add support for VolumeAttributeClasses

enabled by enabling ControllerModifyVolume functionality via new shoot annotation.
gardener · Oct 11, 2024 · c6202f5 · c6202f5
1 parent d0639b9
commit c6202f5
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 6 deletions.
diff --git a/...ernal/seed-controlplane/charts/csi-driver-controller/templates/csi-driver-controller.yaml b/...ernal/seed-controlplane/charts/csi-driver-controller/templates/csi-driver-controller.yaml
@@ -49,6 +49,14 @@ spec:
         - --logtostderr
         - --v=3
         - --enable-storage-pools
+        {{- if .Values.csiDriver.storage }}
+        {{- if .Values.csiDriver.storage.supportsDynamicIopsProvisioning }}
+        - --supports-dynamic-iops-provisioning={{ range $storageType := .Values.csiDriver.storage.supportsDynamicIopsProvisioning }}{{ $storageType }},{{ end }}
+        {{- end }}
+        {{- if .Values.csiDriver.storage.supportsDynamicThroughputProvisioning }}
+        - --supports-dynamic-throughput-provisioning={{ range $storageType := .Values.csiDriver.storage.supportsDynamicThroughputProvisioning }}{{ $storageType }},{{ end }}
+        {{- end }}
+        {{- end }}
         env:
         - name: CSI_ENDPOINT
           value: unix://{{ .Values.socketPath }}/csi.sock
@@ -84,7 +92,9 @@ spec:
         args:
         - --csi-address=$(ADDRESS)
         - --kubeconfig=/var/run/secrets/gardener.cloud/shoot/generic-kubeconfig/kubeconfig
-        - --feature-gates=Topology=true
+        {{- if .Values.csiProvisioner.featureGates }}
+        - --feature-gates={{ range $feature, $enabled := .Values.csiProvisioner.featureGates }}{{ $feature }}={{ $enabled }},{{ end }}
+        {{- end }}
         - --volume-name-prefix=pv-
         - --default-fstype=ext4
         - --leader-election=true
@@ -159,6 +169,9 @@ spec:
         - --leader-election=true
         - --leader-election-namespace=kube-system
         - --handle-volume-inuse-error=false
+        {{- if .Values.csiResizer.featureGates }}
+        - -feature-gates={{ range $feature, $enabled := .Values.csiResizer.featureGates }}{{ $feature }}={{ $enabled }},{{ end }}
+        {{- end }}
         - --v=5
         env:
         - name: ADDRESS

diff --git a/charts/internal/seed-controlplane/charts/csi-driver-controller/values.yaml b/charts/internal/seed-controlplane/charts/csi-driver-controller/values.yaml
@@ -49,6 +49,10 @@ csiSnapshotController:
       cpu: 11m
       memory: 32Mi
 
+csiProvisioner:
+  featureGates:
+    Topology: true
+
 csiSnapshotValidationWebhook:
   replica: 1
   podAnnotations: {}

diff --git a/...shoot-system-components/charts/csi-driver-node/templates/clusterrole-csi-provisioner.yaml b/...shoot-system-components/charts/csi-driver-node/templates/clusterrole-csi-provisioner.yaml
@@ -13,6 +13,11 @@ rules:
 - apiGroups: ["storage.k8s.io"]
   resources: ["storageclasses"]
   verbs: ["get", "list", "watch"]
+{{- if .Values.setVolumeAttributeClassPermissions }}
+- apiGroups: ["storage.k8s.io"]
+  resources: ["volumeattributesclasses"]
+  verbs: ["get", "list", "watch"]
+{{- end }}
 - apiGroups: [""]
   resources: ["events"]
   verbs: ["list", "watch", "create", "update", "patch"]

diff --git a/...nal/shoot-system-components/charts/csi-driver-node/templates/clusterrole-csi-resizer.yaml b/...nal/shoot-system-components/charts/csi-driver-node/templates/clusterrole-csi-resizer.yaml
@@ -13,6 +13,11 @@ rules:
 - apiGroups: [""]
   resources: ["persistentvolumeclaims/status"]
   verbs: ["update", "patch"]
+{{- if .Values.setVolumeAttributeClassPermissions }}
+- apiGroups: ["storage.k8s.io"]
+  resources: ["volumeattributesclasses"]
+  verbs: ["get", "list", "watch"]
+{{- end }}
 - apiGroups: [""]
   resources: ["events"]
   verbs: ["list", "watch", "create", "update", "patch"]
diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go
@@ -456,7 +456,7 @@ func getCSIControllerChartValues(
 		return nil, fmt.Errorf("secret %q not found", csiSnapshotValidationServerName)
 	}
 
-	return map[string]interface{}{
+	values := map[string]interface{}{
 		"enabled":   true,
 		"replicas":  extensionscontroller.GetControlPlaneReplicas(cluster, scaledDown, 1),
 		"projectID": serviceAccount.ProjectID,
@@ -474,7 +474,34 @@ func getCSIControllerChartValues(
 			},
 			"topologyAwareRoutingEnabled": gardencorev1beta1helper.IsTopologyAwareRoutingForShootControlPlaneEnabled(cluster.Seed, cluster.Shoot),
 		},
-	}, nil
+	}
+
+	csiProvisionerFeatureGates := map[string]string{
+		"Topology": "true",
+	}
+
+	if _, ok := cluster.Shoot.Annotations[gcp.AnnotationEnableModifyVolume]; ok {
+		values["csiResizer"] = map[string]interface{}{
+			"featureGates": map[string]string{
+				"VolumeAttributeClass": "true",
+			},
+		}
+
+		csiProvisionerFeatureGates["VolumeAttributeClass"] = "true"
+
+		values["csiDriver"] = map[string]interface{}{
+			"storage": map[string]interface{}{
+				"supportsDynamicIopsProvisioning":       []string{"hyperdisk-balanced", "hyperdisk-extreme"},
+				"supportsDynamicThroughputProvisioning": []string{"hyperdisk-balanced", "hyperdisk-throughput", "hyperdisk-ml"},
+			},
+		}
+	}
+
+	values["csiProvisioner"] = map[string]interface{}{
+		"featureGates": csiProvisionerFeatureGates,
+	}
+
+	return values, nil
 }
 
 // getControlPlaneShootChartValues collects and returns the control plane shoot chart values.
@@ -489,12 +516,18 @@ func getControlPlaneShootChartValues(
 		return nil, fmt.Errorf("secret %q not found", caNameControlPlane)
 	}
 
+	setVolumeAttributeClassPermissions := false
+	if _, ok := cluster.Shoot.Annotations[gcp.AnnotationEnableModifyVolume]; ok {
+		setVolumeAttributeClassPermissions = true
+	}
+
 	return map[string]interface{}{
 		gcp.CloudControllerManagerName: map[string]interface{}{"enabled": true},
 		gcp.CSINodeName: map[string]interface{}{
-			"enabled":           true,
-			"kubernetesVersion": kubernetesVersion,
-			"vpaEnabled":        gardencorev1beta1helper.ShootWantsVerticalPodAutoscaler(cluster.Shoot),
+			"enabled":                            true,
+			"setVolumeAttributeClassPermissions": setVolumeAttributeClassPermissions,
+			"kubernetesVersion":                  kubernetesVersion,
+			"vpaEnabled":                         gardencorev1beta1helper.ShootWantsVerticalPodAutoscaler(cluster.Shoot),
 			"webhookConfig": map[string]interface{}{
 				"url":      "https://" + gcp.CSISnapshotValidationName + "." + cp.Namespace + "/volumesnapshot",
 				"caBundle": string(caSecret.Data[secretutils.DataKeyCertificateBundle]),

diff --git a/pkg/gcp/types.go b/pkg/gcp/types.go
@@ -81,6 +81,8 @@ const (
 	SeedAnnotationKeyUseFlow = AnnotationKeyUseFlow
 	// SeedAnnotationUseFlowValueNew is the value to restrict flow reconciliation to new shoot clusters
 	SeedAnnotationUseFlowValueNew = "new"
+
+	AnnotationEnableModifyVolume = "gcp.provider.extensions.gardener.cloud/enable-modify-volume"
 )
 
 var (