Merge pull request kubernetes#111258 from dobsonj/kep-596-ga-feature-…

…flag KEP-596: Move CSIInlineVolume feature to GA
openshift · Aug 5, 2022 · 64ed914 · 64ed914
2 parents 1374391 + 0ee8fed
commit 64ed914
Show file tree

Hide file tree

Showing 25 changed files with 258 additions and 322 deletions.
diff --git a/cmd/kube-controller-manager/app/plugins.go b/cmd/kube-controller-manager/app/plugins.go
@@ -43,7 +43,6 @@ import (
 
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	persistentvolumeconfig "k8s.io/kubernetes/pkg/controller/volume/persistentvolume/config"
-	"k8s.io/kubernetes/pkg/features"
 	"k8s.io/utils/exec"
 )
 
@@ -128,10 +127,7 @@ func ProbeControllerVolumePlugins(cloud cloudprovider.Interface, config persiste
 	}
 
 	allPlugins = append(allPlugins, local.ProbeVolumePlugins()...)
-
-	if utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
-		allPlugins = append(allPlugins, csi.ProbeVolumePlugins()...)
-	}
+	allPlugins = append(allPlugins, csi.ProbeVolumePlugins()...)
 
 	return allPlugins, nil
 }

diff --git a/pkg/api/pod/util.go b/pkg/api/pod/util.go
@@ -542,8 +542,6 @@ func dropDisabledFields(
 
 	dropDisabledProcMountField(podSpec, oldPodSpec)
 
-	dropDisabledCSIVolumeSourceAlphaFields(podSpec, oldPodSpec)
-
 	dropDisabledTopologySpreadConstraintsFields(podSpec, oldPodSpec)
 	dropDisabledNodeInclusionPolicyFields(podSpec, oldPodSpec)
 	dropDisabledMatchLabelKeysField(podSpec, oldPodSpec)
@@ -593,16 +591,6 @@ func dropDisabledProcMountField(podSpec, oldPodSpec *api.PodSpec) {
 	}
 }
 
-// dropDisabledCSIVolumeSourceAlphaFields removes disabled alpha fields from []CSIVolumeSource.
-// This should be called from PrepareForCreate/PrepareForUpdate for all pod specs resources containing a CSIVolumeSource
-func dropDisabledCSIVolumeSourceAlphaFields(podSpec, oldPodSpec *api.PodSpec) {
-	if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) && !csiInUse(oldPodSpec) {
-		for i := range podSpec.Volumes {
-			podSpec.Volumes[i].CSI = nil
-		}
-	}
-}
-
 // dropDisabledNodeInclusionPolicyFields removes disabled fields from PodSpec related
 // to NodeInclusionPolicy only if it is not used by the old spec.
 func dropDisabledNodeInclusionPolicyFields(podSpec, oldPodSpec *api.PodSpec) {
@@ -734,19 +722,6 @@ func probeGracePeriodInUse(podSpec *api.PodSpec) bool {
 	return inUse
 }
 
-// csiInUse returns true if any pod's spec include inline CSI volumes.
-func csiInUse(podSpec *api.PodSpec) bool {
-	if podSpec == nil {
-		return false
-	}
-	for i := range podSpec.Volumes {
-		if podSpec.Volumes[i].CSI != nil {
-			return true
-		}
-	}
-	return false
-}
-
 // SeccompAnnotationForField takes a pod seccomp profile field and returns the
 // converted annotation value
 func SeccompAnnotationForField(field *api.SeccompProfile) string {

diff --git a/pkg/api/podsecuritypolicy/util.go b/pkg/api/podsecuritypolicy/util.go
@@ -28,9 +28,6 @@ func DropDisabledFields(pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) && !allowedProcMountTypesInUse(oldPSPSpec) {
 		pspSpec.AllowedProcMountTypes = nil
 	}
-	if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
-		pspSpec.AllowedCSIDrivers = nil
-	}
 }
 
 func allowedProcMountTypesInUse(oldPSPSpec *policy.PodSecurityPolicySpec) bool {

diff --git a/pkg/apis/core/types.go b/pkg/apis/core/types.go
@@ -154,7 +154,7 @@ type VolumeSource struct {
 	// StorageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod
 	// +optional
 	StorageOS *StorageOSVolumeSource
-	// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+	// CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.
 	// +optional
 	CSI *CSIVolumeSource
 	// Ephemeral represents a volume that is handled by a cluster storage driver.

diff --git a/pkg/apis/policy/types.go b/pkg/apis/policy/types.go
@@ -214,7 +214,6 @@ type PodSecurityPolicySpec struct {
 	AllowedFlexVolumes []AllowedFlexVolume
 	// AllowedCSIDrivers is an allowlist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
 	// An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
-	// This is a beta field, and is only honored if the API server enables the CSIInlineVolume feature gate.
 	// +optional
 	AllowedCSIDrivers []AllowedCSIDriver
 	// AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.

diff --git a/pkg/apis/storage/v1/defaults.go b/pkg/apis/storage/v1/defaults.go
@@ -57,7 +57,7 @@ func SetDefaults_CSIDriver(obj *storagev1.CSIDriver) {
 		obj.Spec.FSGroupPolicy = new(storagev1.FSGroupPolicy)
 		*obj.Spec.FSGroupPolicy = storagev1.ReadWriteOnceWithFSTypeFSGroupPolicy
 	}
-	if len(obj.Spec.VolumeLifecycleModes) == 0 && utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
+	if len(obj.Spec.VolumeLifecycleModes) == 0 {
 		obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1.VolumeLifecyclePersistent)
 	}
 	if obj.Spec.RequiresRepublish == nil {

diff --git a/pkg/apis/storage/v1/defaults_test.go b/pkg/apis/storage/v1/defaults_test.go
@@ -80,8 +80,6 @@ func TestSetDefaultVolumeBindingMode(t *testing.T) {
 }
 
 func TestSetDefaultCSIDriver(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
-
 	enabled := true
 	disabled := false
 	tests := []struct {

diff --git a/pkg/apis/storage/v1beta1/defaults.go b/pkg/apis/storage/v1beta1/defaults.go
@@ -57,7 +57,7 @@ func SetDefaults_CSIDriver(obj *storagev1beta1.CSIDriver) {
 		obj.Spec.FSGroupPolicy = new(storagev1beta1.FSGroupPolicy)
 		*obj.Spec.FSGroupPolicy = storagev1beta1.ReadWriteOnceWithFSTypeFSGroupPolicy
 	}
-	if len(obj.Spec.VolumeLifecycleModes) == 0 && utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
+	if len(obj.Spec.VolumeLifecycleModes) == 0 {
 		obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1beta1.VolumeLifecyclePersistent)
 	}
 	if obj.Spec.RequiresRepublish == nil {

diff --git a/pkg/apis/storage/v1beta1/defaults_test.go b/pkg/apis/storage/v1beta1/defaults_test.go
@@ -101,7 +101,6 @@ func TestSetDefaultStorageCapacityEnabled(t *testing.T) {
 }
 
 func TestSetDefaultVolumeLifecycleModesEnabled(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
 	driver := &storagev1beta1.CSIDriver{}
 
 	// field should be defaulted
@@ -115,21 +114,7 @@ func TestSetDefaultVolumeLifecycleModesEnabled(t *testing.T) {
 	}
 }
 
-func TestSetDefaultVolumeLifecycleModesDisabled(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, false)()
-	driver := &storagev1beta1.CSIDriver{}
-
-	// field should not be defaulted
-	output := roundTrip(t, runtime.Object(driver)).(*storagev1beta1.CSIDriver)
-	outModes := output.Spec.VolumeLifecycleModes
-	if outModes != nil {
-		t.Errorf("Expected VolumeLifecycleModes to remain nil, got: %+v", outModes)
-	}
-}
-
 func TestSetDefaultCSIDriver(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
-
 	enabled := true
 	disabled := false
 	tests := []struct {

diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go
@@ -97,6 +97,7 @@ const (
 	// owner: @pohly
 	// alpha: v1.14
 	// beta: v1.16
+	// GA: v1.25
 	//
 	// Enables CSI Inline volumes support for pods
 	CSIInlineVolume featuregate.Feature = "CSIInlineVolume"
@@ -903,7 +904,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
 
 	CPUManagerPolicyOptions: {Default: true, PreRelease: featuregate.Beta},
 
-	CSIInlineVolume: {Default: true, PreRelease: featuregate.Beta},
+	CSIInlineVolume: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27
 
 	CSIMigration: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.27
 

diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go
diff --git a/pkg/registry/storage/csidriver/strategy.go b/pkg/registry/storage/csidriver/strategy.go
@@ -47,9 +47,6 @@ func (csiDriverStrategy) NamespaceScoped() bool {
 // PrepareForCreate clears the fields for which the corresponding feature is disabled.
 func (csiDriverStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
 	csiDriver := obj.(*storage.CSIDriver)
-	if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
-		csiDriver.Spec.VolumeLifecycleModes = nil
-	}
 	if !utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) {
 		csiDriver.Spec.SELinuxMount = nil
 	}
@@ -81,11 +78,6 @@ func (csiDriverStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.
 	newCSIDriver := obj.(*storage.CSIDriver)
 	oldCSIDriver := old.(*storage.CSIDriver)
 
-	if oldCSIDriver.Spec.VolumeLifecycleModes == nil &&
-		!utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
-		newCSIDriver.Spec.VolumeLifecycleModes = nil
-	}
-
 	if oldCSIDriver.Spec.SELinuxMount == nil &&
 		!utilfeature.DefaultFeatureGate.Enabled(features.SELinuxMountReadWriteOncePod) {
 		newCSIDriver.Spec.SELinuxMount = nil

diff --git a/pkg/registry/storage/csidriver/strategy_test.go b/pkg/registry/storage/csidriver/strategy_test.go
@@ -79,72 +79,6 @@ func TestCSIDriverStrategy(t *testing.T) {
 	}
 }
 
-func TestCSIDriverPrepareForCreate(t *testing.T) {
-	ctx := genericapirequest.WithRequestInfo(genericapirequest.NewContext(), &genericapirequest.RequestInfo{
-		APIGroup:   "storage.k8s.io",
-		APIVersion: "v1",
-		Resource:   "csidrivers",
-	})
-
-	attachRequired := true
-	podInfoOnMount := true
-	storageCapacity := true
-	requiresRepublish := true
-
-	tests := []struct {
-		name       string
-		withInline bool
-	}{
-		{
-			name:       "inline enabled",
-			withInline: true,
-		},
-		{
-			name:       "inline disabled",
-			withInline: false,
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, test.withInline)()
-
-			csiDriver := &storage.CSIDriver{
-				ObjectMeta: metav1.ObjectMeta{
-					Name: "foo",
-				},
-				Spec: storage.CSIDriverSpec{
-					AttachRequired:  &attachRequired,
-					PodInfoOnMount:  &podInfoOnMount,
-					StorageCapacity: &storageCapacity,
-					VolumeLifecycleModes: []storage.VolumeLifecycleMode{
-						storage.VolumeLifecyclePersistent,
-					},
-					TokenRequests:     []storage.TokenRequest{},
-					RequiresRepublish: &requiresRepublish,
-				},
-			}
-			Strategy.PrepareForCreate(ctx, csiDriver)
-			errs := Strategy.Validate(ctx, csiDriver)
-			if len(errs) != 0 {
-				t.Errorf("unexpected validating errors: %v", errs)
-			}
-			if csiDriver.Spec.StorageCapacity == nil || *csiDriver.Spec.StorageCapacity != storageCapacity {
-				t.Errorf("StorageCapacity modified: %v", csiDriver.Spec.StorageCapacity)
-			}
-			if test.withInline {
-				if len(csiDriver.Spec.VolumeLifecycleModes) != 1 {
-					t.Errorf("VolumeLifecycleModes modified: %v", csiDriver.Spec)
-				}
-			} else {
-				if len(csiDriver.Spec.VolumeLifecycleModes) != 0 {
-					t.Errorf("VolumeLifecycleModes not stripped: %v", csiDriver.Spec)
-				}
-			}
-		})
-	}
-}
-
 func TestCSIDriverPrepareForUpdate(t *testing.T) {
 	ctx := genericapirequest.WithRequestInfo(genericapirequest.NewContext(), &genericapirequest.RequestInfo{
 		APIGroup:   "storage.k8s.io",
@@ -171,18 +105,6 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) {
 			},
 		},
 	}
-	driverWithEphemeral := &storage.CSIDriver{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "foo",
-		},
-		Spec: storage.CSIDriverSpec{
-			AttachRequired: &attachRequired,
-			PodInfoOnMount: &podInfoOnMount,
-			VolumeLifecycleModes: []storage.VolumeLifecycleMode{
-				storage.VolumeLifecycleEphemeral,
-			},
-		},
-	}
 	enabled := true
 	disabled := false
 	gcp := "gcp"
@@ -233,7 +155,6 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) {
 	tests := []struct {
 		name                                string
 		old, update                         *storage.CSIDriver
-		csiInlineVolumeEnabled              bool
 		seLinuxMountReadWriteOncePodEnabled bool
 		wantCapacity                        *bool
 		wantModes                           []storage.VolumeLifecycleMode
@@ -255,22 +176,9 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) {
 			wantCapacity: &disabled,
 		},
 		{
-			name:                   "inline feature enabled, before: none, update: persistent",
-			csiInlineVolumeEnabled: true,
-			old:                    driverWithNothing,
-			update:                 driverWithPersistent,
-			wantModes:              resultPersistent,
-		},
-		{
-			name:      "inline feature disabled, before: none, update: persistent",
+			name:      "inline feature enabled, before: none, update: persistent",
 			old:       driverWithNothing,
 			update:    driverWithPersistent,
-			wantModes: nil,
-		},
-		{
-			name:      "inline feature disabled, before: ephemeral, update: persistent",
-			old:       driverWithEphemeral,
-			update:    driverWithPersistent,
 			wantModes: resultPersistent,
 		},
 		{
@@ -333,7 +241,6 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) {
 
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
-			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, test.csiInlineVolumeEnabled)()
 			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.SELinuxMountReadWriteOncePod, test.seLinuxMountReadWriteOncePodEnabled)()
 
 			csiDriver := test.update.DeepCopy()

diff --git a/pkg/volume/csi/csi_attacher_test.go b/pkg/volume/csi/csi_attacher_test.go
@@ -249,7 +249,6 @@ func TestAttacherAttach(t *testing.T) {
 }
 
 func TestAttacherAttachWithInline(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
 	testCases := []struct {
 		name                string
 		nodeName            string
@@ -574,8 +573,6 @@ func TestAttacherWaitForAttach(t *testing.T) {
 }
 
 func TestAttacherWaitForAttachWithInline(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
-
 	tests := []struct {
 		name             string
 		driver           string
@@ -862,7 +859,6 @@ func TestAttacherVolumesAreAttached(t *testing.T) {
 }
 
 func TestAttacherVolumesAreAttachedWithInline(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
 	type attachedSpec struct {
 		volName  string
 		spec     *volume.Spec
@@ -1424,7 +1420,6 @@ func TestAttacherMountDevice(t *testing.T) {
 }
 
 func TestAttacherMountDeviceWithInline(t *testing.T) {
-	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.DelegateFSGroupToCSIDriver, true)()
 	pvName := "test-pv"
 	var testFSGroup int64 = 3000

diff --git a/pkg/volume/csi/csi_mounter.go b/pkg/volume/csi/csi_mounter.go
@@ -134,9 +134,6 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error
 
 	switch {
 	case volSrc != nil:
-		if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
-			return fmt.Errorf("CSIInlineVolume feature required")
-		}
 		if c.volumeLifecycleMode != storage.VolumeLifecycleEphemeral {
 			return fmt.Errorf("unexpected volume mode: %s", c.volumeLifecycleMode)
 		}
@@ -430,10 +427,6 @@ func (c *csiMountMgr) supportsFSGroup(fsType string, fsGroup *int64, driverPolic
 		}
 		return true
 	} else if c.spec.Volume != nil && c.spec.Volume.CSI != nil {
-		if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
-			klog.V(4).Info(log("mounter.SetupAt WARNING: skipping fsGroup, CSIInlineVolume feature required"))
-			return false
-		}
 		// Inline CSI volumes are always mounted with RWO AccessMode by SetUpAt
 		return true
 	}