Merge pull request #234 from red-hat-storage/sync_us--main

Syncing latest changes from upstream main for kubernetes-csi-addons

Makefile

@@ -152,7 +152,7 @@ vet: ## Run go vet against code.
 
 .PHONY: test
 test: manifests generate docker-generate-protobuf fmt vet envtest ## Run tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -v ./... -coverprofile cover.out
 
 .PHONY: check-all-committed
 check-all-committed: ## Fail in case there are uncommitted changes

api/csiaddons/v1alpha1/csiaddonsnode_types.go

@@ -77,6 +77,23 @@ type CSIAddonsNodeStatus struct {
 
 	// A list of capabilities advertised by the sidecar
 	Capabilities []string `json:"capabilities,omitempty"`
+
+	// NetworkFenceClientStatus contains the status of the clients required for fencing.
+	NetworkFenceClientStatus []NetworkFenceClientStatus `json:"networkFenceClientStatus,omitempty"`
+}
+
+// NetworkFenceClientStatus contains the status of the clients required for fencing.
+type NetworkFenceClientStatus struct {
+	NetworkFenceClassName string         `json:"networkFenceClassName"`
+	ClientDetails         []ClientDetail `json:"ClientDetails"`
+}
+
+// ClientDetail contains the details of the client required for fencing.
+type ClientDetail struct {
+	// Id is the unique identifier of the client where it belongs to.
+	Id string `json:"id"`
+	// Cidrs is the list of CIDR blocks that are fenced.
+	Cidrs []string `json:"cidrs"`
 }
 
 //+kubebuilder:object:root=true

config/crd/bases/csiaddons.openshift.io_csiaddonsnodes.yaml

@@ -104,6 +104,40 @@ spec:
                   Message is a human-readable message indicating details about why the CSIAddonsNode
                   is in this state.
                 type: string
+              networkFenceClientStatus:
+                description: NetworkFenceClientStatus contains the status of the clients
+                  required for fencing.
+                items:
+                  description: NetworkFenceClientStatus contains the status of the
+                    clients required for fencing.
+                  properties:
+                    ClientDetails:
+                      items:
+                        description: ClientDetail contains the details of the client
+                          required for fencing.
+                        properties:
+                          cidrs:
+                            description: Cidrs is the list of CIDR blocks that are
+                              fenced.
+                            items:
+                              type: string
+                            type: array
+                          id:
+                            description: Id is the unique identifier of the client
+                              where it belongs to.
+                            type: string
+                        required:
+                        - cidrs
+                        - id
+                        type: object
+                      type: array
+                    networkFenceClassName:
+                      type: string
+                  required:
+                  - ClientDetails
+                  - networkFenceClassName
+                  type: object
+                type: array
               reason:
                 description: |-
                   Reason is a brief CamelCase string that describes any failure and is meant

config/samples/csiaddons_v1alpha1_networkfenceclass.yaml

@@ -6,4 +6,7 @@ metadata:
     app.kubernetes.io/managed-by: kustomize
   name: networkfenceclass-sample
 spec:
-  # TODO(user): Add fields here
+  provisioner: driver.example.com
+  parameters:
+    csiaddons.openshift.io/networkfence-secret-name: secret
+    csiaddons.openshift.io/network-secret-namespace: default

deploy/controller/crds.yaml

@@ -103,6 +103,40 @@ spec:
                   Message is a human-readable message indicating details about why the CSIAddonsNode
                   is in this state.
                 type: string
+              networkFenceClientStatus:
+                description: NetworkFenceClientStatus contains the status of the clients
+                  required for fencing.
+                items:
+                  description: NetworkFenceClientStatus contains the status of the
+                    clients required for fencing.
+                  properties:
+                    ClientDetails:
+                      items:
+                        description: ClientDetail contains the details of the client
+                          required for fencing.
+                        properties:
+                          cidrs:
+                            description: Cidrs is the list of CIDR blocks that are
+                              fenced.
+                            items:
+                              type: string
+                            type: array
+                          id:
+                            description: Id is the unique identifier of the client
+                              where it belongs to.
+                            type: string
+                        required:
+                        - cidrs
+                        - id
+                        type: object
+                      type: array
+                    networkFenceClassName:
+                      type: string
+                  required:
+                  - ClientDetails
+                  - networkFenceClassName
+                  type: object
+                type: array
               reason:
                 description: |-
                   Reason is a brief CamelCase string that describes any failure and is meant

docs/networkfenceclass.md

@@ -0,0 +1,61 @@
+# NetworkFenceClass
+
+NetworkFence is a cluster-scoped custom resource that allows Kubernetes to invoke "GetFenceClients" operation on a storage provider.
+
+The user needs to specify the csi provisioner name, parameters and the secret required to perform GetFenceClients operation.
+
+## Fence Operation
+
+```yaml
+apiVersion: csiaddons.openshift.io/v1alpha1
+kind: NetworkFenceClass
+metadata:
+  name: network-fence-class
+spec:
+  provisioner: driver.example.com
+  parameters:
+    key: value
+    csiaddons.openshift.io/networkfence-secret-name: secret-name
+    csiaddons.openshift.io/networkfence-secret-namespace: secret-namespace
+```
+
+- `provisioner`: specifies the name of storage provisioner.
+- `parameters`: specifies storage provider specific parameters.
+
+Resereved parameters:
+
+- `csiaddons.openshift.io/networkfence-secret-name`: specifies the name of the secret required for network fencing operation.
+- `csiaddons.openshift.io/networkfence-secret-namespace`: specifies the namespace in which the secret is located.
+
+Once the NetworkFenceClass is processed, the CSI Addons controller will call the GetFenceClients operation on the storage provider associated with the provisioner name that registered the `GET_CLIENTS_TO_FENCE` capability. The resulting data will then be stored in the CSIAddonsNode status.
+
+The NetworkFenceStatus object will contain the list of clients that need to be fenced.
+
+```yaml
+apiVersion: csiaddons.openshift.io/v1alpha1
+kind: CSIAddonsNode
+metadata:
+  annotations:
+    csiaddons.openshift.io/networkfenceclass-names: '["network-fence-class"]'
+  creationTimestamp: "2024-11-11T07:31:20Z"
+  finalizers:
+  - csiaddons.openshift.io/csiaddonsnode
+  generation: 1
+  name: plugin
+  namespace: default
+  ...
+status:
+  capabilities:
+  - service.NODE_SERVICE
+  - reclaim_space.ONLINE
+  - encryption_key_rotation.ENCRYPTIONKEYROTATION
+  - network_fence.GET_CLIENTS_TO_FENCE
+  message: Successfully established connection with sidecar
+  networkFenceClientStatus:
+  - networkFenceClassName: network-fence-class
+    clientDetails:
+    - cidrs:
+      - 10.244.0.1/32
+      id: a815fe8e-eabd-4e87-a6e8-78cebfb67d08
+  state: Connected
+```

go.mod

@@ -6,7 +6,7 @@ toolchain go1.22.9
 
 require (
 	github.com/container-storage-interface/spec v1.10.0
-	github.com/csi-addons/spec v0.2.1-0.20240730084235-3958a5b17d24
+	github.com/csi-addons/spec v0.2.1-0.20241104111131-27825f744db5
 	github.com/go-logr/logr v1.4.2
 	github.com/kubernetes-csi/csi-lib-utils v0.19.0
 	github.com/onsi/ginkgo/v2 v2.21.0

go.sum

@@ -7,8 +7,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/container-storage-interface/spec v1.10.0 h1:YkzWPV39x+ZMTa6Ax2czJLLwpryrQ+dPesB34mrRMXA=
 github.com/container-storage-interface/spec v1.10.0/go.mod h1:DtUvaQszPml1YJfIK7c00mlv6/g4wNMLanLgiUbKFRI=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/csi-addons/spec v0.2.1-0.20240730084235-3958a5b17d24 h1:tJETaYbnnzlCSaqDXQzbszYyuAtG/sFzm6DargeVzJA=
-github.com/csi-addons/spec v0.2.1-0.20240730084235-3958a5b17d24/go.mod h1:Mwq4iLiUV4s+K1bszcWU6aMsR5KPsbIYzzszJ6+56vI=
+github.com/csi-addons/spec v0.2.1-0.20241104111131-27825f744db5 h1:j9NaWj5KmzEVarmsjxS/NDAhes6Uzq1qhkUGHvDlVBk=
+github.com/csi-addons/spec v0.2.1-0.20241104111131-27825f744db5/go.mod h1:Mwq4iLiUV4s+K1bszcWU6aMsR5KPsbIYzzszJ6+56vI=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=