kubernetes · vladimirvivien · Oct 25, 2017 · Oct 25, 2017 · saad-ali · Nov 17, 2017
diff --git a/cmd/kube-controller-manager/app/plugins.go b/cmd/kube-controller-manager/app/plugins.go
@@ -41,6 +41,7 @@ import (
 	"k8s.io/kubernetes/pkg/volume/azure_dd"
 	"k8s.io/kubernetes/pkg/volume/azure_file"
 	"k8s.io/kubernetes/pkg/volume/cinder"
+	"k8s.io/kubernetes/pkg/volume/csi"
 	"k8s.io/kubernetes/pkg/volume/fc"
 	"k8s.io/kubernetes/pkg/volume/flexvolume"
 	"k8s.io/kubernetes/pkg/volume/flocker"
@@ -79,6 +80,7 @@ func ProbeAttachableVolumePlugins() []volume.VolumePlugin {
 	allPlugins = append(allPlugins, fc.ProbeVolumePlugins()...)
 	allPlugins = append(allPlugins, iscsi.ProbeVolumePlugins()...)
 	allPlugins = append(allPlugins, rbd.ProbeVolumePlugins()...)
+	allPlugins = append(allPlugins, csi.ProbeVolumePlugins()...)
 	return allPlugins
 }
 
@@ -105,6 +107,7 @@ func ProbeExpandableVolumePlugins(config componentconfig.VolumeConfiguration) []
 	allPlugins = append(allPlugins, scaleio.ProbeVolumePlugins()...)
 	allPlugins = append(allPlugins, storageos.ProbeVolumePlugins()...)
 	allPlugins = append(allPlugins, fc.ProbeVolumePlugins()...)
+	allPlugins = append(allPlugins, csi.ProbeVolumePlugins()...)
 	return allPlugins
 }
 

diff --git a/cmd/kubelet/app/plugins.go b/cmd/kubelet/app/plugins.go
@@ -35,6 +35,7 @@ import (
 	"k8s.io/kubernetes/pkg/volume/cephfs"
 	"k8s.io/kubernetes/pkg/volume/cinder"
 	"k8s.io/kubernetes/pkg/volume/configmap"
+	"k8s.io/kubernetes/pkg/volume/csi"
 	"k8s.io/kubernetes/pkg/volume/downwardapi"
 	"k8s.io/kubernetes/pkg/volume/empty_dir"
 	"k8s.io/kubernetes/pkg/volume/fc"
@@ -96,6 +97,7 @@ func ProbeVolumePlugins() []volume.VolumePlugin {
 	allPlugins = append(allPlugins, scaleio.ProbeVolumePlugins()...)
 	allPlugins = append(allPlugins, local.ProbeVolumePlugins()...)
 	allPlugins = append(allPlugins, storageos.ProbeVolumePlugins()...)
+	allPlugins = append(allPlugins, csi.ProbeVolumePlugins()...)
 	return allPlugins
 }
 

diff --git a/hack/.golint_failures b/hack/.golint_failures
@@ -376,6 +376,7 @@ pkg/volume/azure_file
 pkg/volume/cephfs
 pkg/volume/cinder
 pkg/volume/configmap
+pkg/volume/csi/proto/csi/
 pkg/volume/empty_dir
 pkg/volume/fc
 pkg/volume/flexvolume

diff --git a/pkg/apis/core/types.go b/pkg/apis/core/types.go
@@ -391,6 +391,9 @@ type PersistentVolumeSource struct {
 	// More info: https://releases.k8s.io/HEAD/examples/volumes/storageos/README.md
 	// +optional
 	StorageOS *StorageOSPersistentVolumeSource
+	// CSI (Container Storage Interface) represents storage that handled by an external CSI driver
+	// +optional
+	CSI *CSIPersistentVolumeSource
 }
 
 type PersistentVolumeClaimVolumeSource struct {
@@ -1503,6 +1506,37 @@ type LocalVolumeSource struct {
 	Path string
 }
 
+// Represents storage that is managed by an external CSI volume driver
+type CSIPersistentVolumeSource struct {
+	// Driver is the name of the driver to use for this volume.
+	// Required.
+	Driver string
+
+	// VolumeHandle is the unique volume name returned by the CSI volume
+	// plugin’s CreateVolume to refer to the volume on all subsequent calls.
+	// Required.
+	VolumeHandle string
+
+	// Optional: MountSecretRef is a reference to the secret object containing
+	// sensitive information to pass to the CSI driver during NodePublish.
+	// This may be empty if no secret is required. If the secret object contains
+	// more than one secret, all secrets are passed.
+	// +optional
+	MountSecretRef *SecretReference
+
+	// Optional: AttachSecretRef is a reference to the secret object containing
+	// sensitive information to pass to the CSI driver during ControllerPublish.
+	// This may be empty if no secret is required. If the secret object contains
+	// more than one secret, all secrets are passed.
+	// +optional
+	AttachSecretRef *SecretReference
+
+	// Optional: The value to pass to ControllerPublishVolumeRequest.
+	// Defaults to false (read/write).
+	// +optional
+	ReadOnly bool
+}
+
 // ContainerPort represents a network port in a single container
 type ContainerPort struct {
 	// Optional: If specified, this must be an IANA_SVC_NAME  Each named port

diff --git a/pkg/apis/core/validation/validation.go b/pkg/apis/core/validation/validation.go
@@ -1318,6 +1318,19 @@ func validateStorageOSPersistentVolumeSource(storageos *core.StorageOSPersistent
 	return allErrs
 }
 
+func validateCSIPersistentVolumeSource(csi *api.CSIPersistentVolumeSource, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+	if len(csi.Driver) == 0 {
+		allErrs = append(allErrs, field.Required(fldPath.Child("driver"), ""))
+	}
+
+	if len(csi.VolumeHandle) == 0 {
+		allErrs = append(allErrs, field.Required(fldPath.Child("volumeHandle"), ""))
+	}
+
+	return allErrs
+}
+
 // ValidatePersistentVolumeName checks that a name is appropriate for a
 // PersistentVolumeName object.
 var ValidatePersistentVolumeName = NameIsDNSSubdomain
@@ -1541,6 +1554,15 @@ func ValidatePersistentVolume(pv *core.PersistentVolume) field.ErrorList {
 		}
 	}
 
+	if pv.Spec.CSI != nil {
+		if numVolumes > 0 {
+			allErrs = append(allErrs, field.Forbidden(specPath.Child("csi"), "may not specify more than 1 volume type"))
+		} else {
+			numVolumes++
+			allErrs = append(allErrs, validateCSIPersistentVolumeSource(pv.Spec.CSI, specPath.Child("csi"))...)
+		}
+	}
+
 	if numVolumes == 0 {
 		allErrs = append(allErrs, field.Required(specPath, "must specify a volume type"))
 	}

diff --git a/pkg/apis/core/validation/validation_test.go b/pkg/apis/core/validation/validation_test.go
@@ -1353,6 +1353,52 @@ func TestValidateGlusterfs(t *testing.T) {
 	}
 }
 
+func TestValidateCSIVolumeSource(t *testing.T) {
+	testCases := []struct {
+		name     string
+		csi      *api.CSIPersistentVolumeSource
+		errtype  field.ErrorType
+		errfield string
+	}{
+		{
+			name: "all required fields ok",
+			csi:  &api.CSIPersistentVolumeSource{Driver: "test-driver", VolumeHandle: "test-123", ReadOnly: true},
+		},
+		{
+			name: "with default values ok",
+			csi:  &api.CSIPersistentVolumeSource{Driver: "test-driver", VolumeHandle: "test-123"},
+		},
+		{
+			name:     "missing driver name",
+			csi:      &api.CSIPersistentVolumeSource{VolumeHandle: "test-123"},
+			errtype:  field.ErrorTypeRequired,
+			errfield: "driver",
+		},
+		{
+			name:     "missing volume handle",
+			csi:      &api.CSIPersistentVolumeSource{Driver: "my-driver"},
+			errtype:  field.ErrorTypeRequired,
+			errfield: "volumeHandle",
+		},
+	}
+
+	for i, tc := range testCases {
+		errs := validateCSIPersistentVolumeSource(tc.csi, field.NewPath("field"))
+
+		if len(errs) > 0 && tc.errtype == "" {
+			t.Errorf("[%d: %q] unexpected error(s): %v", i, tc.name, errs)
+		} else if len(errs) == 0 && tc.errtype != "" {
+			t.Errorf("[%d: %q] expected error type %v", i, tc.name, tc.errtype)
+		} else if len(errs) >= 1 {
+			if errs[0].Type != tc.errtype {
+				t.Errorf("[%d: %q] expected error type %v, got %v", i, tc.name, tc.errtype, errs[0].Type)
+			} else if !strings.HasSuffix(errs[0].Field, "."+tc.errfield) {
+				t.Errorf("[%d: %q] expected error on field %q, got %q", i, tc.name, tc.errfield, errs[0].Field)
+			}
+		}
+	}
+}
+
 // helper
 func newInt32(val int) *int32 {
 	p := new(int32)

diff --git a/pkg/apis/extensions/types.go b/pkg/apis/extensions/types.go
@@ -919,6 +919,7 @@ var (
 	Projected             FSType = "projected"
 	PortworxVolume        FSType = "portworxVolume"
 	ScaleIO               FSType = "scaleIO"
+	CSI                   FSType = "csi"
 	All                   FSType = "*"
 )
 

diff --git a/pkg/printers/internalversion/describe.go b/pkg/printers/internalversion/describe.go
@@ -1073,6 +1073,14 @@ func printFlockerVolumeSource(flocker *api.FlockerVolumeSource, w PrefixWriter)
 		flocker.DatasetName, flocker.DatasetUUID)
 }
 
+func printCSIPersistentVolumeSource(csi *api.CSIPersistentVolumeSource, w PrefixWriter) {
+	w.Write(LEVEL_2, "Type:\tCSI (a Container Storage Interface (CSI) volume source)\n"+
+		"    Driver:\t%v\n"+
+		"    VolumeHandle:\t%v\n",
+		"    ReadOnly:\t%v\n",
+		csi.Driver, csi.VolumeHandle, csi.ReadOnly)
+}
+
 type PersistentVolumeDescriber struct {
 	clientset.Interface
 }
@@ -1156,6 +1164,8 @@ func describePersistentVolume(pv *api.PersistentVolume, events *api.EventList) (
 			printFlexVolumeSource(pv.Spec.FlexVolume, w)
 		case pv.Spec.Flocker != nil:
 			printFlockerVolumeSource(pv.Spec.Flocker, w)
+		case pv.Spec.CSI != nil:
+			printCSIPersistentVolumeSource(pv.Spec.CSI, w)
 		default:
 			w.Write(LEVEL_1, "<unknown>\n")
 		}

diff --git a/pkg/security/podsecuritypolicy/util/util.go b/pkg/security/podsecuritypolicy/util/util.go
@@ -67,6 +67,7 @@ func GetAllFSTypesAsSet() sets.String {
 		string(extensions.Projected),
 		string(extensions.PortworxVolume),
 		string(extensions.ScaleIO),
+		string(extensions.CSI),
 	)
 	return fstypes
 }

diff --git a/pkg/volume/csi/csi_attacher.go b/pkg/volume/csi/csi_attacher.go
@@ -0,0 +1,147 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package csi
+
+import (
+	"crypto/sha256"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/golang/glog"
+
+	"k8s.io/api/core/v1"
+	storage "k8s.io/api/storage/v1alpha1"
+	meta "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/kubernetes/pkg/volume"
+)
+
+type csiAttacher struct {
+	plugin        *csiPlugin
+	k8s           kubernetes.Interface
+	waitSleepTime time.Duration
+}
+
+// volume.Attacher methods
+var _ volume.Attacher = &csiAttacher{}
+
+func (c *csiAttacher) Attach(spec *volume.Spec, nodeName types.NodeName) (string, error) {
+	if spec == nil {
+		return "", errors.New("missing spec")
+	}
+
+	if spec.PersistentVolume == nil {
+		return "", errors.New("missing persistent volume")
+	}
+
+	//	namespace := spec.PersistentVolume.GetObjectMeta().GetNamespace()
+	pvName := spec.PersistentVolume.GetName()
+	attachID := fmt.Sprintf("pv-%s", hashAttachmentName(pvName, string(nodeName)))
+
+	attachment := &storage.VolumeAttachment{
+		ObjectMeta: meta.ObjectMeta{
+			Name: attachID,
+			//	Namespace: namespace, TODO should VolumeAttachment namespaced ?
+		},
+		Spec: storage.VolumeAttachmentSpec{
+			NodeName: string(nodeName),
+			Attacher: csiPluginName,
+			Source: storage.VolumeAttachmentSource{
+				PersistentVolumeName: &pvName,
+			},
+		},
+	}
+	attach, err := c.k8s.StorageV1alpha1().VolumeAttachments().Create(attachment)
+	if err != nil {
+		glog.Error(log("attacher.Attach failed: %v", err))
+		return "", err
+	}
+	glog.V(4).Info(log("volume attachment sent: [%v]", attach.GetName()))
+
+	return attach.GetName(), nil
+}
+
+func (c *csiAttacher) WaitForAttach(spec *volume.Spec, attachID string, pod *v1.Pod, timeout time.Duration) (string, error) {
+	glog.V(4).Info(log("waiting for attachment update from CSI driver [attachment.ID=%v]", attachID))
+
+	source, err := getCSISourceFromSpec(spec)
+	if err != nil {
+		glog.Error(log("attach.WaitForAttach failed to get volume source: %v", err))
+		return "", err
+	}
+
+	ticker := time.NewTicker(c.waitSleepTime)
+	defer ticker.Stop()
+
+	timer := time.NewTimer(timeout)
+	defer timer.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			glog.V(4).Info(log("probing VolumeAttachment [id=%v]", attachID))
+			attach, err := c.k8s.StorageV1alpha1().VolumeAttachments().Get(attachID, meta.GetOptions{})
+			if err != nil {
+				// log error, but continue to check again
+				glog.Error(log("attacher.WaitForAttach failed (will continue to try): %v", err))
+			}
+			// attachment OK
+			if attach.Status.Attached {
+				return attachID, nil
+			}
+			// driver reports attach error
+			attachErr := attach.Status.AttachError
+			if attachErr != nil {
+				glog.Error(log("attachment for %v failed: %v", source.VolumeHandle, attachErr.Message))
+				return "", errors.New(attachErr.Message)
+			}
+		case <-timer.C:
+			glog.Error(log("attacher.WaitForAttach timeout after %v [volume=%v; attachment.ID=%v]", timeout, source.VolumeHandle, attachID))
+			return "", fmt.Errorf("attachment timeout for volume %v", source.VolumeHandle)
+		}
+
+	}
+}
+
+func (c *csiAttacher) VolumesAreAttached(specs []*volume.Spec, nodeName types.NodeName) (map[*volume.Spec]bool, error) {
+	return nil, errors.New("unimplemented")
+}
+
+func (c *csiAttacher) GetDeviceMountPath(spec *volume.Spec) (string, error) {
+	return "", errors.New("unimplemented")
+}
+
+func (c *csiAttacher) MountDevice(spec *volume.Spec, devicePath string, deviceMountPath string) error {
+	return errors.New("unimplemented")
+}
+
+var _ volume.Detacher = &csiAttacher{}
+
+func (c *csiAttacher) Detach(deviceName string, nodeName types.NodeName) error {
+	return errors.New("unimplemented")
+}
+
+func (c *csiAttacher) UnmountDevice(deviceMountPath string) error {
+	return errors.New("unimplemented")
+}
+
+func hashAttachmentName(pvName, nodeName string) string {
+	result := sha256.Sum256([]byte(fmt.Sprintf("%s%s", pvName, nodeName)))
+	return fmt.Sprintf("%x", result)
+}