Skip to content

Commit

Permalink
Merge pull request kubernetes-csi#22 from jsafrane/rebase-v3.0.0-rc2
Browse files Browse the repository at this point in the history 
Bug 1855581: Rebase v3.0.0
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot authored Sep 10, 2020
2 parents 8a42c5e + 26cc65a commit 0dda324
Show file tree
Hide file tree
Showing 1,323 changed files with 114,820 additions and 129,550 deletions.
1 change: 1 addition & 0 deletions .cloudbuild.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
release-tools/cloudbuild.sh
22 changes: 22 additions & 0 deletions .prow.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,26 @@

. release-tools/prow.sh

# This check assumes that the current configuration uses a driver deployment
# which has been updated to use v1 APIs that aren't available in Kubernetes < 1.17.
# TODO: The check can be removed when all Prow jobs for Kubernetes < 1.17 are removed.
if ! (version_gt "${CSI_PROW_KUBERNETES_VERSION}" "1.16.255" || [ "${CSI_PROW_KUBERNETES_VERSION}" == "latest" ]); then
filtered_tests=
skipped_tests=
for test in ${CSI_PROW_TESTS}; do
case "$test" in
parallel | parallel | serial | parallel-alpha | serial-alpha)
skipped_tests="$skipped_tests $test"
;;
*)
filtered_tests="$filtered_tests $test"
;;
esac
done
if [ "$skipped_tests" ]; then
info "Testing on Kubernetes ${CSI_PROW_KUBERNETES_VERSION} is no longer supported. Skipping CSI_PROW_TESTS: $skipped_tests."
CSI_PROW_TESTS="$filtered_tests"
fi
fi

main
0 CHANGELOG-1.1.md → CHANGELOG/CHANGELOG-1.1.md
View file
File renamed without changes.
0 CHANGELOG-1.2.md → CHANGELOG/CHANGELOG-1.2.md
View file
File renamed without changes.
0 CHANGELOG-2.0.md → CHANGELOG/CHANGELOG-2.0.md
View file
File renamed without changes.
0 CHANGELOG-2.1.md → CHANGELOG/CHANGELOG-2.1.md
View file
File renamed without changes.
0 CHANGELOG-2.2.md → CHANGELOG/CHANGELOG-2.2.md
View file
File renamed without changes.
127 changes: 127 additions & 0 deletions CHANGELOG/CHANGELOG-3.0.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# Release notes for v3.0.0

[Documentation](https://kubernetes-csi.github.io/docs/)

# Changelog since v2.2.0

## Urgent Upgrade Notes

### (No, really, you MUST read this before you upgrade)

- Update volumeAttachment to v1

RBAC policy was updated to allow the external-attacher to patch VolumeAttachment.Status ([#200](https://github.com/kubernetes-csi/external-attacher/pull/200), [@cwdsuzhou](https://github.com/cwdsuzhou))
- Use GA version of CSINode object. The external-attacher now requires Kubernetes 1.17. ([#193](https://github.com/kubernetes-csi/external-attacher/pull/193), [@bertinatto](https://github.com/bertinatto))

## Changes by Kind

### Feature

- Added support for migration of Kubernetes in-tree VMware volumes to CSI. ([#236](https://github.com/kubernetes-csi/external-attacher/pull/236), [@divyenpatel](https://github.com/divyenpatel))

### Bug or Regression

- Fixes an issue in volume attachment reconciler when the CSI driver supports LIST_VOLUMES_PUBLISHED_NODES but does not implement CSI migration. ([#244](https://github.com/kubernetes-csi/external-attacher/pull/244), [@yuga711](https://github.com/yuga711))
- Use dedicated Kubernetes client for leader election that does not get throttled when the external-attacher is under heavy load. ([#242](https://github.com/kubernetes-csi/external-attacher/pull/242), [@jsafrane](https://github.com/jsafrane))

### Other (Cleanup or Flake)

- Removed support of go dep. ([#239](https://github.com/kubernetes-csi/external-attacher/pull/239), [@jsafrane](https://github.com/jsafrane))

### Uncategorized

- Build with Go 1.15 ([#246](https://github.com/kubernetes-csi/external-attacher/pull/246), [@pohly](https://github.com/pohly))
- Publishing of images on k8s.gcr.io ([#231](https://github.com/kubernetes-csi/external-attacher/pull/231), [@pohly](https://github.com/pohly))
- Updated client-go to v0.18 ([#221](https://github.com/kubernetes-csi/external-attacher/pull/221), [@humblec](https://github.com/humblec))

## Dependencies

### Added
- cloud.google.com/go/bigquery: v1.0.1
- cloud.google.com/go/datastore: v1.0.0
- cloud.google.com/go/pubsub: v1.0.1
- cloud.google.com/go/storage: v1.0.0
- dmitri.shuralyov.com/gpu/mtl: 666a987
- github.com/BurntSushi/xgb: [27f1227](https://github.com/BurntSushi/xgb/tree/27f1227)
- github.com/chzyer/logex: [v1.1.10](https://github.com/chzyer/logex/tree/v1.1.10)
- github.com/chzyer/readline: [2972be2](https://github.com/chzyer/readline/tree/2972be2)
- github.com/chzyer/test: [a1ea475](https://github.com/chzyer/test/tree/a1ea475)
- github.com/cncf/udpa/go: [269d4d4](https://github.com/cncf/udpa/go/tree/269d4d4)
- github.com/docopt/docopt-go: [ee0de3b](https://github.com/docopt/docopt-go/tree/ee0de3b)
- github.com/go-gl/glfw/v3.3/glfw: [12ad95a](https://github.com/go-gl/glfw/v3.3/glfw/tree/12ad95a)
- github.com/google/renameio: [v0.1.0](https://github.com/google/renameio/tree/v0.1.0)
- github.com/ianlancetaylor/demangle: [5e5cf60](https://github.com/ianlancetaylor/demangle/tree/5e5cf60)
- github.com/kubernetes-csi/csi-test/v3: [v3.1.0](https://github.com/kubernetes-csi/csi-test/v3/tree/v3.1.0)
- github.com/robertkrimen/otto: [c382bd3](https://github.com/robertkrimen/otto/tree/c382bd3)
- github.com/rogpeppe/go-internal: [v1.3.0](https://github.com/rogpeppe/go-internal/tree/v1.3.0)
- golang.org/x/image: cff245a
- golang.org/x/mobile: d2bd2a2
- golang.org/x/mod: c90efee
- golang.org/x/xerrors: 9bdfabe
- google.golang.org/protobuf: v1.24.0
- gopkg.in/errgo.v2: v2.1.0
- gopkg.in/sourcemap.v1: v1.0.5
- k8s.io/klog/v2: v2.2.0
- rsc.io/binaryregexp: v0.2.0
- rsc.io/quote/v3: v3.1.0
- rsc.io/sampler: v1.3.0
- sigs.k8s.io/structured-merge-diff/v4: v4.0.1

### Changed
- cloud.google.com/go: v0.38.0 → v0.51.0
- github.com/Azure/go-autorest/autorest/adal: [v0.5.0 → v0.8.2](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.5.0...v0.8.2)
- github.com/Azure/go-autorest/autorest/date: [v0.1.0 → v0.2.0](https://github.com/Azure/go-autorest/autorest/date/compare/v0.1.0...v0.2.0)
- github.com/Azure/go-autorest/autorest/mocks: [v0.2.0 → v0.3.0](https://github.com/Azure/go-autorest/autorest/mocks/compare/v0.2.0...v0.3.0)
- github.com/Azure/go-autorest/autorest: [v0.9.0 → v0.9.6](https://github.com/Azure/go-autorest/autorest/compare/v0.9.0...v0.9.6)
- github.com/elazarl/goproxy: [c4fc265 → 947c36d](https://github.com/elazarl/goproxy/compare/c4fc265...947c36d)
- github.com/envoyproxy/go-control-plane: [5f8ba28 → v0.9.4](https://github.com/envoyproxy/go-control-plane/compare/5f8ba28...v0.9.4)
- github.com/evanphx/json-patch: [v4.5.0+incompatible → v4.9.0+incompatible](https://github.com/evanphx/json-patch/compare/v4.5.0...v4.9.0)
- github.com/fsnotify/fsnotify: [v1.4.7 → v1.4.9](https://github.com/fsnotify/fsnotify/compare/v1.4.7...v1.4.9)
- github.com/go-logr/logr: [v0.1.0 → v0.2.0](https://github.com/go-logr/logr/compare/v0.1.0...v0.2.0)
- github.com/gogo/protobuf: [65acae2 → v1.3.1](https://github.com/gogo/protobuf/compare/65acae2...v1.3.1)
- github.com/golang/groupcache: [5b532d6 → 215e871](https://github.com/golang/groupcache/compare/5b532d6...215e871)
- github.com/golang/mock: [v1.2.0 → v1.4.3](https://github.com/golang/mock/compare/v1.2.0...v1.4.3)
- github.com/golang/protobuf: [v1.3.2 → v1.4.2](https://github.com/golang/protobuf/compare/v1.3.2...v1.4.2)
- github.com/google/go-cmp: [v0.3.0 → v0.4.0](https://github.com/google/go-cmp/compare/v0.3.0...v0.4.0)
- github.com/google/gofuzz: [v1.0.0 → v1.1.0](https://github.com/google/gofuzz/compare/v1.0.0...v1.1.0)
- github.com/google/pprof: [3ea8567 → d4f498a](https://github.com/google/pprof/compare/3ea8567...d4f498a)
- github.com/googleapis/gax-go/v2: [v2.0.4 → v2.0.5](https://github.com/googleapis/gax-go/v2/compare/v2.0.4...v2.0.5)
- github.com/googleapis/gnostic: [v0.2.0 → v0.4.1](https://github.com/googleapis/gnostic/compare/v0.2.0...v0.4.1)
- github.com/imdario/mergo: [v0.3.7 → v0.3.9](https://github.com/imdario/mergo/compare/v0.3.7...v0.3.9)
- github.com/json-iterator/go: [v1.1.8 → v1.1.10](https://github.com/json-iterator/go/compare/v1.1.8...v1.1.10)
- github.com/jstemmer/go-junit-report: [af01ea7 → v0.9.1](https://github.com/jstemmer/go-junit-report/compare/af01ea7...v0.9.1)
- github.com/konsorten/go-windows-terminal-sequences: [v1.0.1 → v1.0.2](https://github.com/konsorten/go-windows-terminal-sequences/compare/v1.0.1...v1.0.2)
- github.com/kr/pretty: [v0.1.0 → v0.2.0](https://github.com/kr/pretty/compare/v0.1.0...v0.2.0)
- github.com/onsi/ginkgo: [v1.10.2 → v1.11.0](https://github.com/onsi/ginkgo/compare/v1.10.2...v1.11.0)
- github.com/onsi/gomega: [v1.7.0 → v1.7.1](https://github.com/onsi/gomega/compare/v1.7.0...v1.7.1)
- github.com/pkg/errors: [v0.8.1 → v0.9.1](https://github.com/pkg/errors/compare/v0.8.1...v0.9.1)
- github.com/sirupsen/logrus: [v1.2.0 → v1.4.2](https://github.com/sirupsen/logrus/compare/v1.2.0...v1.4.2)
- go.opencensus.io: v0.21.0 → v0.22.2
- golang.org/x/crypto: 60c769a → 75b2880
- golang.org/x/exp: 509febe → da58074
- golang.org/x/lint: d0100b6 → fdd1cda
- golang.org/x/net: c0dbc17 → ab34263
- golang.org/x/oauth2: 0f29369 → 858c2ad
- golang.org/x/sync: 1122301 → cd5d95a
- golang.org/x/sys: 0732a99 → ed371f2
- golang.org/x/text: v0.3.2 → v0.3.3
- golang.org/x/time: 9d24e82 → 555d28b
- golang.org/x/tools: 2c0ae70 → 7b8e75d
- google.golang.org/api: v0.4.0 → v0.15.0
- google.golang.org/appengine: v1.5.0 → v1.6.5
- google.golang.org/genproto: 5c49e3e → cb27e3a
- google.golang.org/grpc: v1.26.0 → v1.28.0
- gopkg.in/check.v1: 788fd78 → 41f04d3
- gopkg.in/yaml.v2: v2.2.4 → v2.2.8
- honnef.co/go/tools: ea95bdf → v0.0.1-2019.2.3
- k8s.io/api: v0.17.0 → v0.19.0
- k8s.io/apimachinery: v0.17.1-beta.0 → v0.19.0
- k8s.io/client-go: v0.17.0 → v0.19.0
- k8s.io/csi-translation-lib: v0.17.0 → v0.19.0
- k8s.io/gengo: 0689ccc → 3a45101
- k8s.io/kube-openapi: 30be4d1 → 6aeccd4
- k8s.io/utils: e782cd3 → d5654de
- sigs.k8s.io/yaml: v1.1.0 → v1.2.0

### Removed
- github.com/kubernetes-csi/csi-test: [v2.0.0+incompatible](https://github.com/kubernetes-csi/csi-test/tree/v2.0.0)
3 changes: 2 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
FROM gcr.io/distroless/static:latest
LABEL maintainers="Kubernetes Authors"
LABEL description="CSI External Attacher"
ARG binary=./bin/csi-attacher

COPY ./bin/csi-attacher csi-attacher
COPY ${binary} csi-attacher
ENTRYPOINT ["/csi-attacher"]
4 changes: 2 additions & 2 deletions Dockerfile.openshift
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
FROM registry.svc.ci.openshift.org/openshift/release:golang-1.13 AS builder
FROM registry.svc.ci.openshift.org/openshift/release:golang-1.15 AS builder
WORKDIR /go/src/github.com/kubernetes-csi/external-attacher
COPY . .
RUN make build

FROM registry.svc.ci.openshift.org/openshift/origin-v4.0:base
FROM registry.svc.ci.openshift.org/openshift/origin-v4.6:base
COPY --from=builder /go/src/github.com/kubernetes-csi/external-attacher/bin/csi-attacher /usr/bin/
ENTRYPOINT ["/usr/bin/csi-attacher"]
13 changes: 9 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

# CSI attacher

The external-attacher is a sidecar container that attaches volumes to nodes by calling `ControllerPublish` and `ControlerUnpublish` functions of CSI drivers. It is necessary because internal Attach/Detach controller running in Kubernetes controller-manager does not have any direct interfaces to CSI drivers.
The external-attacher is a sidecar container that attaches volumes to nodes by calling `ControllerPublish` and `ControllerUnpublish` functions of CSI drivers. It is necessary because internal Attach/Detach controller running in Kubernetes controller-manager does not have any direct interfaces to CSI drivers.

## Terminology

Expand All @@ -13,15 +13,16 @@ In Kubernetes, the term *attach* means 3rd party volume attachment to a node. Th
It is **not** an attach/detach operation performed by a code running on a node, such as an attachment of iSCSI or Fibre Channel volumes. These are typically performed during `NodeStage` and `NodeUnstage` CSI calls and are not done by the external-attacher.

## Overview

The external-attacher is an external controller that monitors `VolumeAttachment` objects created by controller-manager and attaches/detaches volumes to/from nodes (i.e. calls `ControllerPublish`/`ControllerUnpublish`. Full design can be found at Kubernetes proposal at [container-storage-interface.md](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/container-storage-interface.md)

## Compatibility

This information reflects the head of this branch.

| Compatible with CSI Version | Container Image | Min K8s Version | Recommended K8s Version |
| ------------------------------------------------------------------------------------------ | ----------------------------| --------------- | ----------------------- |
| [CSI Spec v1.2.0](https://github.com/container-storage-interface/spec/releases/tag/v1.2.0) | quay.io/k8scsi/csi-attacher | 1.14 | 1.18 |
| Compatible with CSI Version | Container Image | [Min K8s Version](https://kubernetes-csi.github.io/docs/kubernetes-compatibility.html#minimum-version) | [Recommended K8s Version](https://kubernetes-csi.github.io/docs/kubernetes-compatibility.html#recommended-version) |
| ------------------------------------------------------------------------------------------ | ------------------------------------| ---- | ---- |
| [CSI Spec v1.2.0](https://github.com/container-storage-interface/spec/releases/tag/v1.2.0) | k8s.gcr.io/sig-storage/csi-attacher | 1.17 | 1.17 |

## Feature Status

Expand Down Expand Up @@ -52,6 +53,7 @@ Note that the external-attacher does not scale with more replicas. Only one exte
### Command line options

#### Important optional arguments that are highly recommended to be used

* `--csi-address <path to CSI socket>`: This is the path to the CSI driver socket inside the pod that the external-attacher container will use to issue CSI operations (`/run/csi/socket` is used by default).

* `--leader-election`: Enables leader election. This is useful when there are multiple replicas of the same external-attacher running for one CSI driver. Only one of them may be active (=leader). A new leader will be re-elected when current leader dies or becomes unresponsive for ~15 seconds.
Expand All @@ -73,6 +75,7 @@ Note that the external-attacher does not scale with more replicas. Only one exte
* `--reconcile-sync`: Resync frequency of the attached volumes with the driver. See [Periodic re-sync](#periodic-re-sync) for details. 1 minute is used by default.

#### Other recognized arguments

* `--kubeconfig <path>`: Path to Kubernetes client configuration that the external-attacher uses to connect to Kubernetes API server. When omitted, default token provided by Kubernetes will be used. This option is useful only when the external-attacher does not run as a Kubernetes pod, e.g. for debugging.

* `--resync <duration>`: Internal resync interval when the external-attacher re-evaluates all existing `VolumeAttachment` instances and tries to fulfill them, i.e. attach / detach corresponding volumes. It does not affect re-tries of failed CSI calls! It should be used only when there is a bug in Kubernetes watch logic.
Expand All @@ -82,6 +85,7 @@ Note that the external-attacher does not scale with more replicas. Only one exte
* All glog / klog arguments are supported, such as `-v <log level>` or `-alsologtostderr`.

### CSI error and timeout handling

The external-attacher invokes all gRPC calls to CSI driver with timeout provided by `--timeout` command line argument (15 seconds by default).

* `ControllerPublish`: The call might have timed out just before the driver attached a volume and was sending a response. From that reason, timeouts from `ControllerPublish` is considered as "*volume may be attached*" or "*volume is being attached in the background*." The external-attacher will re-try calling `ControllerPublish` after exponential backoff until it gets either successful response or final (non-timeout) error that the volume cannot be attached.
Expand All @@ -92,6 +96,7 @@ The external-attacher invokes all gRPC calls to CSI driver with timeout provided
Correct timeout value depends on the storage backend and how quickly it is able to processes `ControllerPublish` and `ControllerUnpublish` calls. The value should be set to accommodate majority of them. It is fine if some calls time out - such calls will be re-tried after exponential backoff (starting with `--retry-interval-start`), however, this backoff will introduce delay when the call times out several times for a single volume (up to `--retry-interval-max`).

### Periodic re-sync

When CSI driver supports `LIST_VOLUMES` and `LIST_VOLUMES_PUBLISHED_NODES` capabilities, the external attacher periodically syncs volume attachments requested by Kubernetes with the actual state reported by CSI driver. Volumes detached by any 3rd party, but still required to be attached by Kubernetes, will be re-attached back. Frequency of this re-sync is controlled by `--reconcile-sync` command line parameter.

## Community, discussion, contribution, and support
Expand Down
1 change: 1 addition & 0 deletions cloudbuild.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
release-tools/cloudbuild.yaml
22 changes: 15 additions & 7 deletions cmd/csi-attacher/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,15 @@ import (
"k8s.io/client-go/tools/clientcmd"
"k8s.io/client-go/util/workqueue"
csitrans "k8s.io/csi-translation-lib"
"k8s.io/klog"
"k8s.io/klog/v2"

"github.com/container-storage-interface/spec/lib/go/csi"
"github.com/kubernetes-csi/csi-lib-utils/connection"
"github.com/kubernetes-csi/csi-lib-utils/leaderelection"
"github.com/kubernetes-csi/csi-lib-utils/metrics"
"github.com/kubernetes-csi/csi-lib-utils/rpc"
"github.com/kubernetes-csi/external-attacher/v2/pkg/attacher"
"github.com/kubernetes-csi/external-attacher/v2/pkg/controller"
"github.com/kubernetes-csi/external-attacher/pkg/attacher"
"github.com/kubernetes-csi/external-attacher/pkg/controller"
"google.golang.org/grpc"
)

Expand Down Expand Up @@ -154,8 +154,8 @@ func main() {
}
if supportsAttach {
pvLister := factory.Core().V1().PersistentVolumes().Lister()
vaLister := factory.Storage().V1beta1().VolumeAttachments().Lister()
csiNodeLister := factory.Storage().V1beta1().CSINodes().Lister()
vaLister := factory.Storage().V1().VolumeAttachments().Lister()
csiNodeLister := factory.Storage().V1().CSINodes().Lister()
volAttacher := attacher.NewAttacher(csiConn)
CSIVolumeLister := attacher.NewVolumeLister(csiConn)
handler = controller.NewCSIHandler(clientset, csiAttacher, volAttacher, CSIVolumeLister, pvLister, csiNodeLister, vaLister, timeout, supportsReadOnly, csitrans.New())
Expand All @@ -179,7 +179,7 @@ func main() {
clientset,
csiAttacher,
handler,
factory.Storage().V1beta1().VolumeAttachments(),
factory.Storage().V1().VolumeAttachments(),
factory.Core().V1().PersistentVolumes(),
workqueue.NewItemExponentialFailureRateLimiter(*retryIntervalStart, *retryIntervalMax),
workqueue.NewItemExponentialFailureRateLimiter(*retryIntervalStart, *retryIntervalMax),
Expand All @@ -196,9 +196,17 @@ func main() {
if !*enableLeaderElection {
run(context.TODO())
} else {
// Create a new clientset for leader election. When the attacher
// gets busy and its client gets throttled, the leader election
// can proceed without issues.
leClientset, err := kubernetes.NewForConfig(config)
if err != nil {
klog.Fatalf("Failed to create leaderelection client: %v", err)
}

// Name of config map with leader election lock
lockName := "external-attacher-leader-" + csiAttacher
le := leaderelection.NewLeaderElection(clientset, lockName, run)
le := leaderelection.NewLeaderElection(leClientset, lockName, run)

if *leaderElectionNamespace != "" {
le.WithNamespace(*leaderElectionNamespace)
Expand Down
7 changes: 5 additions & 2 deletions deploy/kubernetes/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,16 @@ metadata:
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch"]
verbs: ["get", "list", "watch", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
#Secret permission is optional.
#Enable it if you need value from secret.
#For example, you have key `csi.storage.k8s.io/controller-publish-secret-name` in StorageClass.parameters
Expand Down
Loading

0 comments on commit 0dda324

Please sign in to comment.