controllers: fix issues found in recent testing

1. While setting SELinuxMount on CSIDriver we need to check for existence of value set in Nodeplugin before using it or else CSIDriver will reconile infinitely due to a spurious diff ``` (dlv) p desiredCsiDriver.Spec k8s.io/api/storage/v1.CSIDriverSpec { AttachRequired: *true, PodInfoOnMount: *false, VolumeLifecycleModes: []k8s.io/api/storage/v1.VolumeLifecycleMode len: 1, cap: 1, [ "Persistent", ], StorageCapacity: *false, FSGroupPolicy: *"File", TokenRequests: []k8s.io/api/storage/v1.TokenRequest len: 0, cap: 0, nil, RequiresRepublish: *false, SELinuxMount: *bool nil,} <=====> (dlv) p existingCsiDriver.Spec k8s.io/api/storage/v1.CSIDriverSpec { AttachRequired: *true, PodInfoOnMount: *false, VolumeLifecycleModes: []k8s.io/api/storage/v1.VolumeLifecycleMode len: 1, cap: 1, [ "Persistent", ], StorageCapacity: *false, FSGroupPolicy: *"File", TokenRequests: []k8s.io/api/storage/v1.TokenRequest len: 0, cap: 0, nil, RequiresRepublish: *false, SELinuxMount: *false,} <=====> ``` 2. We need to mount csi configmap in Nodeplugin as well 3. Topology feature gate should be `false` by default 4. Fix typo in CSI plugin roles Signed-off-by: Leela Venkaiah G <[email protected]>
ceph · Aug 2, 2024 · 8230041 · 8230041
1 parent e08591b
commit 8230041
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 6 deletions.
diff --git a/config/rbac/csi_cephfs_ctrlplugin_role_binding.yaml b/config/rbac/csi_cephfs_ctrlplugin_role_binding.yaml
@@ -8,5 +8,5 @@ subjects:
     namespace: system
 roleRef:
   kind: Role
-  name: csi-cephfs-ctrlplugin-role
+  name: csi-cephfs-ctrlplugin-r
   apiGroup: rbac.authorization.k8s.io
diff --git a/config/rbac/csi_rbd_ctrlplugin_role_binding.yaml b/config/rbac/csi_rbd_ctrlplugin_role_binding.yaml
@@ -8,5 +8,5 @@ subjects:
     namespace: system
 roleRef:
   kind: Role
-  name: csi-rbd-ctrlplugin-role
+  name: csi-rbd-ctrlplugin-r
   apiGroup: rbac.authorization.k8s.io
diff --git a/config/rbac/csi_rbd_nodeplugin_role_binding.yaml b/config/rbac/csi_rbd_nodeplugin_role_binding.yaml
@@ -8,5 +8,5 @@ subjects:
     namespace: system
 roleRef:
   kind: Role
-  name: csi-rbd-nodeplugin-role
+  name: csi-rbd-nodeplugin-r
   apiGroup: rbac.authorization.k8s.io
diff --git a/internal/controller/driver_controller.go b/internal/controller/driver_controller.go
@@ -348,13 +348,15 @@ func (r *driverReconcile) reconcileK8sCsiDriver() error {
 	)
 	desiredCsiDriver.Spec.FSGroupPolicy = ptr.To(
 		cmp.Or(
-			r.driver.Spec.FsGroupPolicy,
 			r.driver.Spec.FsGroupPolicy,
 			storagev1.FileFSGroupPolicy,
 		),
 	)
 	if nodePlugin := r.driver.Spec.NodePlugin; nodePlugin != nil {
-		desiredCsiDriver.Spec.SELinuxMount = nodePlugin.EnableSeLinuxHostMount
+		desiredCsiDriver.Spec.SELinuxMount = cmp.Or(
+			nodePlugin.EnableSeLinuxHostMount,
+			desiredCsiDriver.Spec.SELinuxMount,
+		)
 	}
 
 	ownerObjKey := client.ObjectKeyFromObject(&r.driver)
@@ -828,6 +830,7 @@ func (r *driverReconcile) reconcileNodePluginDeamonSet() error {
 										utils.LibModulesVolumeMount,
 										utils.KeysTmpDirVolumeMount,
 										utils.PluginDirVolumeMount,
+										utils.CsiConfigVolumeMount,
 										utils.PluginMountDirVolumeMount(kubeletDirPath),
 										utils.PodsMountDirVolumeMount(kubeletDirPath),
 									}
@@ -965,6 +968,7 @@ func (r *driverReconcile) reconcileNodePluginDeamonSet() error {
 							utils.HostRunMountVolume,
 							utils.LibModulesVolume,
 							utils.KeysTmpDirVolume,
+							utils.CsiConfigVolume,
 							utils.PluginDirVolume(kubeletDirPath, r.driver.Name),
 							utils.PluginMountDirVolume(kubeletDirPath),
 							utils.PodsMountDirVolume(kubeletDirPath),

diff --git a/internal/utils/csi.go b/internal/utils/csi.go
@@ -326,7 +326,9 @@ var PoolTimeContainerArg = "--polltime=60s"
 var ExtraCreateMetadataContainerArg = "--extra-create-metadata=true"
 var PreventVolumeModeConversionContainerArg = "--prevent-volume-mode-conversion=true"
 var HonorPVReclaimPolicyContainerArg = "--feature-gates=HonorPVReclaimPolicy=true"
-var TopologyContainerArg = "--feature-gates=Topology=true"
+
+// TODO: the value for this field should be based on "domainlabels" in RBD nodeplugin, so "false" here is temporary.
+var TopologyContainerArg = "--feature-gates=Topology=false"
 var RecoverVolumeExpansionFailureContainerArg = "--feature-gates=RecoverVolumeExpansionFailure=true"
 var EnableVolumeGroupSnapshotsContainerArg = "--enable-volume-group-snapshots=true"
 var ForceCephKernelClientContainerArg = "--forcecephkernelclient=true"