Flexvolume Improvements

Dockerfile

@@ -17,4 +17,4 @@ FROM oraclelinux:7-slim
 COPY dist/oci-cloud-controller-manager /usr/local/bin/
 COPY dist/oci-flexvolume-driver /usr/local/bin/
 COPY dist/oci-volume-provisioner /usr/local/bin/
-COPY image/install.sh /usr/local/bin/install.sh
+COPY image/* /usr/local/bin/

image/install.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python
+
+# Copyright 2017 Oracle and/or its affiliates. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+from string import Template
+import subprocess
+import os.path
+import os
+from shutil import copyfile
+import base64
+import select
+
+parser = argparse.ArgumentParser()
+parser.add_argument("-c", "--cloud-config", dest="config", default="/etc/oci/cloud-provider.yaml")
+parser.add_argument("-d", "--driver-mount", dest="driver_mount", default="/flexmnt")
+
+options = parser.parse_args()
+
+VENDOR = "oracle"
+DRIVER = "oci"
+DRIVER_EXEC_PATH= "/usr/local/bin/oci-flexvolume-driver"
+
+DRIVER_DIRECTORY = "{}/{}~{}".format(options.driver_mount, VENDOR, DRIVER)
+
+LOG_FILE = "{}/oci_flexvolume_driver.log".format(DRIVER_DIRECTORY)
+
+
+def create_driver_directory():
+    if not os.path.isdir(DRIVER_DIRECTORY):
+        os.mkdir(DRIVER_DIRECTORY)
+
+def copy_driver_binary():
+    #Copy executable atomically
+    copyfile(DRIVER_EXEC_PATH, "{}/.{}".format(DRIVER_DIRECTORY, DRIVER))
+    os.rename("{}/.{}".format(DRIVER_DIRECTORY, DRIVER), "{}/{}".format(DRIVER_DIRECTORY, DRIVER))
+    os.chmod("{}/{}".format(DRIVER_DIRECTORY, DRIVER), 0755)
+
+def generate_kubeconfig():
+    script_path = os.path.abspath(os.path.dirname(__file__))
+    template_path = os.path.join(script_path, "kubeconfig.yml.template")
+    with open(template_path, "r") as template_file, open("/var/run/secrets/kubernetes.io/serviceaccount/ca.crt", "r") as ca_file, open("/var/run/secrets/kubernetes.io/serviceaccount/token", "r") as token_file: 
+        template = Template(template_file.read())
+        result = template.substitute({
+            "ca" : base64.b64encode(ca_file.read()),
+            "token" : token_file.read(),
+            "server" : "https://{}:{}".format(os.getenv("KUBERNETES_SERVICE_HOST", "0.0.0.0"), os.getenv("KUBERNETES_SERVICE_PORT", "443"))
+        })
+    with open("{}/kubeconfig".format(DRIVER_DIRECTORY),"w+") as kubeconfig:
+        kubeconfig.write(result)
+
+def create_log():
+    with open(LOG_FILE, "w+") as log:
+        log.write("---OCI FLEXVOLUME DRIVER---\n")
+
+def tail_log():
+    log_process = subprocess.Popen(['tail', '-F', LOG_FILE], stdout=subprocess.PIPE,stderr=subprocess.PIPE)
+    while True:
+        print log_process.stdout.readline()
+
+def copy_config_to_driver_dir():
+    if os.path.isfile(options.config):
+        copyfile(options.config, "{}/config.yaml".format(DRIVER_DIRECTORY))
+    else:
+        with open(LOG_FILE, "w+") as log:
+            log.write("Could not copy configuration from {}. Assuming worker node\n".format(options.config))
+
+create_driver_directory()
+copy_driver_binary()
+create_log()
+copy_config_to_driver_dir()
+generate_kubeconfig()
+tail_log()

image/kubeconfig.yml.template

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Config
+clusters:
+- name: default-cluster
+  cluster:
+    certificate-authority-data: $ca
+    server: $server
+contexts:
+- name: default-context
+  context:
+    cluster: default-cluster
+    namespace: default
+    user: default-user
+current-context: default-context
+users:
+- name: default-user
+  user:
+    token: $token

manifests/flexvolume-driver/oci-flexvolume-driver.yaml

@@ -35,13 +35,10 @@ spec:
         - name: config
           secret:
             secretName: oci-flexvolume-driver
-        - name: kubeconfig
-          secret:
-            secretName: oci-flexvolume-driver-kubeconfig
       containers:
         - name: oci-flexvolume-driver
           image: iad.ocir.io/oracle/cloud-provider-oci:latest
-          command: ["/bin/bash", "/usr/local/bin/install.sh"]
+          command: ["/usr/local/bin/install.py", "-c", "/tmp/config.yaml"]
           securityContext:
             privileged: true
           volumeMounts:
@@ -50,9 +47,6 @@ spec:
             - mountPath: /tmp
               name: config
               readOnly: true
-            - mountPath: /tmp2
-              name: kubeconfig
-              readOnly: true
 ---
 apiVersion: apps/v1
 kind: DaemonSet
@@ -80,7 +74,7 @@ spec:
       containers:
         - name: oci-flexvolume-driver
           image: iad.ocir.io/oracle/cloud-provider-oci:latest
-          command: ["/bin/bash", "/usr/local/bin/install.sh"]
+          command: ["/usr/local/bin/install.py"]
           securityContext:
             privileged: true
           volumeMounts:

pkg/cloudprovider/providers/oci/config/config.go

@@ -15,6 +15,7 @@
 package config
 
 import (
+	"github.com/oracle/oci-cloud-controller-manager/pkg/oci/instance/metadata"
 	"io"
 	"os"
 
@@ -43,14 +44,16 @@ type AuthConfig struct {
 	// The fields below are deprecated and remain purely for backwards compatibility.
 	// At some point these need to be removed.
 
-	// When set to true, clients will use an instance principal configuration provider
-	// and ignore auth fields.
+	// UseInstancePrincipals is DEPRECATED should use top-level UseInstancePrincipals
 	UseInstancePrincipals bool `yaml:"useInstancePrincipals"`
 	// CompartmentID is DEPRECATED and should be set on the top level Config
 	// struct.
 	CompartmentID string `yaml:"compartment"`
 	// PrivateKeyPassphrase is DEPRECATED in favour of Passphrase.
 	PrivateKeyPassphrase string `yaml:"key_passphrase"`
+
+	//Metadata service to help fill in certain fields
+	metadataSvc metadata.Interface
 }
 
 const (
@@ -99,13 +102,15 @@ type RateLimiterConfig struct {
 	RateLimitBucketWrite int     `yaml:"rateLimitBucketWrite"`
 }
 
-// Config holds the OCI cloud-provider config passed to Kubernetes compontents
+// Config holds the OCI cloud-provider config passed to Kubernetes components
 // via the --cloud-config option.
 type Config struct {
 	Auth         AuthConfig          `yaml:"auth"`
 	LoadBalancer *LoadBalancerConfig `yaml:"loadBalancer"`
 	RateLimiter  *RateLimiterConfig  `yaml:"rateLimiter"`
 
+	RegionKey string `yaml:"regionKey"`
+
 	// When set to true, clients will use an instance principal configuration provider and ignore auth fields.
 	UseInstancePrincipals bool `yaml:"useInstancePrincipals"`
 	// CompartmentID is the OCID of the Compartment within which the cluster
@@ -114,32 +119,76 @@ type Config struct {
 	// VCNID is the OCID of the Virtual Cloud Network (VCN) within which the
 	// cluster resides.
 	VCNID string `yaml:"vcn"`
+
+	//Metadata service to help fill in certain fields
+	metadataSvc metadata.Interface
 }
 
-// Complete the config applying defaults / overrides.
-func (c *Config) Complete() {
-	if c.LoadBalancer != nil && !c.LoadBalancer.Disabled && c.LoadBalancer.SecurityListManagementMode == "" {
-		c.LoadBalancer.SecurityListManagementMode = ManagementModeAll // default
-		if c.LoadBalancer.DisableSecurityListManagement {
+// Complete the load balancer config applying defaults / overrides.
+func (c *LoadBalancerConfig) Complete() {
+	if c.Disabled {
+		return
+	}
+	if len(c.SecurityListManagementMode) == 0 {
+		if c.DisableSecurityListManagement {
 			zap.S().Warnf("cloud-provider config: \"loadBalancer.disableSecurityListManagement\" is DEPRECATED and will be removed in a later release. Please set \"loadBalancer.SecurityListManagementMode: %s\".", ManagementModeNone)
-			c.LoadBalancer.SecurityListManagementMode = ManagementModeNone
+			c.SecurityListManagementMode = ManagementModeNone
+		} else {
+			c.SecurityListManagementMode = ManagementModeAll
+		}
+	}
+}
+
+// Complete the authentication config applying defaults / overrides.
+func (c *AuthConfig) Complete() {
+	if len(c.Passphrase) == 0 && len(c.PrivateKeyPassphrase) > 0 {
+		zap.S().Warn("cloud-provider config: auth.key_passphrase is DEPRECIATED and will be removed in a later release. Please set auth.passphrase instead.")
+		c.Passphrase = c.PrivateKeyPassphrase
+	}
+	if c.Region == "" || c.CompartmentID == "" {
+		meta, err := c.metadataSvc.Get()
+		if err != nil {
+			zap.S().Warn("cloud-provider config: Unable to access metadata on instance. Will not be able to complete configuration if items are missing")
+			return
+		}
+		if c.Region == "" {
+			c.Region = meta.CanonicalRegionName
+		}
+
+		if c.CompartmentID == "" {
+			c.CompartmentID = meta.CompartmentID
 		}
 	}
+}
 
+// Complete the top-level config applying defaults / overrides.
+func (c *Config) Complete() {
+	if c.LoadBalancer != nil {
+		c.LoadBalancer.Complete()
+	}
+	c.Auth.Complete()
 	// Ensure backwards compatibility fields are set correctly.
-	if c.CompartmentID == "" && c.Auth.CompartmentID != "" {
+	if len(c.CompartmentID) == 0 && len(c.Auth.CompartmentID) > 0 {
 		zap.S().Warn("cloud-provider config: \"auth.compartment\" is DEPRECATED and will be removed in a later release. Please set \"compartment\".")
 		c.CompartmentID = c.Auth.CompartmentID
 	}
-
-	if c.Auth.Passphrase == "" && c.Auth.PrivateKeyPassphrase != "" {
-		zap.S().Warn("cloud-provider config: \"auth.key_passphrase\" is DEPRECATED and will be removed in a later release. Please set \"auth.passphrase\".")
-		c.Auth.Passphrase = c.Auth.PrivateKeyPassphrase
+	if c.Auth.UseInstancePrincipals {
+		zap.S().Warn("cloud-provider config: \"auth.useInstancePrincipals\" is DEPRECATED and will be removed in a later release. Please set \"useInstancePrincipals\".")
+		c.UseInstancePrincipals = true
 	}
 
-	if c.Auth.UseInstancePrincipals == true {
-		zap.S().Warn("cloud-provider config: \"auth.useInstancePrincipals\" is DEPRECATED and will be removed in a later release. Please set \"auth.useInstancePrincipals\".")
-		c.UseInstancePrincipals = true
+	if len(c.RegionKey) == 0 {
+		if len(c.Auth.RegionKey) > 0 {
+			zap.S().Warn("cloud-provider config: \"auth.RegionKey\" is DEPRECATED and will be removed in a later release. Please set \"RegionKey\".")
+			c.RegionKey = c.Auth.RegionKey
+		} else {
+			meta, err := c.metadataSvc.Get()
+			if err != nil {
+				zap.S().Warn("cloud-provider config: Unable to access metadata on instance. Will not be able to complete configuration if items are missing")
+				return
+			}
+			c.RegionKey = meta.Region
+		}
 	}
 }
 
@@ -160,6 +209,8 @@ func ReadConfig(r io.Reader) (*Config, error) {
 		return nil, errors.Wrap(err, "unmarshalling cloud-provider config")
 	}
 
+	cfg.metadataSvc = metadata.New()
+	cfg.Auth.metadataSvc = cfg.metadataSvc
 	// Ensure defaults are correctly set
 	cfg.Complete()