fix

cvvz · Aug 4, 2023 · 783cdaf · 783cdaf
1 parent 9c1d08a
commit 783cdaf
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 1 deletion.
diff --git a/charts/README.md b/charts/README.md
@@ -148,6 +148,7 @@ The following table lists the configurable parameters of the latest Azure Blob S
 | `linux.distro`                                        | configure ssl certificates for different Linux distribution(available values: `debian`, `fedora`)             | `debian`
 | `workloadIdentity.clientID` | client ID of workload identity | ''
 | `workloadIdentity.tenantID` | [optional] If the AAD application or user-assigned managed identity is not in the same tenant as the cluster then set tenantID with the AAD application or user-assigned managed identity tenant ID | ''
+| `node.enableAZNFS` | enable [AZNFS mount helper](https://github.com/Azure/AZNFS-mount/) for NFS protocol | true
 
 ## troubleshooting
  - Add `--wait -v=5 --debug` in `helm install` command to get detailed error

diff --git a/charts/latest/blob-csi-driver-v0.0.0.tgz b/charts/latest/blob-csi-driver-v0.0.0.tgz
diff --git a/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml b/charts/latest/blob-csi-driver/templates/csi-blob-node.yaml
@@ -35,7 +35,9 @@ spec:
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
       {{- end }}
+      {{- if or .Values.node.enableBlobfuseProxy .Values.node.enableAZNFS }}
       hostPID: true
+      {{- end }}
       hostNetwork: true
       dnsPolicy: Default
       serviceAccountName: {{ .Values.serviceAccount.node }}
@@ -168,6 +170,7 @@ spec:
             - "--append-timestamp-cache-dir={{ .Values.node.appendTimeStampInCacheDir }}"
             - "--mount-permissions={{ .Values.node.mountPermissions }}"
             - "--allow-inline-volume-key-access-with-idenitity={{ .Values.node.allowInlineVolumeKeyAccessWithIdentity }}"
+            - "--enable-aznfs={{ .Values.node.enableAZNFS }}"
           ports:
             - containerPort: {{ .Values.node.livenessProbe.healthPort }}
               name: healthz
@@ -236,9 +239,12 @@ spec:
               mountPath: /etc/pki/ca-trust/extracted
               readOnly: true
             {{- end }}
+            {{- if .Values.node.enableAZNFS }}
             - mountPath: /opt/microsoft/aznfs/data
               name: aznfs-data
+            {{- end }}
           resources: {{- toYaml .Values.node.resources.blob | nindent 12 }}
+{{- if .Values.node.enableAZNFS }}
         - name: aznfswatchdog
 {{- if hasPrefix "/" .Values.image.blob.repository }}
           image: "{{ .Values.image.baseRepo }}{{ .Values.image.blob.repository }}:{{ .Values.image.blob.tag }}"
@@ -250,12 +256,14 @@ spec:
           imagePullPolicy: {{ .Values.image.blob.pullPolicy }}
           securityContext:
             privileged: true
+          resources: {{- toYaml .Values.node.resources.aznfswatchdog | nindent 12 }}
           volumeMounts:
             - mountPath: /opt/microsoft/aznfs/data
               name: aznfs-data
             - mountPath: {{ .Values.linux.kubelet }}/
               mountPropagation: Bidirectional
               name: mountpoint-dir
+{{- end }}
       volumes:
 {{- if .Values.node.enableBlobfuseProxy }}
         - name: host-usr
@@ -297,10 +305,12 @@ spec:
           hostPath:
             path: /etc/pki/ca-trust/extracted
         {{- end }}
+        {{- if .Values.node.enableAZNFS }}
         - hostPath:
             path: /opt/microsoft/aznfs/data
             type: DirectoryOrCreate
           name: aznfs-data
+        {{- end }}
       {{- if .Values.securityContext }}
       securityContext: {{- toYaml .Values.securityContext | nindent 8 }}
       {{- end }}
diff --git a/charts/latest/blob-csi-driver/values.yaml b/charts/latest/blob-csi-driver/values.yaml
@@ -145,10 +145,17 @@ node:
       requests:
         cpu: 10m
         memory: 20Mi
+    aznfswatchdog:
+      limits:
+        memory: 100Mi
+      requests:
+        cpu: 10m
+        memory: 20Mi
   affinity: {}
   nodeSelector: {}
   tolerations:
     - operator: "Exists"
+  enableAZNFS: true
 
 feature:
   fsGroupPolicy: ReadWriteOnceWithFSType

diff --git a/pkg/blob/blob.go b/pkg/blob/blob.go
@@ -169,6 +169,7 @@ type DriverOptions struct {
 	MountPermissions                       uint64
 	KubeAPIQPS                             float64
 	KubeAPIBurst                           int
+	EnableAZNFS                            bool
 }
 
 // Driver implements all interfaces of CSI drivers
@@ -193,6 +194,7 @@ type Driver struct {
 	mountPermissions                       uint64
 	kubeAPIQPS                             float64
 	kubeAPIBurst                           int
+	enableAZNFS                            bool
 	mounter                                *mount.SafeFormatAndMount
 	volLockMap                             *util.LockMap
 	// A map storing all volumes with ongoing operations so that additional operations
@@ -230,6 +232,7 @@ func NewDriver(options *DriverOptions) *Driver {
 		mountPermissions:                       options.MountPermissions,
 		kubeAPIQPS:                             options.KubeAPIQPS,
 		kubeAPIBurst:                           options.KubeAPIBurst,
+		enableAZNFS:                            options.EnableAZNFS,
 	}
 	d.Name = options.DriverName
 	d.Version = driverVersion

diff --git a/pkg/blob/nodeserver.go b/pkg/blob/nodeserver.go
@@ -314,10 +314,15 @@ func (d *Driver) NodeStageVolume(ctx context.Context, req *csi.NodeStageVolumeRe
 		klog.V(2).Infof("target %v\nprotocol %v\n\nvolumeId %v\ncontext %v\nmountflags %v\nserverAddress %v",
 			targetPath, protocol, volumeID, attrib, mountFlags, serverAddress)
 
+		mountType := AZNFS
+		if !d.enableAZNFS {
+			mountType = NFS
+		}
+
 		source := fmt.Sprintf("%s:/%s/%s", serverAddress, accountName, containerName)
 		mountOptions := util.JoinMountOptions(mountFlags, []string{"sec=sys,vers=3,nolock"})
 		if err := wait.PollImmediate(1*time.Second, 2*time.Minute, func() (bool, error) {
-			return true, d.mounter.MountSensitive(source, targetPath, AZNFS, mountOptions, []string{})
+			return true, d.mounter.MountSensitive(source, targetPath, mountType, mountOptions, []string{})
 		}); err != nil {
 			var helpLinkMsg string
 			if d.appendMountErrorHelpLink {

diff --git a/pkg/blobplugin/main.go b/pkg/blobplugin/main.go
@@ -58,6 +58,7 @@ var (
 	kubeAPIQPS                             = flag.Float64("kube-api-qps", 25.0, "QPS to use while communicating with the kubernetes apiserver.")
 	kubeAPIBurst                           = flag.Int("kube-api-burst", 50, "Burst to use while communicating with the kubernetes apiserver.")
 	appendMountErrorHelpLink               = flag.Bool("append-mount-error-help-link", true, "Whether to include a link for help with mount errors when a mount error occurs.")
+	enableAZNFS                            = flag.Bool("enable-aznfs", true, "enable aznfs")
 )
 
 func main() {
@@ -97,6 +98,7 @@ func handle() {
 		AppendMountErrorHelpLink:               *appendMountErrorHelpLink,
 		KubeAPIQPS:                             *kubeAPIQPS,
 		KubeAPIBurst:                           *kubeAPIBurst,
+		EnableAZNFS:                            *enableAZNFS,
 	}
 	driver := blob.NewDriver(&driverOptions)
 	if driver == nil {