Cleanup shared volume with rm command (#103)

* Add separate node selectors

.. for csi driver pods and pod killer cache.

* Bump CSI sidecar containers to recent versions

..update snapshot definitions (still need some more fine
tuning - integrate into csi-driver-templates, refine roles
rbacs and tie to csi service account, fix leader election etc)

* Bump helm unittest file

* Option to disable submission of delete files task

.. to remove PV(C) directory from the shared volume.

When disabled, rm -rf is used for cleanup via client
mount point.

* Bump configuration tests to latest modifyications

* Fix typos and cleanup

.. further move Quobyte version to 3 and 4

* Improve shared volume configuration

plus configuration documentation.

* Driver configuration Stringer

* Fix helm tests

Author: venkatsc

csi-driver-templates/k8s-snapshot-controller.yaml

@@ -1,4 +1,4 @@
-# https://github.com/kubernetes-csi/external-snapshotter/blob/v7.0.2/deploy/kubernetes/snapshot-controller
+# https://github.com/kubernetes-csi/external-snapshotter/blob/v8.3.0/deploy/kubernetes/snapshot-controller
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -32,7 +32,7 @@ rules:
     verbs: ["patch"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots"]
-    verbs: ["get", "list", "watch", "update", "patch", "delete"]
+    verbs: ["create", "get", "list", "watch", "update", "patch", "delete"]
   - apiGroups: ["snapshot.storage.k8s.io"]
     resources: ["volumesnapshots/status"]
     verbs: ["update", "patch"]
@@ -82,20 +82,6 @@ rules:
   resources: ["leases"]
   verbs: ["get", "watch", "list", "delete", "update", "create"]
 
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: snapshot-controller-leaderelection
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: snapshot-controller
-roleRef:
-  kind: Role
-  name: snapshot-controller-leaderelection
-  apiGroup: rbac.authorization.k8s.io
-
 ---
 kind: Deployment
 apiVersion: apps/v1
@@ -125,7 +111,7 @@ spec:
       serviceAccountName: snapshot-controller
       containers:
         - name: snapshot-controller
-          image: registry.k8s.io/sig-storage/snapshot-controller:v6.3.1
+          image: registry.k8s.io/sig-storage/snapshot-controller:v8.2.1
           args:
             - "--v=5"
             - "--leader-election=true"

csi-driver-templates/k8s-snapshot-crd.yaml

@@ -26,9 +26,9 @@ spec:
         app: quobyte-csi-controller-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
         role: quobyte-csi-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
     spec:
-    {{- if default "" .Values.quobyte.nodeSelector | trim }}
+    {{- if default "" .Values.quobyte.csiDriverNodeSelector | trim }}
       nodeSelector:
-        {{ .Values.quobyte.nodeSelector | trim }}
+        {{ .Values.quobyte.csiDriverNodeSelector | trim }}
     {{- end }}
       priorityClassName: system-cluster-critical
       serviceAccount: quobyte-csi-controller-sa-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}

csi-driver-templates/templates/pods/_quobyte_csi_controller_pod.tpl

@@ -19,9 +19,9 @@ spec:
         app: quobyte-csi-node-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
         role: quobyte-csi
     spec:
-    {{- if default "" .Values.quobyte.nodeSelector | trim }}
+    {{- if default "" .Values.quobyte.csiDriverNodeSelector | trim }}
       nodeSelector:
-        {{ .Values.quobyte.nodeSelector | trim }}
+        {{ .Values.quobyte.csiDriverNodeSelector | trim }}
     {{- end }}
       priorityClassName: system-node-critical
       serviceAccount: quobyte-csi-node-sa-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}

csi-driver-templates/templates/pods/_quobyte_csi_node_driver_pod.tpl

@@ -21,9 +21,9 @@ spec:
         app: quobyte-csi-pod-killer-cache-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
         role: quobyte-csi-pod-killer-cache-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
     spec:
-    {{- if default "" .Values.quobyte.nodeSelector | trim }}
+    {{- if default "" .Values.quobyte.podKillerCacheNodeSelector | trim }}
       nodeSelector:
-        {{ .Values.quobyte.nodeSelector | trim }}
+        {{ .Values.quobyte.podKillerCacheNodeSelector | trim }}
     {{- end }}
       priorityClassName: system-cluster-critical
       serviceAccount: quobyte-csi-pod-killer-cache-sa-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}

csi-driver-templates/templates/pods/_quobyte_csi_pod_killer_cache.tpl

@@ -24,7 +24,8 @@
     - "--quobyte_version={{ .Values.quobyte.version }}"
     - "--immediate_erase={{ .Values.quobyte.immediateErase }}"
     - "--use_k8s_namespace_as_tenant={{ .Values.quobyte.useK8SNamespaceAsTenant }}"
-    - "--shared_volumes_list={{ .Values.quobyte.sharedVolumesList }}"
+    - "--shared_volumes_list={{ join "," .Values.quobyte.sharedVolumesList }}"
+    - "--use_delete_files_task={{ .Values.quobyte.useDeleteFilesTaskForSharedVolumeCleanup }}"
     - "--role=controller"
   env:
     - name: NODE_ID

csi-driver-templates/templates/pods/containers/_quobyte_csi_controller_container.tpl

@@ -43,6 +43,35 @@ roleRef:
   kind: ClusterRole
   name: external-snapshotter-runner-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
   apiGroup: rbac.authorization.k8s.io
+
 ---
+{{- if gt (.Values.quobyte.csiControllerReplicas | toString | atoi) 1 }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  namespace: kube-system
+  name: external-snapshotter-leaderelection-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+{{- end }}
+
+---
+{{- if gt (.Values.quobyte.csiControllerReplicas | toString | atoi) 1 }}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: external-snapshotter-leaderelection-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: quobyte-csi-controller-sa-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
+    namespace: kube-system
+roleRef:
+  kind: Role
+  name: external-snapshotter-leaderelection-{{ .Values.quobyte.csiProvisionerName | replace "." "-"  }}
+  apiGroup: rbac.authorization.k8s.io
+  {{- end }}
   {{- end }}
 {{- end }}

csi-driver-templates/templates/pods/rbac/_sidecar_snapshotter_rbac.tpl

@@ -302,7 +302,7 @@ should render when resource limits are provided:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.1
+              image: registry.k8s.io/sig-storage/csi-provisioner:v5.3.0
               imagePullPolicy: IfNotPresent
               name: csi-provisioner
               resources:
@@ -318,7 +318,7 @@ should render when resource limits are provided:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-resizer:v1.8.1
+              image: registry.k8s.io/sig-storage/csi-resizer:v1.14.0
               imagePullPolicy: IfNotPresent
               name: csi-resizer
               resources:
@@ -334,7 +334,7 @@ should render when resource limits are provided:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-attacher:v4.5.1
+              image: registry.k8s.io/sig-storage/csi-attacher:v4.9.0
               imagePullPolicy: IfNotPresent
               name: csi-attacher
               resources:
@@ -350,7 +350,7 @@ should render when resource limits are provided:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.2
+              image: registry.k8s.io/sig-storage/csi-snapshotter:v8.3.0
               imagePullPolicy: IfNotPresent
               name: csi-snapshotter
               resources:
@@ -368,10 +368,11 @@ should render when resource limits are provided:
                 - --driver_name=csi.quobyte.com
                 - --driver_version=v2.1.6
                 - --enable_access_key_mounts=false
-                - --quobyte_version=3
+                - --quobyte_version=4
                 - --immediate_erase=false
                 - --use_k8s_namespace_as_tenant=false
                 - --shared_volumes_list=
+                - --use_delete_files_task=true
                 - --role=controller
               env:
                 - name: NODE_ID
@@ -514,7 +515,7 @@ should render when resource limits are provided:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
-              image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
+              image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.14.0
               imagePullPolicy: IfNotPresent
               lifecycle:
                 preStop:
@@ -541,7 +542,7 @@ should render when resource limits are provided:
                 - --driver_name=csi.quobyte.com
                 - --driver_version=v2.1.6
                 - --enable_access_key_mounts=false
-                - --quobyte_version=3
+                - --quobyte_version=4
                 - --immediate_erase=false
                 - --use_k8s_namespace_as_tenant=false
                 - --enable_volume_metrics=true
@@ -988,7 +989,7 @@ should render when tolerations are provided:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.1
+              image: registry.k8s.io/sig-storage/csi-provisioner:v5.3.0
               imagePullPolicy: IfNotPresent
               name: csi-provisioner
               volumeMounts:
@@ -1000,7 +1001,7 @@ should render when tolerations are provided:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-resizer:v1.8.1
+              image: registry.k8s.io/sig-storage/csi-resizer:v1.14.0
               imagePullPolicy: IfNotPresent
               name: csi-resizer
               volumeMounts:
@@ -1012,7 +1013,7 @@ should render when tolerations are provided:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-attacher:v4.5.1
+              image: registry.k8s.io/sig-storage/csi-attacher:v4.9.0
               imagePullPolicy: IfNotPresent
               name: csi-attacher
               volumeMounts:
@@ -1026,10 +1027,11 @@ should render when tolerations are provided:
                 - --driver_name=csi.quobyte.com
                 - --driver_version=v2.1.6
                 - --enable_access_key_mounts=false
-                - --quobyte_version=3
+                - --quobyte_version=4
                 - --immediate_erase=false
                 - --use_k8s_namespace_as_tenant=false
                 - --shared_volumes_list=
+                - --use_delete_files_task=true
                 - --role=controller
               env:
                 - name: NODE_ID
@@ -1172,7 +1174,7 @@ should render when tolerations are provided:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
-              image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
+              image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.14.0
               imagePullPolicy: IfNotPresent
               lifecycle:
                 preStop:
@@ -1195,7 +1197,7 @@ should render when tolerations are provided:
                 - --driver_name=csi.quobyte.com
                 - --driver_version=v2.1.6
                 - --enable_access_key_mounts=false
-                - --quobyte_version=3
+                - --quobyte_version=4
                 - --immediate_erase=false
                 - --use_k8s_namespace_as_tenant=false
                 - --enable_volume_metrics=true
@@ -1638,7 +1640,7 @@ should render with default values:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-provisioner:v4.0.1
+              image: registry.k8s.io/sig-storage/csi-provisioner:v5.3.0
               imagePullPolicy: IfNotPresent
               name: csi-provisioner
               volumeMounts:
@@ -1650,7 +1652,7 @@ should render with default values:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-resizer:v1.8.1
+              image: registry.k8s.io/sig-storage/csi-resizer:v1.14.0
               imagePullPolicy: IfNotPresent
               name: csi-resizer
               volumeMounts:
@@ -1662,7 +1664,7 @@ should render with default values:
               env:
                 - name: ADDRESS
                   value: /var/lib/csi/sockets/pluginproxy/csi.sock
-              image: registry.k8s.io/sig-storage/csi-attacher:v4.5.1
+              image: registry.k8s.io/sig-storage/csi-attacher:v4.9.0
               imagePullPolicy: IfNotPresent
               name: csi-attacher
               volumeMounts:
@@ -1676,10 +1678,11 @@ should render with default values:
                 - --driver_name=csi.quobyte.com
                 - --driver_version=v2.1.6
                 - --enable_access_key_mounts=false
-                - --quobyte_version=3
+                - --quobyte_version=4
                 - --immediate_erase=false
                 - --use_k8s_namespace_as_tenant=false
                 - --shared_volumes_list=
+                - --use_delete_files_task=true
                 - --role=controller
               env:
                 - name: NODE_ID
@@ -1818,7 +1821,7 @@ should render with default values:
                   valueFrom:
                     fieldRef:
                       fieldPath: spec.nodeName
-              image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
+              image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.14.0
               imagePullPolicy: IfNotPresent
               lifecycle:
                 preStop:
@@ -1841,7 +1844,7 @@ should render with default values:
                 - --driver_name=csi.quobyte.com
                 - --driver_version=v2.1.6
                 - --enable_access_key_mounts=false
-                - --quobyte_version=3
+                - --quobyte_version=4
                 - --immediate_erase=false
                 - --use_k8s_namespace_as_tenant=false
                 - --enable_volume_metrics=true

csi-driver-templates/tests/__snapshot__/csi_driver_test.yaml.snap

@@ -1,6 +1,6 @@
 quobyte:
-  # Quobyte cluster version (valid values - 2 for Quobyte 2.x/3 for Quobyte 3.x)
-  version: 3
+  # Quobyte cluster version (valid values - 2 for Quobyte 2.x/3 for Quobyte 3.x/4 for 4.x)
+  version: 4
   # apiURL should be of the form http(s)://<ip or resolvable host>:<port>
   # Example Quobyte API: http://hydrogen.quobyte.com:26801
   # The default below is ready to connect to a Quobyte api 
@@ -51,13 +51,21 @@ quobyte:
   # Set to true to schedule erase volume task immediately (supported by Quobyte 3.x)
   immediateErase: false
 
-  # Required only for Quobyte 2.x
-  # Specify list of shared volumes. Quobyte CSI driver allows volumes not listed here
-  # to be used as shared volumes (StorageClass.parameters.sharedVolumeName), however,
-  # driver does not cleanup volumes not mentioned here.
-  # Example, sharedVolumesList: "sharedVolume1,mySharedVolume,...,sharedVolumeN"
-  # Name or UUID of the shared volume (UUIDs are preferred to avoid name collisions)
-  sharedVolumesList: ""
+  # If you are creating PVCs at a rapid rate with reclaimPolicy: Delete,
+  # that leads to too many DELETE_FILES_IN_VOLUMES against the same Quobyte volume.
+  # In such setups set this flag to false, Quobyte CSI Driver removes the PVC using
+  # rm -rf via mount point (only few rm -rf run at a time)
+  useDeleteFilesTaskForSharedVolumeCleanup: true
+
+  # Specify list of shared volume UUIDs if useDeleteFilesTaskForSharedVolumeCleanup is set to false.
+  # Quobyte CSI driver allows volumes not listed here
+  # to be used as shared volumes (StorageClass.parameters.sharedVolumeName). However,
+  # driver does not cleanup volumes not mentioned here i.e. does not delete PVCs
+  # created inside the shared volumes that are not configured here.
+  sharedVolumesList:
+    # - <volumeUUID1>
+    # - <volumeUUID2>
+    # - <volumeUUIDN>
 
   # Set to 'false' if PVC/volume metrics (used/available/total bytes and inodes)
   # are not required to be exported as Prometheus metrics.
@@ -66,8 +74,12 @@ quobyte:
   # Quobyte CSI driver is only deployed on nodes with the specified label.
   # Empty means all the nodes in the k8s cluster i.e. no node selector will be used.
   # nodeSelector: "<node-label-name>: '<node-label-value>'"
-  nodeSelector: ""
-
+  # Example: csiDriverNodeSelector: "quobyteCsiDriverNode: 'true'"
+  csiDriverNodeSelector: ""
+  # Pod killer cache node selector - leaving it empty creates pod killer cache pod
+  # on any of the k8s node
+  # Example: podKillerCacheNodeSelector: "quobytePodCacheNode: 'true'"
+  podKillerCacheNodeSelector: ""
   podKiller:
     # To disable pod killer, uninstall current CSI driver (helm uninstall <chart-name>)
     # set enable: false and install CSI driver again
@@ -96,13 +108,13 @@ quobyte:
     # k8s sidecar containers (https://github.com/kubernetes-csi/)
     # Updating k8s...Image might require RBAC files update
     # https://github.com/quobyte/quobyte-csi/tree/master/quobyte-csi-driver/templates/pods/rbac
-    k8sProvisionerImage: "registry.k8s.io/sig-storage/csi-provisioner:v4.0.1"
-    k8sResizerImage: "registry.k8s.io/sig-storage/csi-resizer:v1.8.1"
-    k8sNodeRegistrarImage: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1"
-    k8sAttacherImage: "registry.k8s.io/sig-storage/csi-attacher:v4.5.1"
+    k8sProvisionerImage: "registry.k8s.io/sig-storage/csi-provisioner:v5.3.0"
+    k8sResizerImage: "registry.k8s.io/sig-storage/csi-resizer:v1.14.0"
+    k8sNodeRegistrarImage: "registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.14.0"
+    k8sAttacherImage: "registry.k8s.io/sig-storage/csi-attacher:v4.9.0"
     # when updating image for snapshotter, update snaptshotter setup CRD with
     # instructions in README (CRD should be pulled from matched release).
     # Additionally, ./quobyte-csi-driver/k8s-snapshot-controller.yaml
     # (see this file for source link) should be updated with appropriate version
     # files (Do NOT forget updating namespace to kube-system)
-    k8sSnapshotterImage: "registry.k8s.io/sig-storage/csi-snapshotter:v7.0.2"
+    k8sSnapshotterImage: "registry.k8s.io/sig-storage/csi-snapshotter:v8.3.0"

csi-driver-templates/values.yaml

@@ -50,7 +50,7 @@ The aim of these set of scripts is to enable CSI e2e test runs against internal
     or
 
     You can run with `TEST_CASE_DIR` that contains only CSI driver values.yaml to deploy the driver
-    (note that some defined values such as CSI image/pod killer images are overriden)
+    (note that some defined values such as CSI image/pod killer images are overridden)
 
 ## Cleanup