change blobfuse-proxy from daemonset to initContainer

feat: upgrade to blobfuse v1.4.4 shellcheck shellcheck fix helm rm /tmp fix : 1. do not RESTART blobfuse-proxy 2. move dockerfile from build dir to pkg dir remove Restart=always from service file chore: combine case insensitive key/value setting in parameters fix feat: add runOnControlPlane in chart config Update driver-parameters.md Update driver-parameters.md generate tgz file for latest helm chart move blobfuse-proxy files to pkg dir fix fix test
kubernetes-sigs · Jun 13, 2022 · a48c5c0 · a48c5c0
1 parent 9e5ddf2
commit a48c5c0
Show file tree

Hide file tree

Showing 25 changed files with 244 additions and 309 deletions.
diff --git a/.github/workflows/linux.yaml b/.github/workflows/linux.yaml
@@ -41,7 +41,6 @@ jobs:
       run: |
         export PATH=$PATH:$HOME/.local/bin
         make blobfuse-proxy
-        sudo dpkg -i _output/blobfuse-proxy.deb
 
     - name: Get code coverage
       env:

diff --git a/.gitignore b/.gitignore
@@ -69,5 +69,3 @@ cscope.*
 /bazel-*
 *.pyc
 profile.cov
-
-pkg/blobfuse-proxy/debpackage/usr/
diff --git a/Makefile b/Makefile
@@ -89,7 +89,6 @@ e2e-bootstrap: install-helm
 	docker pull $(IMAGE_TAG) || make blob-container push
 	helm install blob-csi-driver ./charts/latest/blob-csi-driver --namespace kube-system --wait --timeout=15m -v=5 --debug \
 		--set controller.replicas=1 \
-		--set controller.runOnMaster=true \
 		--set cloud=$(CLOUD) \
 		$(E2E_HELM_OPTIONS)
 
@@ -179,6 +178,4 @@ delete-metrics-svc:
 
 .PHONY: blobfuse-proxy
 blobfuse-proxy:
-	mkdir -p ./pkg/blobfuse-proxy/debpackage/usr/bin/ ./_output
-	CGO_ENABLED=0 GOOS=linux go build -mod vendor -ldflags="-s -w" -o ./pkg/blobfuse-proxy/debpackage/usr/bin/blobfuse-proxy ./pkg/blobfuse-proxy
-	$(DPKG_DEB) --build pkg/blobfuse-proxy/debpackage ./_output/blobfuse-proxy.deb
+	CGO_ENABLED=0 GOOS=linux go build -mod vendor -ldflags="-s -w" -o _output/${ARCH}/blobfuse-proxy ./pkg/blobfuse-proxy
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ This driver allows Kubernetes to access Azure Storage through one of following m
 ### Container Images & Kubernetes Compatibility:
 |driver version  |Image                                      | supported k8s version | built-in blobfuse version |
 |----------------|-------------------------------------------|-----------------------|---------------------------|
-|master branch   |mcr.microsoft.com/k8s/csi/blob-csi:latest  | 1.20+                 | 1.4.3                     |
+|master branch   |mcr.microsoft.com/k8s/csi/blob-csi:latest  | 1.20+                 | 1.4.4                     |
 |v1.13.0         |mcr.microsoft.com/k8s/csi/blob-csi:v1.13.0 | 1.20+                 | 1.4.3                     |
 |v1.12.0         |mcr.microsoft.com/k8s/csi/blob-csi:v1.12.0 | 1.20+                 | 1.4.3                     |
 |v1.11.0         |mcr.microsoft.com/k8s/csi/blob-csi:v1.11.0 | 1.20+                 | 1.4.3                     |

diff --git a/charts/README.md b/charts/README.md
@@ -6,8 +6,7 @@
 ### Tips
  - configure with [blobfuse-proxy](../deploy/blobfuse-proxy) to make blobfuse mount still available after driver restart
    - specify `node.enableBlobfuseProxy=true` together with [blobfuse-proxy](../deploy/blobfuse-proxy)
- - make controller only run on master node: `--set controller.runOnMaster=true`
- - enable `fsGroupPolicy` on a k8s 1.20+ cluster: `--set feature.enableFSGroupPolicy=true`
+ - run controller on control plane node: `--set controller.runOnControlPlane=true`
  - set replica of controller as `1`: `--set controller.replicas=1`
  - specify different cloud config secret for the driver:
    - `--set controller.cloudConfigSecretName`
@@ -92,11 +91,12 @@ The following table lists the configurable parameters of the latest Azure Blob S
 | `controller.cloudConfigSecretName`                    | cloud config secret name of controller driver               | `azure-cloud-provider`
 | `controller.cloudConfigSecretNamespace`               | cloud config secret namespace of controller driver          | `kube-system`
 | `controller.allowEmptyCloudConfig`                    | Whether allow running controller driver without cloud config          | `true`
-| `controller.replicas`                                 | the replicas of csi-blob-controller                   | `2`                                                              |
+| `controller.replicas`                                 | replica number of csi-blob-controller                   | `2`                                                              |
 | `controller.hostNetwork`                              | `hostNetwork` setting on controller driver(could be disabled if controller does not depend on MSI setting)                            | `true`                                                            | `true`, `false`
 | `controller.metricsPort`                              | metrics port of csi-blob-controller                   | `29634`                                                          |
 | `controller.livenessProbe.healthPort `                | health check port for liveness probe                   | `29632` |
-| `controller.runOnMaster`                              | run controller on master node                         | `true`                                                          |
+| `controller.runOnMaster`                              | run controller on master node                         | `false`                                                          |
+| `controller.runOnControlPlane`                        | run controller on control plane node                                                          |`false`                                                           |
 | `controller.logLevel`                                 | controller driver log level                           | `5`                                                            |
 | `controller.resources.csiProvisioner.limits.memory`   | csi-provisioner memory limits                         | 100Mi                                                          |
 | `controller.resources.csiProvisioner.requests.cpu`    | csi-provisioner cpu requests                   | 10m                                                            |

diff --git a/charts/latest/blob-csi-driver-v1.14.0.tgz b/charts/latest/blob-csi-driver-v1.14.0.tgz
diff --git a/charts/latest/blob-csi-driver/templates/blobfuse-proxy.yaml b/charts/latest/blob-csi-driver/templates/blobfuse-proxy.yaml
diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-controller.yaml
@@ -40,6 +40,9 @@ spec:
         {{- if .Values.controller.runOnMaster}}
         node-role.kubernetes.io/master: ""
         {{- end}}
+        {{- if .Values.controller.runOnControlPlane}}
+        node-role.kubernetes.io/control-plane: ""
+        {{- end}}
 {{- with .Values.controller.nodeSelector }}
 {{ toYaml . | indent 8 }}
 {{- end }}

diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml
@@ -32,6 +32,9 @@ spec:
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
       {{- end }}
+{{- if .Values.node.enableBlobfuseProxy }}
+      hostPID: true
+{{- end }}
       hostNetwork: true
       dnsPolicy: Default
       serviceAccountName: {{ .Values.serviceAccount.node }}
@@ -56,6 +59,38 @@ spec:
 {{- with .Values.node.tolerations }}
       tolerations:
 {{ toYaml . | indent 8 }}
+{{- end }}
+{{- if .Values.node.enableBlobfuseProxy }}
+      initContainers:
+        - name: install-blobfuse-proxy
+{{- if hasPrefix "/" .Values.image.blob.repository }}
+          image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- else }}
+          image: "{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
+{{- end }}
+          imagePullPolicy: IfNotPresent
+          command:
+            - "/blobfuse-proxy/init.sh"
+          securityContext:
+            privileged: true
+          env:
+            - name: DEBIAN_FRONTEND
+              value: "noninteractive"
+            - name: INSTALL_BLOBFUSE
+              value: "{{ .Values.node.blobfuseProxy.installBlobfuse }}"
+            - name: BLOBFUSE_VERSION
+              value: "{{ .Values.node.blobfuseProxy.blobfuseVersion }}"
+            - name: SET_MAX_OPEN_FILE_NUM
+              value: "{{ .Values.node.blobfuseProxy.setMaxOpenFileNum }}"
+            - name: MAX_FILE_NUM
+              value: "{{ .Values.node.blobfuseProxy.maxOpenFileNum }}"
+            - name: DISABLE_UPDATEDB
+              value: "{{ .Values.node.blobfuseProxy.disableUpdateDB }}"
+          volumeMounts:
+            - name: host-usr
+              mountPath: /host/usr
+            - name: host-etc
+              mountPath: /host/etc
 {{- end }}
       containers:
         - name: liveness-probe
@@ -188,6 +223,14 @@ spec:
             {{- end }}
           resources: {{- toYaml .Values.node.resources.blob | nindent 12 }}
       volumes:
+{{- if .Values.node.enableBlobfuseProxy }}
+        - name: host-usr
+          hostPath:
+            path: /usr
+        - name: host-etc
+          hostPath:
+            path: /etc
+{{- end }}
         - hostPath:
             path: {{ .Values.linux.kubelet }}/plugins/{{ .Values.driver.name }}
             type: DirectoryOrCreate

diff --git a/charts/latest/blob-csi-driver/values.yaml b/charts/latest/blob-csi-driver/values.yaml
@@ -64,6 +64,7 @@ controller:
     healthPort: 29632
   replicas: 2
   runOnMaster: false
+  runOnControlPlane: false
   logLevel: 5
   resources:
     csiProvisioner:
@@ -117,7 +118,7 @@ node:
   enableBlobfuseProxy: false
   blobfuseProxy:
     installBlobfuse: true
-    blobfuseVersion: 1.4.3
+    blobfuseVersion: 1.4.4
     setMaxOpenFileNum: true
     maxOpenFileNum: "9000000"
     disableUpdateDB: true
@@ -147,8 +148,6 @@ node:
   nodeSelector: {}
   tolerations:
     - operator: "Exists"
-  livenessProbe:
-    healthPort: 29633
 
 feature:
   enableFSGroupPolicy: false