From eee2b71b0d75086c08b4d7a1eef9b6aa16ff51b1 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Mon, 14 Apr 2025 18:45:03 +0100 Subject: [PATCH 1/2] openstack-cinder: Add --http-endpoint option to controller container We had configured the proxy sidecar container for the driver in the controller Deployment, but the upstream it was pointing to did not exist. Fix this by setting the --http-endpoint option. Per the upstream docs [1]: --http-endpoint This argument is optional. The TCP network address where the HTTP server for providing metrics for diagnostics, will listen (example: `:8080`). The default is empty string, which means the server is disabled. There's a bit of cleanup needed here to avoid hardcoding something which is generated (via a loop-variable) elsewhere, but we'll do that separately. [1] https://github.com/kubernetes/cloud-provider-openstack/blob/release-1.32/docs/cinder-csi-plugin/using-cinder-csi-plugin.md#command-line-arguments Signed-off-by: Stephen Finucane --- .../openstack-cinder/generated/hypershift/controller.yaml | 1 + .../openstack-cinder/generated/standalone/controller.yaml | 1 + .../openstack-cinder/patches/controller_add_driver.yaml | 3 +++ 3 files changed, 5 insertions(+) diff --git a/assets/overlays/openstack-cinder/generated/hypershift/controller.yaml b/assets/overlays/openstack-cinder/generated/hypershift/controller.yaml index 4b867dfc5..d57b4a02f 100644 --- a/assets/overlays/openstack-cinder/generated/hypershift/controller.yaml +++ b/assets/overlays/openstack-cinder/generated/hypershift/controller.yaml @@ -92,6 +92,7 @@ spec: - --provide-controller-service=true - --provide-node-service=false - --endpoint=$(CSI_ENDPOINT) + - --http-endpoint=localhost:8202 - --cloud-config=$(CLOUD_CONFIG) - --cluster=${CLUSTER_ID} - --v=${LOG_LEVEL} diff --git a/assets/overlays/openstack-cinder/generated/standalone/controller.yaml b/assets/overlays/openstack-cinder/generated/standalone/controller.yaml index 304796ac5..09ab03cec 100644 --- a/assets/overlays/openstack-cinder/generated/standalone/controller.yaml +++ b/assets/overlays/openstack-cinder/generated/standalone/controller.yaml @@ -62,6 +62,7 @@ spec: - --provide-controller-service=true - --provide-node-service=false - --endpoint=$(CSI_ENDPOINT) + - --http-endpoint=localhost:8202 - --cloud-config=$(CLOUD_CONFIG) - --cluster=${CLUSTER_ID} - --v=${LOG_LEVEL} diff --git a/assets/overlays/openstack-cinder/patches/controller_add_driver.yaml b/assets/overlays/openstack-cinder/patches/controller_add_driver.yaml index 66968f6f4..afe593e0d 100644 --- a/assets/overlays/openstack-cinder/patches/controller_add_driver.yaml +++ b/assets/overlays/openstack-cinder/patches/controller_add_driver.yaml @@ -38,6 +38,9 @@ spec: - "--provide-controller-service=true" - "--provide-node-service=false" - "--endpoint=$(CSI_ENDPOINT)" + # this is the generated value of the LOCAL_METRICS_PORT variable + # we hardcode it because we don't currently support substitution + - "--http-endpoint=localhost:8202" - "--cloud-config=$(CLOUD_CONFIG)" - "--cluster=${CLUSTER_ID}" - "--v=${LOG_LEVEL}" From c897e2806c84174a9a7b2798c3d174e5ad2fcbf8 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Tue, 15 Apr 2025 11:14:22 +0100 Subject: [PATCH 2/2] openstack-manila: Stop exposing driver metrics The openstack-manila driver does not currently support this. Signed-off-by: Stephen Finucane --- .../generated/hypershift/controller.yaml | 24 ------------------- .../generated/hypershift/service.yaml | 5 ---- .../generated/standalone/controller.yaml | 24 ------------------- .../generated/standalone/service.yaml | 5 ---- .../generated/standalone/servicemonitor.yaml | 9 ------- .../patches/controller_add_driver.yaml | 4 ++-- .../openstack-manila/openstack_manila.go | 9 +------ 7 files changed, 3 insertions(+), 77 deletions(-) diff --git a/assets/overlays/openstack-manila/generated/hypershift/controller.yaml b/assets/overlays/openstack-manila/generated/hypershift/controller.yaml index ae0dedd1e..60aa85b2e 100644 --- a/assets/overlays/openstack-manila/generated/hypershift/controller.yaml +++ b/assets/overlays/openstack-manila/generated/hypershift/controller.yaml @@ -2,7 +2,6 @@ # # Loaded from base/controller.yaml # Applied strategic merge patch overlays/openstack-manila/patches/controller_add_driver.yaml -# Applied strategic merge patch common/sidecars/controller_driver_kube_rbac_proxy.yaml # provisioner.yaml: Loaded from common/sidecars/provisioner.yaml # provisioner.yaml: Added arguments [--timeout=120s --feature-gates=Topology=true] # provisioner.yaml: Applied JSON patch common/hypershift/sidecar_add_kubeconfig.yaml.patch @@ -156,29 +155,6 @@ spec: volumeMounts: - mountPath: /plugin name: socket-dir - - args: - - --secure-listen-address=0.0.0.0:9202 - - --upstream=http://127.0.0.1:8202/ - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - - --tls-cipher-suites=${TLS_CIPHER_SUITES} - - --tls-min-version=${TLS_MIN_VERSION} - - --logtostderr=true - image: ${KUBE_RBAC_PROXY_IMAGE} - imagePullPolicy: IfNotPresent - name: kube-rbac-proxy-8202 - ports: - - containerPort: 9202 - name: driver-m - protocol: TCP - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: metrics-serving-cert - args: - --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock - --http-endpoint=localhost:8203 diff --git a/assets/overlays/openstack-manila/generated/hypershift/service.yaml b/assets/overlays/openstack-manila/generated/hypershift/service.yaml index 197eee55a..8cca3cec6 100644 --- a/assets/overlays/openstack-manila/generated/hypershift/service.yaml +++ b/assets/overlays/openstack-manila/generated/hypershift/service.yaml @@ -4,7 +4,6 @@ # Applied strategic merge patch common/metrics/service_add_port.yaml # Applied strategic merge patch common/metrics/service_add_port.yaml # Applied strategic merge patch common/metrics/service_add_port.yaml -# Applied strategic merge patch common/metrics/service_add_port.yaml # Applied strategic merge patch overlays/openstack-manila/patches/modify_service_selector.yaml # # @@ -32,10 +31,6 @@ spec: port: 9205 protocol: TCP targetPort: snapshotter-m - - name: driver-m - port: 9202 - protocol: TCP - targetPort: driver-m selector: app: openstack-manila-csi component: controllerplugin diff --git a/assets/overlays/openstack-manila/generated/standalone/controller.yaml b/assets/overlays/openstack-manila/generated/standalone/controller.yaml index c1003af80..07ef51ba8 100644 --- a/assets/overlays/openstack-manila/generated/standalone/controller.yaml +++ b/assets/overlays/openstack-manila/generated/standalone/controller.yaml @@ -2,7 +2,6 @@ # # Loaded from base/controller.yaml # Applied strategic merge patch overlays/openstack-manila/patches/controller_add_driver.yaml -# Applied strategic merge patch common/sidecars/controller_driver_kube_rbac_proxy.yaml # provisioner.yaml: Loaded from common/sidecars/provisioner.yaml # provisioner.yaml: Added arguments [--timeout=120s --feature-gates=Topology=true] # Applied strategic merge patch provisioner.yaml @@ -126,29 +125,6 @@ spec: volumeMounts: - mountPath: /plugin name: socket-dir - - args: - - --secure-listen-address=0.0.0.0:9202 - - --upstream=http://127.0.0.1:8202/ - - --tls-cert-file=/etc/tls/private/tls.crt - - --tls-private-key-file=/etc/tls/private/tls.key - - --tls-cipher-suites=${TLS_CIPHER_SUITES} - - --tls-min-version=${TLS_MIN_VERSION} - - --logtostderr=true - image: ${KUBE_RBAC_PROXY_IMAGE} - imagePullPolicy: IfNotPresent - name: kube-rbac-proxy-8202 - ports: - - containerPort: 9202 - name: driver-m - protocol: TCP - resources: - requests: - cpu: 10m - memory: 20Mi - terminationMessagePolicy: FallbackToLogsOnError - volumeMounts: - - mountPath: /etc/tls/private - name: metrics-serving-cert - args: - --csi-address=/var/lib/csi/sockets/pluginproxy/csi.sock - --http-endpoint=localhost:8203 diff --git a/assets/overlays/openstack-manila/generated/standalone/service.yaml b/assets/overlays/openstack-manila/generated/standalone/service.yaml index 197eee55a..8cca3cec6 100644 --- a/assets/overlays/openstack-manila/generated/standalone/service.yaml +++ b/assets/overlays/openstack-manila/generated/standalone/service.yaml @@ -4,7 +4,6 @@ # Applied strategic merge patch common/metrics/service_add_port.yaml # Applied strategic merge patch common/metrics/service_add_port.yaml # Applied strategic merge patch common/metrics/service_add_port.yaml -# Applied strategic merge patch common/metrics/service_add_port.yaml # Applied strategic merge patch overlays/openstack-manila/patches/modify_service_selector.yaml # # @@ -32,10 +31,6 @@ spec: port: 9205 protocol: TCP targetPort: snapshotter-m - - name: driver-m - port: 9202 - protocol: TCP - targetPort: driver-m selector: app: openstack-manila-csi component: controllerplugin diff --git a/assets/overlays/openstack-manila/generated/standalone/servicemonitor.yaml b/assets/overlays/openstack-manila/generated/standalone/servicemonitor.yaml index bc12451ab..badb73623 100644 --- a/assets/overlays/openstack-manila/generated/standalone/servicemonitor.yaml +++ b/assets/overlays/openstack-manila/generated/standalone/servicemonitor.yaml @@ -4,7 +4,6 @@ # Applied JSON patch common/metrics/service_monitor_add_port.yaml.patch # Applied JSON patch common/metrics/service_monitor_add_port.yaml.patch # Applied JSON patch common/metrics/service_monitor_add_port.yaml.patch -# Applied JSON patch common/metrics/service_monitor_add_port.yaml.patch # # @@ -39,14 +38,6 @@ spec: tlsConfig: caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt serverName: manila-csi-driver-controller-metrics.${NAMESPACE}.svc - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - interval: 30s - path: /metrics - port: driver-m - scheme: https - tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt - serverName: manila-csi-driver-controller-metrics.${NAMESPACE}.svc jobLabel: component selector: matchLabels: diff --git a/assets/overlays/openstack-manila/patches/controller_add_driver.yaml b/assets/overlays/openstack-manila/patches/controller_add_driver.yaml index 81fd7dfb1..009ee7dff 100644 --- a/assets/overlays/openstack-manila/patches/controller_add_driver.yaml +++ b/assets/overlays/openstack-manila/patches/controller_add_driver.yaml @@ -38,8 +38,8 @@ spec: image: ${DRIVER_IMAGE} imagePullPolicy: IfNotPresent args: - - "--provide-controller-service=true" - - "--provide-node-service=false" + - --provide-controller-service=true + - --provide-node-service=false - --v=${LOG_LEVEL} - --cluster-id=${CLUSTER_ID} - --nodeid=$(NODE_ID) diff --git a/pkg/driver/openstack-manila/openstack_manila.go b/pkg/driver/openstack-manila/openstack_manila.go index 8e6b6586c..40fa1ef98 100644 --- a/pkg/driver/openstack-manila/openstack_manila.go +++ b/pkg/driver/openstack-manila/openstack_manila.go @@ -56,14 +56,7 @@ func GetOpenStackManilaGeneratorConfig() *generator.CSIDriverGeneratorConfig { ControllerConfig: &generator.ControlPlaneConfig{ DeploymentTemplateAssetName: "overlays/openstack-manila/patches/controller_add_driver.yaml", LivenessProbePort: 10306, - MetricsPorts: []generator.MetricsPort{ - { - LocalPort: commongenerator.OpenStackManilaLoopbackMetricsPortStart, - InjectKubeRBACProxy: true, - ExposedPort: commongenerator.OpenStackManilaExposedMetricsPortStart, - Name: "driver-m", - }, - }, + // TODO(stephenfin): Expose metrics port once the driver supports it SidecarLocalMetricsPortStart: commongenerator.OpenStackManilaLoopbackMetricsPortStart + 1, SidecarExposedMetricsPortStart: commongenerator.OpenStackManilaExposedMetricsPortStart + 1, Sidecars: []generator.SidecarConfig{