Merge pull request #462 from lipingxue/lipingx-vmc-part2

Make auth check interval configurable.
kubernetes-sigs · Oct 27, 2020 · b0c26c0 · b0c26c0
2 parents 2d00ec6 + 670f5dd
commit b0c26c0
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 6 deletions.
diff --git a/example/vanilla-k8s-block-driver/vsphere.conf b/example/vanilla-k8s-block-driver/vsphere.conf
@@ -1,6 +1,7 @@
 [Global]
 cluster-id = "unique-kubernetes-cluster-id"
 volumemigration-cr-cleanup-intervalinmin = "120"
+csi-auth-check-intervalinmin = "5"
 
 [VirtualCenter "1.2.3.4"]
 insecure-flag = "true"

diff --git a/pkg/common/config/config.go b/pkg/common/config/config.go
@@ -66,6 +66,9 @@ const (
 	// interval after which stale CnsVSphereVolumeMigration CRs will be cleaned up.
 	// Current default value is set to 2 hours
 	DefaultVolumeMigrationCRCleanupIntervalInMin = 120
+
+	// DefaultCSIAuthCheckIntervalInMin is the default time interval that to refresh DatastoreIgnoreMap
+	DefaultCSIAuthCheckIntervalInMin = 5
 )
 
 // Errors
@@ -336,6 +339,9 @@ func validateConfig(ctx context.Context, cfg *Config) error {
 	if cfg.Global.VolumeMigrationCRCleanupIntervalInMin == 0 {
 		cfg.Global.VolumeMigrationCRCleanupIntervalInMin = DefaultVolumeMigrationCRCleanupIntervalInMin
 	}
+	if cfg.Global.CSIAuthCheckIntervalInMin == 0 {
+		cfg.Global.CSIAuthCheckIntervalInMin = DefaultCSIAuthCheckIntervalInMin
+	}
 	return nil
 }
 

diff --git a/pkg/common/config/types.go b/pkg/common/config/types.go
@@ -51,6 +51,9 @@ type Config struct {
 		VCClientTimeout int `gcfg:"vc-client-timeout"`
 		// Cluster Distribution Name
 		ClusterDistribution string `gcfg:"cluster-distribution"`
+
+		//CSIAuthCheckIntervalInMin specifies the interval that the auth check for datastores will be trigger
+		CSIAuthCheckIntervalInMin int `gcfg:"csi-auth-check-intervalinmin"`
 	}
 
 	// Multiple sets of Net Permissions applied to all file shares

diff --git a/pkg/csi/service/common/authmanager.go b/pkg/csi/service/common/authmanager.go
@@ -103,10 +103,10 @@ func (authManager *AuthManager) refreshDatastoreIgnoreMap() {
 }
 
 // ComputeDatastoreIgnoreMap refreshes DatastoreIgnoreMapForBlockVolumes periodically
-func ComputeDatastoreIgnoreMap(authManager *AuthManager) {
+func ComputeDatastoreIgnoreMap(authManager *AuthManager, authCheckInterval int) {
 	log := logger.GetLoggerWithNoContext()
 	log.Info("auth manager: ComputeDatastoreIgnoreMap enter")
-	ticker := time.NewTicker(time.Duration(DefaultIgnoreDsIntervalInMinutes) * time.Minute)
+	ticker := time.NewTicker(time.Duration(authCheckInterval) * time.Minute)
 	for range ticker.C {
 		authManager.refreshDatastoreIgnoreMap()
 	}

diff --git a/pkg/csi/service/common/constants.go b/pkg/csi/service/common/constants.go
@@ -180,9 +180,6 @@ const (
 
 	// SysReadPriv is the privilege to view an entity
 	SysReadPriv = "System.Read"
-
-	// DefaultIgnoreDsIntervalInMinutes is the default interval to compute DatastoreIgnoreMap
-	DefaultIgnoreDsIntervalInMinutes = 5
 )
 
 // Supported container orchestrators

diff --git a/pkg/csi/service/vanilla/controller.go b/pkg/csi/service/vanilla/controller.go
@@ -181,7 +181,7 @@ func (c *controller) Init(config *cnsconfig.Config) error {
 			return err
 		}
 		c.authMgr = authMgr
-		go common.ComputeDatastoreIgnoreMap(authMgr.(*common.AuthManager))
+		go common.ComputeDatastoreIgnoreMap(authMgr.(*common.AuthManager), config.Global.CSIAuthCheckIntervalInMin)
 	}
 
 	watcher, err := fsnotify.NewWatcher()