fsGroupPolicy support for Unity XT

pkg/resources/csidriver/csidriver.go

@@ -2,6 +2,7 @@ package csidriver
 
 import (
 	"context"
+
 	rbacv1 "k8s.io/api/rbac/v1"
 	storagev1 "k8s.io/api/storage/v1"
 
@@ -35,9 +36,7 @@ func New(instance csiv1.CSIDriver, ephemeralEnabled bool, dummyClusterRole *rbac
 		VolumeLifecycleModes: modes,
 	}
 
-	if instance.GetDriverType() == "powerstore" || instance.GetDriverType() == "isilon" || instance.GetDriverType() == "powermax" || instance.GetDriverType() == "vxflexos" {
-		spec.FSGroupPolicy = &fsgroup
-	}
+	spec.FSGroupPolicy = &fsgroup
 
 	return &storagev1.CSIDriver{
 		ObjectMeta: metav1.ObjectMeta{

samples/unity_v240_k8s_121.yaml

@@ -0,0 +1,124 @@
+apiVersion: storage.dell.com/v1
+kind: CSIUnity
+metadata:
+  name: test-unity
+  namespace: test-unity
+spec:
+  driver:
+    configVersion: v2.4.0
+    replicas: 2
+    dnsPolicy: ClusterFirstWithHostNet
+    forceUpdate: false
+    # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted.
+    # Allowed values:
+    #   ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
+    #   and the volume's accessModes contains ReadWriteOnce.
+    #   File: kubernetes may use fsGroup to change permissions and ownership of the volume 
+    #   to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
+    #   None: volumes will be mounted with no modifications.
+    # Default value: ReadWriteOnceWithFSType
+    fsGroupPolicy: ReadWriteOnceWithFSType
+    common:
+      image: "dellemc/csi-unity:v2.4.0"
+      imagePullPolicy: IfNotPresent
+    sideCars:
+      - name: provisioner
+        args: ["--volume-name-prefix=csiunity","--default-fstype=ext4"]
+      - name: snapshotter
+        args: ["--snapshot-name-prefix=csiunitysnap"]
+      # Uncomment the following to install 'external-health-monitor' sidecar to enable health monitor of CSI volumes from Controller plugin.
+      # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED  to "true".
+      # - name: external-health-monitor
+      #   args: ["--monitor-interval=60s"]
+
+    controller:
+      envs:
+        # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition.
+        # Install the 'external-health-monitor' sidecar accordingly.
+        # Allowed values:
+        #   true: enable checking of health condition of CSI volumes
+        #   false: disable checking of health condition of CSI volumes
+        # Default value: false
+        - name: X_CSI_HEALTH_MONITOR_ENABLED
+          value: "false"
+
+      # nodeSelector: Define node selection constraints for controller pods.
+      # For the pod to be eligible to run on a node, the node must have each
+      # of the indicated key-value pairs as labels.
+      # Leave as blank to consider all nodes
+      # Allowed values: map of key-value pairs
+      # Default value: None
+      nodeSelector:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  node-role.kubernetes.io/master: ""
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  node-role.kubernetes.io/control-plane: ""
+
+      # tolerations: Define tolerations for the controllers, if required.
+      # Leave as blank to install controller on worker nodes
+      # Default value: None
+      tolerations:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  - key: "node-role.kubernetes.io/master"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  - key: "node-role.kubernetes.io/control-plane"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"      
+
+    node:
+      envs:
+        # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage
+        # Allowed values:
+        #   true: enable checking of health condition of CSI volumes
+        #   false: disable checking of health condition of CSI volumes
+        # Default value: false
+        - name: X_CSI_HEALTH_MONITOR_ENABLED
+          value: "false"
+      # nodeSelector: Define node selection constraints for node pods.
+      # For the pod to be eligible to run on a node, the node must have each
+      # of the indicated key-value pairs as labels.
+      # Leave as blank to consider all nodes
+      # Allowed values: map of key-value pairs
+      # Default value: None
+      nodeSelector:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  node-role.kubernetes.io/master: ""
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  node-role.kubernetes.io/control-plane: ""
+
+      # tolerations: Define tolerations for the node daemonset, if required.
+      # Default value: None
+      tolerations:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  - key: "node-role.kubernetes.io/master"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  - key: "node-role.kubernetes.io/control-plane"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"      
+      #  - key: "node.kubernetes.io/memory-pressure"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+      #  - key: "node.kubernetes.io/disk-pressure"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+      #  - key: "node.kubernetes.io/network-unavailable"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: unity-config-params
+  namespace: test-unity
+data:
+  driver-config-params.yaml: |
+    CSI_LOG_LEVEL: "info"
+    ALLOW_RWO_MULTIPOD_ACCESS: "false"
+    MAX_UNITY_VOLUMES_PER_NODE: "0"
+    SYNC_NODE_INFO_TIME_INTERVAL: "15"
+    TENANT_NAME: ""

samples/unity_v240_k8s_122.yaml

@@ -0,0 +1,123 @@
+apiVersion: storage.dell.com/v1
+kind: CSIUnity
+metadata:
+  name: test-unity
+  namespace: test-unity
+spec:
+  driver:
+    configVersion: v2.4.0
+    replicas: 2
+    dnsPolicy: ClusterFirstWithHostNet
+    forceUpdate: false
+    # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted.
+    # Allowed values:
+    #   ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
+    #   and the volume's accessModes contains ReadWriteOnce.
+    #   File: kubernetes may use fsGroup to change permissions and ownership of the volume 
+    #   to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
+    #   None: volumes will be mounted with no modifications.
+    # Default value: ReadWriteOnceWithFSType
+    fsGroupPolicy: ReadWriteOnceWithFSType
+    common:
+      image: "dellemc/csi-unity:v2.4.0"
+      imagePullPolicy: IfNotPresent
+    sideCars:
+      - name: provisioner
+        args: ["--volume-name-prefix=csiunity","--default-fstype=ext4"]
+      - name: snapshotter
+        args: ["--snapshot-name-prefix=csiunitysnap"]
+      # Uncomment the following to install 'external-health-monitor' sidecar to enable health monitor of CSI volumes from Controller plugin.
+      # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED  to "true".
+      # - name: external-health-monitor
+      #   args: ["--monitor-interval=60s"]
+
+    controller:
+      envs:
+        # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition.
+        # Install the 'external-health-monitor' sidecar accordingly.
+        # Allowed values:
+        #   true: enable checking of health condition of CSI volumes
+        #   false: disable checking of health condition of CSI volumes
+        # Default value: false
+        - name: X_CSI_HEALTH_MONITOR_ENABLED
+          value: "false"
+      # nodeSelector: Define node selection constraints for controller pods.
+      # For the pod to be eligible to run on a node, the node must have each
+      # of the indicated key-value pairs as labels.
+      # Leave as blank to consider all nodes
+      # Allowed values: map of key-value pairs
+      # Default value: None
+      nodeSelector:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  node-role.kubernetes.io/master: ""
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  node-role.kubernetes.io/control-plane: ""
+
+      # tolerations: Define tolerations for the controllers, if required.
+      # Leave as blank to install controller on worker nodes
+      # Default value: None
+      tolerations:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  - key: "node-role.kubernetes.io/master"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  - key: "node-role.kubernetes.io/control-plane"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+
+    node:
+      envs:
+        # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage
+        # Allowed values:
+        #   true: enable checking of health condition of CSI volumes
+        #   false: disable checking of health condition of CSI volumes
+        # Default value: false
+        - name: X_CSI_HEALTH_MONITOR_ENABLED
+          value: "false"
+      # nodeSelector: Define node selection constraints for node pods.
+      # For the pod to be eligible to run on a node, the node must have each
+      # of the indicated key-value pairs as labels.
+      # Leave as blank to consider all nodes
+      # Allowed values: map of key-value pairs
+      # Default value: None
+      nodeSelector:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  node-role.kubernetes.io/master: ""
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  node-role.kubernetes.io/control-plane: ""
+
+      # tolerations: Define tolerations for the node daemonset, if required.
+      # Default value: None
+      tolerations:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  - key: "node-role.kubernetes.io/master"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  - key: "node-role.kubernetes.io/control-plane"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      #  - key: "node.kubernetes.io/memory-pressure"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+      #  - key: "node.kubernetes.io/disk-pressure"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+      #  - key: "node.kubernetes.io/network-unavailable"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: unity-config-params
+  namespace: test-unity
+data:
+  driver-config-params.yaml: |
+    CSI_LOG_LEVEL: "info"
+    ALLOW_RWO_MULTIPOD_ACCESS: "false"
+    MAX_UNITY_VOLUMES_PER_NODE: "0"
+    SYNC_NODE_INFO_TIME_INTERVAL: "15"
+    TENANT_NAME: ""

samples/unity_v240_k8s_123.yaml

@@ -0,0 +1,123 @@
+apiVersion: storage.dell.com/v1
+kind: CSIUnity
+metadata:
+  name: test-unity
+  namespace: test-unity
+spec:
+  driver:
+    configVersion: v2.4.0
+    replicas: 2
+    dnsPolicy: ClusterFirstWithHostNet
+    forceUpdate: false
+    # fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted.
+    # Allowed values:
+    #   ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
+    #   and the volume's accessModes contains ReadWriteOnce.
+    #   File: kubernetes may use fsGroup to change permissions and ownership of the volume 
+    #   to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
+    #   None: volumes will be mounted with no modifications.
+    # Default value: ReadWriteOnceWithFSType
+    fsGroupPolicy: ReadWriteOnceWithFSType
+    common:
+      image: "dellemc/csi-unity:v2.4.0"
+      imagePullPolicy: IfNotPresent
+    sideCars:
+      - name: provisioner
+        args: ["--volume-name-prefix=csiunity","--default-fstype=ext4"]
+      - name: snapshotter
+        args: ["--snapshot-name-prefix=csiunitysnap"]
+      # Uncomment the following to install 'external-health-monitor' sidecar to enable health monitor of CSI volumes from Controller plugin.
+      # Also set the env variable controller.envs.X_CSI_HEALTH_MONITOR_ENABLED  to "true".
+      # - name: external-health-monitor
+      #   args: ["--monitor-interval=60s"]
+
+    controller:
+      envs:
+        # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition.
+        # Install the 'external-health-monitor' sidecar accordingly.
+        # Allowed values:
+        #   true: enable checking of health condition of CSI volumes
+        #   false: disable checking of health condition of CSI volumes
+        # Default value: false
+        - name: X_CSI_HEALTH_MONITOR_ENABLED
+          value: "false"
+      # nodeSelector: Define node selection constraints for controller pods.
+      # For the pod to be eligible to run on a node, the node must have each
+      # of the indicated key-value pairs as labels.
+      # Leave as blank to consider all nodes
+      # Allowed values: map of key-value pairs
+      # Default value: None
+      nodeSelector:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  node-role.kubernetes.io/master: ""
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  node-role.kubernetes.io/control-plane: ""
+
+      # tolerations: Define tolerations for the controllers, if required.
+      # Leave as blank to install controller on worker nodes
+      # Default value: None
+      tolerations:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  - key: "node-role.kubernetes.io/master"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  - key: "node-role.kubernetes.io/control-plane"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+
+    node:
+      envs:
+        # X_CSI_HEALTH_MONITOR_ENABLED: Enable/Disable health monitor of CSI volumes from node plugin - volume usage
+        # Allowed values:
+        #   true: enable checking of health condition of CSI volumes
+        #   false: disable checking of health condition of CSI volumes
+        # Default value: false
+        - name: X_CSI_HEALTH_MONITOR_ENABLED
+          value: "false"
+      # nodeSelector: Define node selection constraints for node pods.
+      # For the pod to be eligible to run on a node, the node must have each
+      # of the indicated key-value pairs as labels.
+      # Leave as blank to consider all nodes
+      # Allowed values: map of key-value pairs
+      # Default value: None
+      nodeSelector:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  node-role.kubernetes.io/master: ""
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  node-role.kubernetes.io/control-plane: ""
+
+      # tolerations: Define tolerations for the node daemonset, if required.
+      # Default value: None
+      tolerations:
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
+      #  - key: "node-role.kubernetes.io/master"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
+      #  - key: "node-role.kubernetes.io/control-plane"
+      #    operator: "Exists"
+      #    effect: "NoSchedule"
+      #  - key: "node.kubernetes.io/memory-pressure"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+      #  - key: "node.kubernetes.io/disk-pressure"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+      #  - key: "node.kubernetes.io/network-unavailable"
+      #    operator: "Exists"
+      #    effect: "NoExecute"
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: unity-config-params
+  namespace: test-unity
+data:
+  driver-config-params.yaml: |
+    CSI_LOG_LEVEL: "info"
+    ALLOW_RWO_MULTIPOD_ACCESS: "false"
+    MAX_UNITY_VOLUMES_PER_NODE: "0"
+    SYNC_NODE_INFO_TIME_INTERVAL: "15"
+    TENANT_NAME: ""