Merge pull request #160 from mpatlasov/rebase-v1.10.0

STOR-1573: Rebase `external-resizer` to v1.10.0 for OCP 4.16

CHANGELOG/CHANGELOG-1.10.md

@@ -0,0 +1,100 @@
+# Release notes for 1.10.0
+
+[Documentation](https://kubernetes-csi.github.io)
+
+# Changelog since 1.9.0
+
+## Changes by Kind
+
+### Feature
+
+- Add Modify Volume Support for VolumeAttributesClass, this requires:
+  1. The feature requies Kubernetes 1.29 cluster
+  2. The feature gate VolumeAttributesClass and API to be enabled in Kubernetes cluster
+  3. The feature gate VolumeAttributesClass feature gate enabled in external-resizer ([#351](https://github.com/kubernetes-csi/external-resizer/pull/351), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu))
+
+### Bug or Regression
+
+- CVE fixes: CVE-2023-44487 ([#340](https://github.com/kubernetes-csi/external-resizer/pull/340), [@dannawang0221](https://github.com/dannawang0221))
+
+### Uncategorized
+
+- Added support structured logging ([#330](https://github.com/kubernetes-csi/external-resizer/pull/330), [@saku3](https://github.com/saku3))
+- Fix panic in recovery path if marking pvc as resize in progress fails ([#246](https://github.com/kubernetes-csi/external-resizer/pull/246), [@gnufied](https://github.com/gnufied))
+- Update kubernetes dependencies to v1.29.0 ([#364](https://github.com/kubernetes-csi/external-resizer/pull/364), [@sunnylovestiramisu](https://github.com/sunnylovestiramisu))
+
+## Dependencies
+
+### Added
+- github.com/benbjohnson/clock: [v1.1.0](https://github.com/benbjohnson/clock/tree/v1.1.0)
+- golang.org/x/lint: 1621716
+
+### Changed
+- cloud.google.com/go/compute: v1.15.1 → v1.23.0
+- github.com/cncf/xds/go: [06c439d → e9ce688](https://github.com/cncf/xds/go/compare/06c439d...e9ce688)
+- github.com/container-storage-interface/spec: [v1.8.0 → v1.9.0](https://github.com/container-storage-interface/spec/compare/v1.8.0...v1.9.0)
+- github.com/emicklei/go-restful/v3: [v3.9.0 → v3.11.0](https://github.com/emicklei/go-restful/v3/compare/v3.9.0...v3.11.0)
+- github.com/envoyproxy/go-control-plane: [v0.10.3 → v0.11.1](https://github.com/envoyproxy/go-control-plane/compare/v0.10.3...v0.11.1)
+- github.com/envoyproxy/protoc-gen-validate: [v0.9.1 → v1.0.2](https://github.com/envoyproxy/protoc-gen-validate/compare/v0.9.1...v1.0.2)
+- github.com/fsnotify/fsnotify: [v1.6.0 → v1.7.0](https://github.com/fsnotify/fsnotify/compare/v1.6.0...v1.7.0)
+- github.com/go-logr/logr: [v1.2.4 → v1.3.0](https://github.com/go-logr/logr/compare/v1.2.4...v1.3.0)
+- github.com/golang/glog: [v1.0.0 → v1.1.2](https://github.com/golang/glog/compare/v1.0.0...v1.1.2)
+- github.com/google/cel-go: [v0.16.0 → v0.17.7](https://github.com/google/cel-go/compare/v0.16.0...v0.17.7)
+- github.com/google/go-cmp: [v0.5.9 → v0.6.0](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)
+- github.com/google/uuid: [v1.3.0 → v1.3.1](https://github.com/google/uuid/compare/v1.3.0...v1.3.1)
+- github.com/gorilla/websocket: [v1.4.2 → v1.5.0](https://github.com/gorilla/websocket/compare/v1.4.2...v1.5.0)
+- github.com/grpc-ecosystem/grpc-gateway/v2: [v2.7.0 → v2.16.0](https://github.com/grpc-ecosystem/grpc-gateway/v2/compare/v2.7.0...v2.16.0)
+- github.com/kubernetes-csi/csi-lib-utils: [v0.14.0 → v0.17.0](https://github.com/kubernetes-csi/csi-lib-utils/compare/v0.14.0...v0.17.0)
+- github.com/onsi/ginkgo/v2: [v2.9.4 → v2.13.0](https://github.com/onsi/ginkgo/v2/compare/v2.9.4...v2.13.0)
+- github.com/onsi/gomega: [v1.27.6 → v1.29.0](https://github.com/onsi/gomega/compare/v1.27.6...v1.29.0)
+- github.com/stretchr/testify: [v1.8.2 → v1.8.4](https://github.com/stretchr/testify/compare/v1.8.2...v1.8.4)
+- github.com/yuin/goldmark: [v1.2.1 → v1.4.13](https://github.com/yuin/goldmark/compare/v1.2.1...v1.4.13)
+- go.etcd.io/bbolt: v1.3.7 → v1.3.8
+- go.etcd.io/etcd/api/v3: v3.5.9 → v3.5.10
+- go.etcd.io/etcd/client/pkg/v3: v3.5.9 → v3.5.10
+- go.etcd.io/etcd/client/v2: v2.305.9 → v2.305.10
+- go.etcd.io/etcd/client/v3: v3.5.9 → v3.5.10
+- go.etcd.io/etcd/pkg/v3: v3.5.9 → v3.5.10
+- go.etcd.io/etcd/raft/v3: v3.5.9 → v3.5.10
+- go.etcd.io/etcd/server/v3: v3.5.9 → v3.5.10
+- go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.35.0 → v0.44.0
+- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.35.1 → v0.44.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel/metric: v0.31.0 → v1.19.0
+- go.opentelemetry.io/otel/sdk: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel/trace: v1.10.0 → v1.19.0
+- go.opentelemetry.io/otel: v1.10.0 → v1.19.0
+- go.opentelemetry.io/proto/otlp: v0.19.0 → v1.0.0
+- go.uber.org/goleak: v1.2.1 → v1.1.10
+- golang.org/x/crypto: v0.11.0 → v0.15.0
+- golang.org/x/net: v0.13.0 → v0.18.0
+- golang.org/x/oauth2: v0.8.0 → v0.13.0
+- golang.org/x/sync: v0.2.0 → v0.4.0
+- golang.org/x/sys: v0.10.0 → v0.14.0
+- golang.org/x/term: v0.10.0 → v0.14.0
+- golang.org/x/text: v0.11.0 → v0.14.0
+- golang.org/x/tools: v0.8.0 → v0.12.0
+- google.golang.org/appengine: v1.6.7 → v1.6.8
+- google.golang.org/genproto/googleapis/api: dd9d682 → d307bd8
+- google.golang.org/genproto/googleapis/rpc: 28d5490 → bbf56f3
+- google.golang.org/genproto: 0005af6 → d783a09
+- google.golang.org/grpc: v1.54.0 → v1.60.1
+- google.golang.org/protobuf: v1.30.0 → v1.31.0
+- k8s.io/api: v0.28.0 → v0.29.0
+- k8s.io/apimachinery: v0.28.0 → v0.29.0
+- k8s.io/apiserver: v0.28.0 → v0.29.0
+- k8s.io/client-go: v0.28.0 → v0.29.0
+- k8s.io/component-base: v0.28.0 → v0.29.0
+- k8s.io/csi-translation-lib: v0.28.0 → v0.29.0
+- k8s.io/gengo: 485abfe → 9cce18d
+- k8s.io/klog/v2: v2.100.1 → v2.110.1
+- k8s.io/kms: v0.28.0 → v0.29.0
+- k8s.io/kube-openapi: 2695361 → 2dd684a
+- k8s.io/utils: d93618c → 3b25d92
+- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.1.2 → v0.28.0
+- sigs.k8s.io/structured-merge-diff/v4: v4.2.3 → v4.4.1
+
+### Removed
+- github.com/google/gnostic: [v0.5.7-v3refs](https://github.com/google/gnostic/tree/v0.5.7-v3refs)
+- go.opentelemetry.io/otel/exporters/otlp/internal/retry: v1.10.0

README.md

@@ -22,10 +22,11 @@ Various external-resizer releases come with different alpha / beta features.
 
 The following table reflects the head of this branch.
 
-| Feature           | Status  | Default | Description                                                                                                                   |
-| ----------------- | ------- | ------- | ----------------------------------------------------------------------------------------------------------------------------- |
-| VolumeExpansion   | Beta    | On      | [Support for expanding CSI volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#csi-volume-expansion).    |
-| ReadWriteOncePod  | Alpha   | Off     | [Single pod access mode for PersistentVolumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). |
+| Feature                | Status  | Default | Description                                                                                                                   |
+| ---------------------- | ------- | ------- | ----------------------------------------------------------------------------------------------------------------------------- |
+| VolumeExpansion        | Stable  | On      | [Support for expanding CSI volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#csi-volume-expansion).    |
+| ReadWriteOncePod       | Stable  | On      | [Single pod access mode for PersistentVolumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes). |
+| VolumeAttributesClass  | Alpha   | Off     | [Volume Attributes Classes](https://kubernetes.io/docs/concepts/storage/volume-attributes-classes).                           |
 
 ## Usage
 

cmd/csi-resizer/main.go

@@ -35,6 +35,9 @@ import (
 
 	"github.com/kubernetes-csi/csi-lib-utils/leaderelection"
 	"github.com/kubernetes-csi/external-resizer/pkg/controller"
+	"github.com/kubernetes-csi/external-resizer/pkg/features"
+	"github.com/kubernetes-csi/external-resizer/pkg/modifier"
+	"github.com/kubernetes-csi/external-resizer/pkg/modifycontroller"
 	"github.com/kubernetes-csi/external-resizer/pkg/resizer"
 	"github.com/kubernetes-csi/external-resizer/pkg/util"
 	csitrans "k8s.io/csi-translation-lib"
@@ -44,6 +47,11 @@ import (
 	"k8s.io/client-go/informers"
 	cflag "k8s.io/component-base/cli/flag"
 	"k8s.io/klog/v2"
+
+	"k8s.io/component-base/featuregate"
+	"k8s.io/component-base/logs"
+	logsapi "k8s.io/component-base/logs/api/v1"
+	_ "k8s.io/component-base/logs/json/register"
 )
 
 var (
@@ -82,26 +90,34 @@ var (
 
 func main() {
 	flag.Var(cflag.NewMapStringBool(&featureGates), "feature-gates", "A set of key=value paris that describe feature gates for alpha/experimental features for csi external resizer."+"Options are:\n"+strings.Join(utilfeature.DefaultFeatureGate.KnownFeatures(), "\n"))
-	klog.InitFlags(nil)
-	flag.Set("logtostderr", "true")
+	fg := featuregate.NewFeatureGate()
+	logsapi.AddFeatureGates(fg)
+	c := logsapi.NewLoggingConfiguration()
+	logsapi.AddGoFlags(c, flag.CommandLine)
+	logs.InitLogs()
 	flag.Parse()
+	if err := logsapi.ValidateAndApply(c, fg); err != nil {
+		klog.ErrorS(err, "LoggingConfiguration is invalid")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
+	}
 
 	if *showVersion {
 		fmt.Println(os.Args[0], version)
 		os.Exit(0)
 	}
-	klog.Infof("Version : %s", version)
+	klog.InfoS("Version", "version", version)
 
 	if *metricsAddress != "" && *httpEndpoint != "" {
-		klog.Error("only one of `--metrics-address` and `--http-endpoint` can be set.")
-		os.Exit(1)
+		klog.ErrorS(nil, "Only one of `--metrics-address` and `--http-endpoint` can be set.")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 	addr := *metricsAddress
 	if addr == "" {
 		addr = *httpEndpoint
 	}
 	if err := utilfeature.DefaultMutableFeatureGate.SetFromMap(featureGates); err != nil {
-		klog.Fatal(err)
+		klog.ErrorS(err, "Failed to set feature gates")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 
 	var config *rest.Config
@@ -112,15 +128,17 @@ func main() {
 		config, err = rest.InClusterConfig()
 	}
 	if err != nil {
-		klog.Fatal(err.Error())
+		klog.ErrorS(err, "Failed to create cluster config")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 
 	config.QPS = float32(*kubeAPIQPS)
 	config.Burst = *kubeAPIBurst
 
 	kubeClient, err := kubernetes.NewForConfig(config)
 	if err != nil {
-		klog.Fatal(err.Error())
+		klog.ErrorS(err, "Failed to create kube client")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 
 	informerFactory := informers.NewSharedInformerFactory(kubeClient, *resyncPeriod)
@@ -131,45 +149,60 @@ func main() {
 
 	csiClient, err := csi.New(*csiAddress, *timeout, metricsManager)
 	if err != nil {
-		klog.Fatal(err.Error())
+		klog.ErrorS(err, "Failed to create CSI client")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 
 	driverName, err := getDriverName(csiClient, *timeout)
 	if err != nil {
-		klog.Fatal(fmt.Errorf("get driver name failed: %v", err))
+		klog.ErrorS(err, "Get driver name failed")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
-	klog.V(2).Infof("CSI driver name: %q", driverName)
+	klog.V(2).InfoS("CSI driver name", "driverName", driverName)
 
 	translator := csitrans.New()
 	if translator.IsMigratedCSIDriverByName(driverName) {
 		metricsManager = metrics.NewCSIMetricsManagerWithOptions(driverName, metrics.WithMigration())
 		migratedCsiClient, err := csi.New(*csiAddress, *timeout, metricsManager)
 		if err != nil {
-			klog.Fatal(err.Error())
+			klog.ErrorS(err, "Failed to create MigratedCSI client")
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}
 		csiClient.CloseConnection()
 		csiClient = migratedCsiClient
 	}
 
 	csiResizer, err := resizer.NewResizerFromClient(
+		csiClient,
+		*timeout,
+		kubeClient,
+		driverName)
+	if err != nil {
+		klog.ErrorS(err, "Failed to create CSI resizer")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
+	}
+
+	csiModifier, err := modifier.NewModifierFromClient(
 		csiClient,
 		*timeout,
 		kubeClient,
 		informerFactory,
 		driverName)
 	if err != nil {
-		klog.Fatal(err.Error())
+		klog.ErrorS(err, "Failed to create CSI modifier")
+		klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 	}
 
 	// Start HTTP server for metrics + leader election healthz
 	if addr != "" {
 		metricsManager.RegisterToServer(mux, *metricsPath)
 		metricsManager.SetDriverName(driverName)
 		go func() {
-			klog.Infof("ServeMux listening at %q", addr)
+			klog.InfoS("ServeMux listening", "address", addr)
 			err := http.ListenAndServe(addr, mux)
 			if err != nil {
-				klog.Fatalf("Failed to start HTTP server at specified address (%q) and metrics path (%q): %s", addr, *metricsPath, err)
+				klog.ErrorS(err, "Failed to start HTTP server", "address", addr, "metricsPath", *metricsPath)
+				klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 			}
 		}()
 	}
@@ -178,10 +211,21 @@ func main() {
 	rc := controller.NewResizeController(resizerName, csiResizer, kubeClient, *resyncPeriod, informerFactory,
 		workqueue.NewItemExponentialFailureRateLimiter(*retryIntervalStart, *retryIntervalMax),
 		*handleVolumeInUseError)
+	modifierName := csiModifier.Name()
+	var mc modifycontroller.ModifyController
+	// Add modify controller only if the feature gate is enabled
+	if utilfeature.DefaultFeatureGate.Enabled(features.VolumeAttributesClass) {
+		mc = modifycontroller.NewModifyController(modifierName, csiModifier, kubeClient, *resyncPeriod, informerFactory,
+			workqueue.NewItemExponentialFailureRateLimiter(*retryIntervalStart, *retryIntervalMax))
+	}
+
 	run := func(ctx context.Context) {
 		informerFactory.Start(wait.NeverStop)
-		rc.Run(*workers, ctx)
-
+		go rc.Run(*workers, ctx)
+		if utilfeature.DefaultFeatureGate.Enabled(features.VolumeAttributesClass) {
+			go mc.Run(*workers, ctx)
+		}
+		<-ctx.Done()
 	}
 
 	if !*enableLeaderElection {
@@ -190,7 +234,8 @@ func main() {
 		lockName := "external-resizer-" + util.SanitizeName(resizerName)
 		leKubeClient, err := kubernetes.NewForConfig(config)
 		if err != nil {
-			klog.Fatal(err.Error())
+			klog.ErrorS(err, "Failed to create leKubeClient")
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}
 		le := leaderelection.NewLeaderElection(leKubeClient, lockName, run)
 		if *httpEndpoint != "" {
@@ -206,7 +251,8 @@ func main() {
 		le.WithRetryPeriod(*leaderElectionRetryPeriod)
 
 		if err := le.Run(); err != nil {
-			klog.Fatalf("error initializing leader election: %v", err)
+			klog.ErrorS(err, "Error initializing leader election")
+			klog.FlushAndExit(klog.ExitFlushTimeout, 1)
 		}
 	}
 }

deploy/kubernetes/rbac.yaml

@@ -42,6 +42,10 @@ rules:
   - apiGroups: [""]
     resources: ["events"]
     verbs: ["list", "watch", "create", "update", "patch"]
+  # only required if enabling the alpha volume modify feature
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattributesclasses"]
+    verbs: ["get", "list", "watch"]
 
 ---
 kind: ClusterRoleBinding