Skip to content

Commit

Permalink
Add support for adding CSI volumes as Additional Volumes (#784)
Browse files Browse the repository at this point in the history
### Description
This PR adds the capability to add CSI volumes as AdditionalVolumes in
the OpenSearch cluster

### Issues Resolved
Closes
#275

### Check List
- [x] Commits are signed per the DCO using --signoff 
- [x] Unittest added for the new/changed functionality and all unit
tests are successful
- [x] Customer-visible features documented
- [x] No linter warnings (`make lint`)

If CRDs are changed:
- [x] CRD YAMLs updated (`make manifests`) and also copied into the helm
chart
- [x] Changes to CRDs documented

Please refer to the [PR
guidelines](https://github.com/opensearch-project/opensearch-k8s-operator/blob/main/docs/developing.md#submitting-a-pr)
before submitting this pull request.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Nilushan Costa <[email protected]>
  • Loading branch information
nilushancosta authored Apr 22, 2024
1 parent 8d00bb8 commit 82f8be1
Show file tree
Hide file tree
Showing 8 changed files with 289 additions and 19 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1022,6 +1022,51 @@ spec:
type: boolean
type: object
x-kubernetes-map-type: atomic
csi:
description: CSI object to use to populate the volume
properties:
driver:
description: |-
driver is the name of the CSI driver that handles this volume.
Consult with your admin for the correct name as registered in the cluster.
type: string
fsType:
description: |-
fsType to mount. Ex. "ext4", "xfs", "ntfs".
If not provided, the empty value is passed to the associated CSI driver
which will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
description: |-
nodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
This field is optional, and may be empty if no secret is required. If the
secret object contains more than one secret, all secret references are passed.
properties:
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
readOnly:
description: |-
readOnly specifies a read-only configuration for the volume.
Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: |-
volumeAttributes stores driver-specific properties that are passed to the CSI
driver. Consult your driver's documentation for supported values.
type: object
required:
- driver
type: object
emptyDir:
description: EmptyDir to use to populate the volume
properties:
Expand Down Expand Up @@ -2645,6 +2690,51 @@ spec:
type: boolean
type: object
x-kubernetes-map-type: atomic
csi:
description: CSI object to use to populate the volume
properties:
driver:
description: |-
driver is the name of the CSI driver that handles this volume.
Consult with your admin for the correct name as registered in the cluster.
type: string
fsType:
description: |-
fsType to mount. Ex. "ext4", "xfs", "ntfs".
If not provided, the empty value is passed to the associated CSI driver
which will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
description: |-
nodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
This field is optional, and may be empty if no secret is required. If the
secret object contains more than one secret, all secret references are passed.
properties:
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
readOnly:
description: |-
readOnly specifies a read-only configuration for the volume.
Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: |-
volumeAttributes stores driver-specific properties that are passed to the CSI
driver. Consult your driver's documentation for supported values.
type: object
required:
- driver
type: object
emptyDir:
description: EmptyDir to use to populate the volume
properties:
Expand Down
56 changes: 40 additions & 16 deletions docs/designs/crd.md
Original file line number Diff line number Diff line change
Expand Up @@ -672,22 +672,31 @@ Monitoring TLS configuration options

Every Keystore Value defines a secret to pull secrets from.
<table>
<tbody>
<tr>
<td><b>secret</b></td>
<td>corev1.LocalObjectReference</td>
<td>Define secret that contains key value pairs</td>
<td>true</td>
<td>-</td>
</tr>
<tr>
<td><b>keyMappings</b></td>
<td>map</td>
<td>Define key mappings from secret to keystore entry. Example: "old: new" creates a keystore entry "new" with the value from the secret entry "old". When a map is provided, only the specified keys are loaded from the secret, so use "key: key" to load a key that should not be renamed.</td>
<td>false</td>
<td>-</td>
</tr>
</tbody>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
<th>default</th>
</tr>
</thead>
<tbody>
<tr>
<td><b>secret</b></td>
<td>corev1.LocalObjectReference</td>
<td>Define secret that contains key value pairs</td>
<td>true</td>
<td>-</td>
</tr>
<tr>
<td><b>keyMappings</b></td>
<td>map</td>
<td>Define key mappings from secret to keystore entry. Example: "old: new" creates a keystore entry "new" with the value from the secret entry "old". When a map is provided, only the specified keys are loaded from the secret, so use "key: key" to load a key that should not be renamed.</td>
<td>false</td>
<td>-</td>
</tr>
</tbody>
</table>

<h3 id="AdditionalVolume">
Expand All @@ -696,6 +705,15 @@ Every Keystore Value defines a secret to pull secrets from.

AdditionalVolume object define additional volume and volumeMount
<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
<th>default</th>
</tr>
</thead>
<tbody>
<tr>
<td><b>name</b></td>
Expand Down Expand Up @@ -739,6 +757,12 @@ AdditionalVolume object define additional volume and volumeMount
<td>Defines Secret object to be mounted</td>
<td>false</td>
<td>-</td>
</tr><tr>
<td><b>csi</b></td>
<td>corev1.CSIVolumeSource</td>
<td>Defines the CSI object to be mounted</td>
<td>false</td>
<td>-</td>
</tr>
</tbody>
</table>
Expand Down
10 changes: 9 additions & 1 deletion docs/userguide/main.md
Original file line number Diff line number Diff line change
Expand Up @@ -698,7 +698,7 @@ spec:

### Additional Volumes

Sometimes it is neccessary to mount ConfigMaps, Secrets or emptyDir into the Opensearch pods as volumes to provide additional configuration (e.g. plugin config files). This can be achieved by providing an array of additional volumes to mount to the custom resource. This option is located in either `spec.general.additionalVolumes` or `spec.dashboards.additionalVolumes`. The format is as follows:
Sometimes it is neccessary to mount ConfigMaps, Secrets, emptyDir or CSI volumes into the Opensearch pods as volumes to provide additional configuration (e.g. plugin config files). This can be achieved by providing an array of additional volumes to mount to the custom resource. This option is located in either `spec.general.additionalVolumes` or `spec.dashboards.additionalVolumes`. The format is as follows:

```yaml
spec:
Expand All @@ -713,6 +713,14 @@ spec:
- name: temp
path: /tmp
emptyDir: {}
- name: example-csi-volume
path: /path/to/mount/volume
#subPath: "subpath" # Add this to mount the CSI volume at a specific subpath
csi:
driver: csi-driver-name
readOnly: true
volumeAttributes:
secretProviderClass: example-secret-provider-class
dashboards:
additionalVolumes:
- name: example-secret
Expand Down
2 changes: 2 additions & 0 deletions opensearch-operator/api/v1/opensearch_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,8 @@ type AdditionalVolume struct {
ConfigMap *corev1.ConfigMapVolumeSource `json:"configMap,omitempty"`
// EmptyDir to use to populate the volume
EmptyDir *corev1.EmptyDirVolumeSource `json:"emptyDir,omitempty"`
// CSI object to use to populate the volume
CSI *corev1.CSIVolumeSource `json:"csi,omitempty"`
// Whether to restart the pods on content change
RestartPods bool `json:"restartPods,omitempty"`
}
Expand Down
5 changes: 5 additions & 0 deletions opensearch-operator/api/v1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -1022,6 +1022,51 @@ spec:
type: boolean
type: object
x-kubernetes-map-type: atomic
csi:
description: CSI object to use to populate the volume
properties:
driver:
description: |-
driver is the name of the CSI driver that handles this volume.
Consult with your admin for the correct name as registered in the cluster.
type: string
fsType:
description: |-
fsType to mount. Ex. "ext4", "xfs", "ntfs".
If not provided, the empty value is passed to the associated CSI driver
which will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
description: |-
nodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
This field is optional, and may be empty if no secret is required. If the
secret object contains more than one secret, all secret references are passed.
properties:
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
readOnly:
description: |-
readOnly specifies a read-only configuration for the volume.
Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: |-
volumeAttributes stores driver-specific properties that are passed to the CSI
driver. Consult your driver's documentation for supported values.
type: object
required:
- driver
type: object
emptyDir:
description: EmptyDir to use to populate the volume
properties:
Expand Down Expand Up @@ -2645,6 +2690,51 @@ spec:
type: boolean
type: object
x-kubernetes-map-type: atomic
csi:
description: CSI object to use to populate the volume
properties:
driver:
description: |-
driver is the name of the CSI driver that handles this volume.
Consult with your admin for the correct name as registered in the cluster.
type: string
fsType:
description: |-
fsType to mount. Ex. "ext4", "xfs", "ntfs".
If not provided, the empty value is passed to the associated CSI driver
which will determine the default filesystem to apply.
type: string
nodePublishSecretRef:
description: |-
nodePublishSecretRef is a reference to the secret object containing
sensitive information to pass to the CSI driver to complete the CSI
NodePublishVolume and NodeUnpublishVolume calls.
This field is optional, and may be empty if no secret is required. If the
secret object contains more than one secret, all secret references are passed.
properties:
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
readOnly:
description: |-
readOnly specifies a read-only configuration for the volume.
Defaults to false (read/write).
type: boolean
volumeAttributes:
additionalProperties:
type: string
description: |-
volumeAttributes stores driver-specific properties that are passed to the CSI
driver. Consult your driver's documentation for supported values.
type: object
required:
- driver
type: object
emptyDir:
description: EmptyDir to use to populate the volume
properties:
Expand Down
12 changes: 10 additions & 2 deletions opensearch-operator/pkg/reconcilers/util/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,14 +127,22 @@ func CreateAdditionalVolumes(
},
})
}
if volumeConfig.CSI != nil {
retVolumes = append(retVolumes, corev1.Volume{
Name: volumeConfig.Name,
VolumeSource: corev1.VolumeSource{
CSI: volumeConfig.CSI,
},
})
}
if volumeConfig.RestartPods {
namesIndex[volumeConfig.Name] = i
names = append(names, volumeConfig.Name)
}

subPath := ""
// SubPaths are only supported for ConfigMaps and Secrets
if volumeConfig.ConfigMap != nil || volumeConfig.Secret != nil {
// SubPaths are only supported for ConfigMaps, Secrets and CSI volumes
if volumeConfig.ConfigMap != nil || volumeConfig.Secret != nil || volumeConfig.CSI != nil {
subPath = strings.TrimSpace(volumeConfig.SubPath)
}

Expand Down
Loading

0 comments on commit 82f8be1

Please sign in to comment.