Introduce Controller with Create and Delete Volume capability. Adds support for Dynamic Provisioning via access points

.travis.yml

@@ -13,7 +13,5 @@ before_install:
 
 script:
  - make
- - go test -covermode=count -coverprofile=profile.cov $(go list ./pkg/... | grep -v /driver)
- # TODO stop skipping controller tests when controller is implemented
- - go test -covermode=count -coverprofile=profile.cov ./pkg/driver/... -ginkgo.skip='\[Controller.Server\]'
+ - go test -covermode=count -coverprofile=profile.cov ./pkg/...
  - $GOPATH/bin/goveralls -coverprofile=profile.cov -service=travis-ci

Makefile

@@ -49,9 +49,7 @@ verify:
 
 .PHONY: test
 test:
- go test -v -race $$(go list ./pkg/... | grep -v /driver)
- # TODO stop skipping controller tests when controller is implemented
- go test -v -race ./pkg/driver/... -ginkgo.skip='\[Controller.Server\]'
+ go test -v -race ./pkg/...
 
 .PHONY: test-e2e
 test-e2e:

cmd/main.go

@@ -28,13 +28,15 @@ import (
 
 func main() {
  var (
- endpoint = flag.String("endpoint", "unix://tmp/csi.sock", "CSI Endpoint")
- version = flag.Bool("version", false, "Print the version and exit")
- efsUtilsCfgDirPath = flag.String("efs-utils-config-dir-path", "/etc/amazon/efs/", "The path to efs-utils config directory")
- efsUtilsStaticFilesPath = flag.String("efs-utils-static-files-path", "/etc/amazon/efs-static-files/", "The path to efs-utils static files directory")
- volMetricsOptIn = flag.Bool("vol-metrics-opt-in", false, "Opt in to emit volume metrics")
- volMetricsRefreshPeriod = flag.Float64("vol-metrics-refresh-period", 240, "Refresh period for volume metrics in minutes")
- volMetricsFsRateLimit = flag.Int("vol-metrics-fs-rate-limit", 5, "Volume metrics routines rate limiter per file system")
+ endpoint = flag.String("endpoint", "unix://tmp/csi.sock", "CSI Endpoint")
+ version = flag.Bool("version", false, "Print the version and exit")
+ efsUtilsCfgDirPath = flag.String("efs-utils-config-dir-path", "/etc/amazon/efs/", "The path to efs-utils config directory")
+ efsUtilsStaticFilesPath = flag.String("efs-utils-static-files-path", "/etc/amazon/efs-static-files/", "The path to efs-utils static files directory")
+ volMetricsOptIn = flag.Bool("vol-metrics-opt-in", false, "Opt in to emit volume metrics")
+ volMetricsRefreshPeriod = flag.Float64("vol-metrics-refresh-period", 240, "Refresh period for volume metrics in minutes")
+ volMetricsFsRateLimit = flag.Int("vol-metrics-fs-rate-limit", 5, "Volume metrics routines rate limiter per file system")
+ deleteAccessPointRootDir = flag.Bool("delete-access-point-root-dir", false,
+ "Opt in to delete access point root directory by DeleteVolume. By default, DeleteVolume will delete the access point behind Persistent Volume and deleting access point will not delete the access point root directory or its contents.")
  )
  klog.InitFlags(nil)
  flag.Parse()
@@ -48,7 +50,7 @@ func main() {
  os.Exit(0)
  }
 
- drv := driver.NewDriver(*endpoint, *efsUtilsCfgDirPath, *efsUtilsStaticFilesPath, *volMetricsOptIn, *volMetricsRefreshPeriod, *volMetricsFsRateLimit)
+ drv := driver.NewDriver(*endpoint, *efsUtilsCfgDirPath, *efsUtilsStaticFilesPath, *volMetricsOptIn, *volMetricsRefreshPeriod, *volMetricsFsRateLimit, *deleteAccessPointRootDir)
  if err := drv.Run(); err != nil {
  klog.Fatalln(err)
  }

deploy/kubernetes/base/clusterrole-provisioner.yaml

@@ -0,0 +1,29 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: efs-csi-external-provisioner-role
+ labels:
+ app.kubernetes.io/name: aws-efs-csi-driver
+rules:
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "watch", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["list", "watch", "create", "update", "patch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["csinodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "watch", "list", "delete", "update", "create"]

deploy/kubernetes/base/clusterrolebinding-provisioner.yaml

@@ -0,0 +1,15 @@
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: efs-csi-provisioner-binding
+ labels:
+ app.kubernetes.io/name: aws-efs-csi-driver
+subjects:
+ - kind: ServiceAccount
+ name: efs-csi-controller-sa
+ namespace: kube-system
+roleRef:
+ kind: ClusterRole
+ name: efs-csi-external-provisioner-role
+ apiGroup: rbac.authorization.k8s.io

deploy/kubernetes/base/controller.yaml

@@ -0,0 +1,81 @@
+---
+# Controller Service
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: efs-csi-controller
+ namespace: kube-system
+ labels:
+ app.kubernetes.io/name: aws-efs-csi-driver
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ app: efs-csi-controller
+ app.kubernetes.io/name: aws-efs-csi-driver
+ template:
+ metadata:
+ labels:
+ app: efs-csi-controller
+ app.kubernetes.io/name: aws-efs-csi-driver
+ spec:
+ nodeSelector:
+ kubernetes.io/os: linux
+ serviceAccountName: efs-csi-controller-sa
+ priorityClassName: system-cluster-critical
+ tolerations:
+ - operator: Exists
+ containers:
+ - name: efs-plugin
+ securityContext:
+ privileged: true
+ image: amazon/aws-efs-csi-driver:latest
+ imagePullPolicy: IfNotPresent
+ args:
+ - --endpoint=$(CSI_ENDPOINT)
+ - --logtostderr
+ - --v=5
+ # Uncomment below line to allow access point root directory to be deleted by controller.
+ #- --delete-access-point-root-dir
+ env:
+ - name: CSI_ENDPOINT
+ value: unix:///var/lib/csi/sockets/pluginproxy/csi.sock
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /var/lib/csi/sockets/pluginproxy/
+ ports:
+ - name: healthz
+ containerPort: 9808
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 10
+ timeoutSeconds: 3
+ periodSeconds: 10
+ failureThreshold: 5
+ - name: csi-provisioner
+ image: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.2
+ args:
+ - --csi-address=$(ADDRESS)
+ - --v=5
+ - --feature-gates=Topology=true
+ - --leader-election
+ env:
+ - name: ADDRESS
+ value: /var/lib/csi/sockets/pluginproxy/csi.sock
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /var/lib/csi/sockets/pluginproxy/
+ - name: liveness-probe
+ image: quay.io/k8scsi/livenessprobe:v2.0.0
+ args:
+ - --csi-address=/csi/csi.sock
+ - --health-port=9808
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ volumes:
+ - name: socket-dir
+ emptyDir: {}

deploy/kubernetes/base/kustomization.yaml

@@ -2,5 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kube-system
 resources:
+- clusterrole-provisioner.yaml
+- clusterrolebinding-provisioner.yaml
 - node.yaml
 - csidriver.yaml
+- controller.yaml
+- serviceaccount-csi-controller.yaml

deploy/kubernetes/base/node.yaml

@@ -5,14 +5,18 @@ apiVersion: apps/v1
 metadata:
  name: efs-csi-node
  namespace: kube-system
+ labels:
+ app.kubernetes.io/name: aws-efs-csi-driver
 spec:
  selector:
  matchLabels:
  app: efs-csi-node
+ app.kubernetes.io/name: aws-efs-csi-driver
  template:
  metadata:
  labels:
  app: efs-csi-node
+ app.kubernetes.io/name: aws-efs-csi-driver
  spec:
  nodeSelector:
  kubernetes.io/os: linux

deploy/kubernetes/base/serviceaccount-csi-controller.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: efs-csi-controller-sa
+ namespace: kube-system
+ labels:
+ app.kubernetes.io/name: aws-efs-csi-driver
+ #Enable if EKS IAM for SA is used
+ #annotations:
+ # eks.amazonaws.com/role-arn: arn:aws:iam::111122223333:role/efs-csi-role

deploy/kubernetes/overlays/dev/master_image.yaml

@@ -3,6 +3,23 @@ apiVersion: apps/v1
 metadata:
  name: efs-csi-node
  namespace: kube-system
+ labels:
+ app.kubernetes.io/name: aws-efs-csi-driver
+spec:
+ template:
+ spec:
+ containers:
+ - name: efs-plugin
+ image: amazon/aws-efs-csi-driver:master
+ imagePullPolicy: Always
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: efs-csi-controller
+ namespace: kube-system
+ labels:
+ app.kubernetes.io/name: aws-efs-csi-driver
 spec:
  template:
  spec:

go.mod

@@ -3,8 +3,10 @@ module github.com/kubernetes-sigs/aws-efs-csi-driver
 require (
  github.com/aws/aws-sdk-go v1.31.2
  github.com/container-storage-interface/spec v1.2.0
- github.com/golang/mock v1.4.3
- github.com/kubernetes-csi/csi-test v2.2.0+incompatible
+ github.com/golang/mock v1.4.4
+ github.com/google/uuid v1.1.1
+ github.com/kubernetes-csi/csi-test v1.1.1
+ github.com/kubernetes-csi/csi-test/v3 v3.1.1 // indirect
  github.com/onsi/ginkgo v1.12.2
  github.com/onsi/gomega v1.10.1
  google.golang.org/grpc v1.26.0