KeyRotation annotation will be enqueued.
 func (r *PersistentVolumeClaimReconciler) storageClassEventHandler() handler.EventHandler {
 	return handler.EnqueueRequestsFromMapFunc(
 		func(ctx context.Context, obj client.Object) []reconcile.Request {
@@ -312,17 +317,32 @@ func (r *PersistentVolumeClaimReconciler) storageClassEventHandler() handler.Eve
 				return nil
 			}
 
+			_, scHasReclaimSpaceAnnotation := obj.GetAnnotations()[rsCronJobScheduleTimeAnnotation]
+			_, scHasKeyRotationAnnotation := obj.GetAnnotations()[krcJobScheduleTimeAnnotation]
+
 			var requests []reconcile.Request
 			for _, pvc := range pvcList.Items {
-				if _, ok := pvc.GetAnnotations()[rsCronJobScheduleTimeAnnotation]; ok {
-					continue
+
+				_, pvcHasReclaimSpaceAnnotation := pvc.GetAnnotations()[rsCronJobScheduleTimeAnnotation]
+				_, pvcHasKeyRotationAnnotation := pvc.GetAnnotations()[krcJobScheduleTimeAnnotation]
+
+				needToEnqueue := false
+
+				if scHasReclaimSpaceAnnotation && !pvcHasReclaimSpaceAnnotation {
+					needToEnqueue = true
+				}
+				if scHasKeyRotationAnnotation && !pvcHasKeyRotationAnnotation {
+					needToEnqueue = true
+				}
+
+				if needToEnqueue {
+					requests = append(requests, reconcile.Request{
+						NamespacedName: types.NamespacedName{
+							Name:      pvc.Name,
+							Namespace: pvc.Namespace,
+						},
+					})
 				}
-				requests = append(requests, reconcile.Request{
-					NamespacedName: types.NamespacedName{
-						Name:      pvc.Name,
-						Namespace: pvc.Namespace,
-					},
-				})
 			}
 
 			return requests
@@ -753,7 +773,8 @@ func (r *PersistentVolumeClaimReconciler) processKeyRotation(
 	logger *logr.Logger,
 	req *reconcile.Request,
 	pvc *corev1.PersistentVolumeClaim,
-	pv *corev1.PersistentVolume) error {
+	pv *corev1.PersistentVolume,
+) error {
 	krcJob, err := r.findChildEncryptionKeyRotationCronJob(ctx, logger, req)
 	if err != nil {
 		return err
@@ -796,7 +817,7 @@ func (r *PersistentVolumeClaimReconciler) processKeyRotation(
 		err = r.Client.Update(ctx, krcJob)
 		if err != nil {
 			logger.Error(err, "failed to update encryptionkeyrotationcronjob")
-			return err //ctr.Result
+			return err // ctr.Result
 		}
 
 		logger.Info("successfully updated encryptionkeyrotationcronjob")

diff --git a/internal/sidecar/service/encryptionkeyrotation.go b/internal/sidecar/service/encryptionkeyrotation.go
@@ -90,7 +90,7 @@ func (ekrs *EncryptionKeyRotationServer) EncryptionKeyRotate(
 	if pv.Spec.CSI.NodeStageSecretRef != nil {
 		ekrRequest.Secrets, err = kube.GetSecret(ctx, ekrs.kubeClient, pv.Spec.CSI.NodeStageSecretRef.Name, pv.Spec.CSI.NodeStageSecretRef.Namespace)
 		if err != nil {
-			return nil, status.Errorf(codes.InvalidArgument, err.Error())
+			return nil, status.Error(codes.InvalidArgument, err.Error())
 		}
 	}