ephemeral mode check

[pohly]

What type of PR is this?
/kind api-change

What this PR does / why we need it:

This makes it safer to use ephemeral inline volumes (an alpha feature in 1.15) because it prevents accidental usage of a normal CSI driver for an ephemeral inline volume. The whitelisting of CSI drivers via a pod security policy would have the same effect, but might not be active in a cluster.

Special notes for your reviewer:

Which issue(s) this PR fixes:
Fixes: #79624
Related-to: #79983, which has been merged

Does this PR introduce a user-facing change?:

a CSI driver that supports ephemeral inline volumes must explicitly declare that by providing a CSIDriver object where the new "mode" field is set to "ephemeral" or "persistent+ephemeral"

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/20190122-csi-inline-volumes.md#driver-mode

[pohly]

/priority important-soon
/cc @vladimirvivien

[cwdsuzhou]

since we use defer in foreach，using t.Run is better

[pohly]

Right, good catch. Other tests already did that and I missed that this one doesn't. Will fix it.

[pohly]

Actually there was a t.Run, I just moved the code into the wrong spot. Fixed.

[pohly]

Before actually asking for an API review, I need to rebase and split the commit into smaller ones (just the API change, generated files, additional code and tests).

Right now I am just trying to find out what I might have missed (like updating some more generated files) and why the roundtrip test is failing.

[vladimirvivien]

Looking good, left comments for some minor issues.

[vladimirvivien]

This probably would be better as a isVolumeSuppoerted(driver, mode) (bool, error) Returns true if supported, false if not, and error if something went wrong while attempting to check.

[pohly]

I had that initially, but then there's no way to convey to the caller what the reason is when the mode isn't supported.

These two error message would have to be removed:
https://github.com/kubernetes/kubernetes/blob/1a14c40a538a6324f867420897d11b4378585941/pkg/volume/csi/csi_plugin.go#L812-L817

[vladimirvivien]

Please clarify in comment what the bool return param is for is for.

[pohly]

Will do. It tells the caller whether the returned string was explicitly set or is the default value. That's relevant when it comes to producing a good error message.

Would it be better to return the empty string for "not set" and drop the bool?

[pohly]

Would it be better to return the empty string for "not set" and drop the bool?

I changed it to that. @vladimirvivien: okay?

[vladimirvivien]

Should true be returned here since driver mode was set ?

[vladimirvivien]

Should false be returned since driver mode is not set. the boolean needs to be clarified I suppose.

[msau42]

/assign @msau42 @jsafrane

[msau42]

Validation for this new field needs to be added in https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/storage/validation/validation.go

[pohly]

Agreed, will add this. I just wanted to fix the roundtrip error first before working on making the API nicer to use.

[pohly]

Done.

[msau42]

I think this needs to be feature gated

[msau42]

We also need to drop the alpha field in PrepareForCreate, PrepareForUpdate calls in https://github.com/kubernetes/kubernetes/blob/master/pkg/registry/storage/csidriver/strategy.go. Take a look at this example

[pohly]

Okay. But will this help with the roundtrip problem?

[pohly]

And which part of that example are the hand-written files? They all come from bb45b8e#diff-da9973f9d53ca756ac31a053eb90161c, which includes everything in a single commit.

[msau42]

the entire strategy.go is a handwritten file

[msau42]

To fix the roundtripping test, I think we need to modify the fuzzer

[pohly]

I added the feature gate check to defaults.go and strategy.go. With the feature disabled, the roundtrip test passes, but of course breaks again when enabling it by default.

To fix the roundtripping test, I think we need to modify the fuzzer

Yes, that did the trick.

I'm going to squash the following change into the commit:

diff --git a/pkg/apis/storage/fuzzer/fuzzer.go b/pkg/apis/storage/fuzzer/fuzzer.go
index 2081ffe846..c205f2c4f7 100644
--- a/pkg/apis/storage/fuzzer/fuzzer.go
+++ b/pkg/apis/storage/fuzzer/fuzzer.go
@@ -46,6 +46,10 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
                                obj.Spec.PodInfoOnMount = new(bool)
                                *(obj.Spec.PodInfoOnMount) = false
                        }
+                       if obj.Spec.Mode == nil {
+                               obj.Spec.Mode = new(storage.CSIDriverMode)
+                               *obj.Spec.Mode = storage.PersistentDriverMode
+                       }
                },
        }
 }
diff --git a/pkg/apis/storage/v1beta1/defaults.go b/pkg/apis/storage/v1beta1/defaults.go
index 05bc6dbb3e..75acec10f3 100644
--- a/pkg/apis/storage/v1beta1/defaults.go
+++ b/pkg/apis/storage/v1beta1/defaults.go
@@ -20,6 +20,8 @@ import (
        "k8s.io/api/core/v1"
        storagev1beta1 "k8s.io/api/storage/v1beta1"
        "k8s.io/apimachinery/pkg/runtime"
+       utilfeature "k8s.io/apiserver/pkg/util/feature"
+       "k8s.io/kubernetes/pkg/features"
 )
 
 func addDefaultingFuncs(scheme *runtime.Scheme) error {
@@ -47,7 +49,7 @@ func SetDefaults_CSIDriver(obj *storagev1beta1.CSIDriver) {
                obj.Spec.PodInfoOnMount = new(bool)
                *(obj.Spec.PodInfoOnMount) = false
        }
-       if obj.Spec.Mode == nil {
+       if obj.Spec.Mode == nil && utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
                obj.Spec.Mode = new(storagev1beta1.CSIDriverMode)
                *(obj.Spec.Mode) = storagev1beta1.PersistentDriverMode
        }
diff --git a/pkg/registry/storage/csidriver/strategy.go b/pkg/registry/storage/csidriver/strategy.go
index 1f534b2e76..1b31a7b23a 100644
--- a/pkg/registry/storage/csidriver/strategy.go
+++ b/pkg/registry/storage/csidriver/strategy.go
@@ -22,9 +22,11 @@ import (
        "k8s.io/apimachinery/pkg/runtime"
        "k8s.io/apimachinery/pkg/util/validation/field"
        "k8s.io/apiserver/pkg/storage/names"
+       utilfeature "k8s.io/apiserver/pkg/util/feature"
        "k8s.io/kubernetes/pkg/api/legacyscheme"
        "k8s.io/kubernetes/pkg/apis/storage"
        "k8s.io/kubernetes/pkg/apis/storage/validation"
+       "k8s.io/kubernetes/pkg/features"
 )
 
 // csiDriverStrategy implements behavior for CSIDriver objects
@@ -41,8 +43,12 @@ func (csiDriverStrategy) NamespaceScoped() bool {
        return false
 }
 
-// ResetBeforeCreate clears the Status field which is not allowed to be set by end users on creation.
+// PrepareForCreate clears the Mode field if the corresponding feature is disabled.
 func (csiDriverStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
+       if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
+               csiDriver := obj.(*storage.CSIDriver)
+               csiDriver.Spec.Mode = nil
+       }
 }
 
 func (csiDriverStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
@@ -62,8 +68,12 @@ func (csiDriverStrategy) AllowCreateOnUpdate() bool {
        return false
 }
 
-// PrepareForUpdate sets the Status fields which is not allowed to be set by an end user updating a CSIDriver
+// PrepareForUpdate clears the Mode field if the corresponding feature is disabled.
 func (csiDriverStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
+       if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
+               newCSIDriver := obj.(*storage.CSIDriver)
+               newCSIDriver.Spec.Mode = nil
+       }
 }
 
 func (csiDriverStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {

[msau42]

/lgtm

[pohly]

@smarterclayton: ping - is the API okay?

[smarterclayton]

Need to remove the validation gating as Jordan described.

[kfox1111]

Is this the last thing needed to get ephemeral to beta?

[msau42]

@kfox1111 feature gate needs to be flipped + docs

[pohly]

/retest

[msau42]

/lgtm

[pohly]

@smarterclayton: sorry for the delay, I am on vacation and missed the new comments last week. The PR should now be as discussed.

[smarterclayton]

/approve

API change for alpha gated feature in 1.16 approved.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: msau42, pohly, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• api/OWNERS [smarterclayton]
• pkg/apis/OWNERS [smarterclayton]
• pkg/registry/OWNERS [smarterclayton]
• pkg/volume/csi/OWNERS [msau42,smarterclayton]
• staging/src/k8s.io/api/OWNERS [smarterclayton]
• test/e2e/storage/OWNERS [msau42,smarterclayton]
• test/e2e/testing-manifests/storage-csi/OWNERS [msau42,smarterclayton]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment