diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index 5fb579b192c..a2671b09ced 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -13750,7 +13750,7 @@ "type": "boolean" }, "requiresRepublish": { - "description": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.", + "description": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.", "type": "boolean" }, "storageCapacity": { @@ -13758,7 +13758,7 @@ "type": "boolean" }, "tokenRequests": { - "description": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"\": {\n \"token\": ,\n \"expirationTimestamp\": ,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.", + "description": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"\": {\n \"token\": ,\n \"expirationTimestamp\": ,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.", "items": { "$ref": "#/definitions/io.k8s.api.storage.v1.TokenRequest" }, diff --git a/pkg/apis/storage/types.go b/pkg/apis/storage/types.go index f9955361849..045df66c85b 100644 --- a/pkg/apis/storage/types.go +++ b/pkg/apis/storage/types.go @@ -381,9 +381,6 @@ type CSIDriverSpec struct { // most one token is empty string. To receive a new token after expiry, // RequiresRepublish can be used to trigger NodePublishVolume periodically. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional // +listType=atomic TokenRequests []TokenRequest @@ -396,9 +393,6 @@ type CSIDriverSpec struct { // to NodePublishVolume should only update the contents of the volume. New // mount points will not be seen by a running container. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional RequiresRepublish *bool } diff --git a/pkg/apis/storage/v1/defaults.go b/pkg/apis/storage/v1/defaults.go index 8711f0c0847..85d786f7650 100644 --- a/pkg/apis/storage/v1/defaults.go +++ b/pkg/apis/storage/v1/defaults.go @@ -60,7 +60,7 @@ func SetDefaults_CSIDriver(obj *storagev1.CSIDriver) { if len(obj.Spec.VolumeLifecycleModes) == 0 && utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) { obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1.VolumeLifecyclePersistent) } - if obj.Spec.RequiresRepublish == nil && utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { + if obj.Spec.RequiresRepublish == nil { obj.Spec.RequiresRepublish = new(bool) *(obj.Spec.RequiresRepublish) = false } diff --git a/pkg/apis/storage/v1/defaults_test.go b/pkg/apis/storage/v1/defaults_test.go index 4369842b305..89174b1bcae 100644 --- a/pkg/apis/storage/v1/defaults_test.go +++ b/pkg/apis/storage/v1/defaults_test.go @@ -94,7 +94,6 @@ func TestSetDefaultVolumeBindingMode(t *testing.T) { func TestSetDefaultCSIDriver(t *testing.T) { defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)() - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIServiceAccountToken, true)() enabled := true disabled := false diff --git a/pkg/apis/storage/v1beta1/defaults.go b/pkg/apis/storage/v1beta1/defaults.go index 87040fb52e5..f7dda9691dc 100644 --- a/pkg/apis/storage/v1beta1/defaults.go +++ b/pkg/apis/storage/v1beta1/defaults.go @@ -60,7 +60,7 @@ func SetDefaults_CSIDriver(obj *storagev1beta1.CSIDriver) { if len(obj.Spec.VolumeLifecycleModes) == 0 && utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) { obj.Spec.VolumeLifecycleModes = append(obj.Spec.VolumeLifecycleModes, storagev1beta1.VolumeLifecyclePersistent) } - if obj.Spec.RequiresRepublish == nil && utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { + if obj.Spec.RequiresRepublish == nil { obj.Spec.RequiresRepublish = new(bool) *(obj.Spec.RequiresRepublish) = false } diff --git a/pkg/apis/storage/v1beta1/defaults_test.go b/pkg/apis/storage/v1beta1/defaults_test.go index 5f25a02fb0f..572d5dd1dae 100644 --- a/pkg/apis/storage/v1beta1/defaults_test.go +++ b/pkg/apis/storage/v1beta1/defaults_test.go @@ -142,7 +142,6 @@ func TestSetDefaultVolumeLifecycleModesDisabled(t *testing.T) { func TestSetDefaultCSIDriver(t *testing.T) { defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)() - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIServiceAccountToken, true)() enabled := true disabled := false diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index 17d1c820569..2a745ca2c75 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -601,6 +601,7 @@ const ( // owner: @zshihang // alpha: v1.20 // beta: v1.21 + // ga: v1.22 // // Enable kubelet to pass pod's service account token to NodePublishVolume // call of CSI driver which is mounting volumes for that pod. @@ -777,7 +778,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS BalanceAttachedNodeVolumes: {Default: false, PreRelease: featuregate.Alpha}, CSIInlineVolume: {Default: true, PreRelease: featuregate.Beta}, CSIStorageCapacity: {Default: true, PreRelease: featuregate.Beta}, - CSIServiceAccountToken: {Default: true, PreRelease: featuregate.Beta}, + CSIServiceAccountToken: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23 GenericEphemeralVolume: {Default: true, PreRelease: featuregate.Beta}, CSIVolumeFSGroupPolicy: {Default: true, PreRelease: featuregate.Beta}, RuntimeClass: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23 diff --git a/pkg/printers/internalversion/printers.go b/pkg/printers/internalversion/printers.go index 97626c2c119..df9a140c4b5 100644 --- a/pkg/printers/internalversion/printers.go +++ b/pkg/printers/internalversion/printers.go @@ -520,12 +520,11 @@ func AddHandlers(h printers.PrintHandler) { Name: "StorageCapacity", Type: "boolean", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["storageCapacity"], }) } - if utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { - csiDriverColumnDefinitions = append(csiDriverColumnDefinitions, []metav1.TableColumnDefinition{ - {Name: "TokenRequests", Type: "string", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["tokenRequests"]}, - {Name: "RequiresRepublish", Type: "boolean", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["requiresRepublish"]}, - }...) - } + csiDriverColumnDefinitions = append(csiDriverColumnDefinitions, []metav1.TableColumnDefinition{ + {Name: "TokenRequests", Type: "string", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["tokenRequests"]}, + {Name: "RequiresRepublish", Type: "boolean", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["requiresRepublish"]}, + }...) + csiDriverColumnDefinitions = append(csiDriverColumnDefinitions, []metav1.TableColumnDefinition{ {Name: "Modes", Type: "string", Description: storagev1.CSIDriverSpec{}.SwaggerDoc()["volumeLifecycleModes"]}, {Name: "Age", Type: "string", Description: metav1.ObjectMeta{}.SwaggerDoc()["creationTimestamp"]}, @@ -1419,21 +1418,21 @@ func printCSIDriver(obj *storage.CSIDriver, options printers.GenerateOptions) ([ } row.Cells = append(row.Cells, storageCapacity) } - if utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { - tokenRequests := "" - if obj.Spec.TokenRequests != nil { - audiences := []string{} - for _, t := range obj.Spec.TokenRequests { - audiences = append(audiences, t.Audience) - } - tokenRequests = strings.Join(audiences, ",") + + tokenRequests := "" + if obj.Spec.TokenRequests != nil { + audiences := []string{} + for _, t := range obj.Spec.TokenRequests { + audiences = append(audiences, t.Audience) } - requiresRepublish := false - if obj.Spec.RequiresRepublish != nil { - requiresRepublish = *obj.Spec.RequiresRepublish - } - row.Cells = append(row.Cells, tokenRequests, requiresRepublish) + tokenRequests = strings.Join(audiences, ",") } + requiresRepublish := false + if obj.Spec.RequiresRepublish != nil { + requiresRepublish = *obj.Spec.RequiresRepublish + } + row.Cells = append(row.Cells, tokenRequests, requiresRepublish) + row.Cells = append(row.Cells, modes, translateTimestampSince(obj.CreationTimestamp)) return []metav1.TableRow{row}, nil } diff --git a/pkg/registry/storage/csidriver/strategy.go b/pkg/registry/storage/csidriver/strategy.go index ecf7a5a6225..cabe8e8c5ea 100644 --- a/pkg/registry/storage/csidriver/strategy.go +++ b/pkg/registry/storage/csidriver/strategy.go @@ -56,10 +56,6 @@ func (csiDriverStrategy) PrepareForCreate(ctx context.Context, obj runtime.Objec if !utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) { csiDriver.Spec.FSGroupPolicy = nil } - if !utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { - csiDriver.Spec.TokenRequests = nil - csiDriver.Spec.RequiresRepublish = nil - } } func (csiDriverStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList { @@ -100,14 +96,6 @@ func (csiDriverStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime. !utilfeature.DefaultFeatureGate.Enabled(features.CSIVolumeFSGroupPolicy) { newCSIDriver.Spec.FSGroupPolicy = nil } - if oldCSIDriver.Spec.TokenRequests == nil && - !utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { - newCSIDriver.Spec.TokenRequests = nil - } - if oldCSIDriver.Spec.RequiresRepublish == nil && - !utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { - newCSIDriver.Spec.RequiresRepublish = nil - } // Any changes to the mutable fields increment the generation number. if !apiequality.Semantic.DeepEqual(oldCSIDriver.Spec.TokenRequests, newCSIDriver.Spec.TokenRequests) || !apiequality.Semantic.DeepEqual(oldCSIDriver.Spec.RequiresRepublish, newCSIDriver.Spec.RequiresRepublish) { diff --git a/pkg/registry/storage/csidriver/strategy_test.go b/pkg/registry/storage/csidriver/strategy_test.go index 1fa6ba0aa69..5a97d6651a0 100644 --- a/pkg/registry/storage/csidriver/strategy_test.go +++ b/pkg/registry/storage/csidriver/strategy_test.go @@ -92,10 +92,9 @@ func TestCSIDriverPrepareForCreate(t *testing.T) { requiresRepublish := true tests := []struct { - name string - withCapacity bool - withInline bool - withServiceAccountToken bool + name string + withCapacity bool + withInline bool }{ { name: "inline enabled", @@ -113,21 +112,12 @@ func TestCSIDriverPrepareForCreate(t *testing.T) { name: "capacity disabled", withCapacity: false, }, - { - name: "serviceAccountToken enabled", - withServiceAccountToken: true, - }, - { - name: "serviceAccountToken disabled", - withServiceAccountToken: false, - }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIStorageCapacity, test.withCapacity)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, test.withInline)() - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIServiceAccountToken, test.withServiceAccountToken)() csiDriver := &storage.CSIDriver{ ObjectMeta: metav1.ObjectMeta{ @@ -167,21 +157,6 @@ func TestCSIDriverPrepareForCreate(t *testing.T) { t.Errorf("VolumeLifecycleModes not stripped: %v", csiDriver.Spec) } } - if test.withServiceAccountToken { - if csiDriver.Spec.TokenRequests == nil { - t.Errorf("TokenRequests modified: %v", csiDriver.Spec) - } - if csiDriver.Spec.RequiresRepublish == nil { - t.Errorf("RequiresRepublish modified: %v", csiDriver.Spec) - } - } else { - if csiDriver.Spec.TokenRequests != nil { - t.Errorf("TokenRequests stripped: %v", csiDriver.Spec) - } - if csiDriver.Spec.RequiresRepublish != nil { - t.Errorf("RequiresRepublish stripped: %v", csiDriver.Spec) - } - } }) } } @@ -227,7 +202,6 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) { enabled := true disabled := false gcp := "gcp" - vault := "vault" driverWithCapacityEnabled := &storage.CSIDriver{ ObjectMeta: metav1.ObjectMeta{ Name: "foo", @@ -253,29 +227,19 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) { RequiresRepublish: &enabled, }, } - driverWithServiceAccountTokenVault := &storage.CSIDriver{ - ObjectMeta: metav1.ObjectMeta{ - Name: "foo", - }, - Spec: storage.CSIDriverSpec{ - TokenRequests: []storage.TokenRequest{{Audience: vault}}, - RequiresRepublish: &enabled, - }, - } resultPersistent := []storage.VolumeLifecycleMode{storage.VolumeLifecyclePersistent} tests := []struct { - name string - old, update *storage.CSIDriver - csiStorageCapacityEnabled bool - csiInlineVolumeEnabled bool - csiServiceAccountTokenEnabled bool - wantCapacity *bool - wantModes []storage.VolumeLifecycleMode - wantTokenRequests []storage.TokenRequest - wantRequiresRepublish *bool - wantGeneration int64 + name string + old, update *storage.CSIDriver + csiStorageCapacityEnabled bool + csiInlineVolumeEnabled bool + wantCapacity *bool + wantModes []storage.VolumeLifecycleMode + wantTokenRequests []storage.TokenRequest + wantRequiresRepublish *bool + wantGeneration int64 }{ { name: "capacity feature enabled, before: none, update: enabled", @@ -316,25 +280,9 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) { wantModes: resultPersistent, }, { - name: "service account token feature enabled, before: none, update: audience=gcp", - csiServiceAccountTokenEnabled: true, - old: driverWithNothing, - update: driverWithServiceAccountTokenGCP, - wantTokenRequests: []storage.TokenRequest{{Audience: gcp}}, - wantRequiresRepublish: &enabled, - wantGeneration: 1, - }, - { - name: "service account token feature disabled, before: none, update: audience=gcp", + name: "service account token feature enabled, before: none, update: audience=gcp", old: driverWithNothing, update: driverWithServiceAccountTokenGCP, - wantTokenRequests: nil, - wantRequiresRepublish: nil, - }, - { - name: "service account token feature disabled, before: audience=vault, update: audience=gcp", - old: driverWithServiceAccountTokenVault, - update: driverWithServiceAccountTokenGCP, wantTokenRequests: []storage.TokenRequest{{Audience: gcp}}, wantRequiresRepublish: &enabled, wantGeneration: 1, @@ -345,7 +293,6 @@ func TestCSIDriverPrepareForUpdate(t *testing.T) { t.Run(test.name, func(t *testing.T) { defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIStorageCapacity, test.csiStorageCapacityEnabled)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, test.csiInlineVolumeEnabled)() - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIServiceAccountToken, test.csiServiceAccountTokenEnabled)() csiDriver := test.update.DeepCopy() Strategy.PrepareForUpdate(ctx, csiDriver, test.old) diff --git a/pkg/volume/csi/csi_mounter.go b/pkg/volume/csi/csi_mounter.go index 4193f121443..6c4077bf697 100644 --- a/pkg/volume/csi/csi_mounter.go +++ b/pkg/volume/csi/csi_mounter.go @@ -229,13 +229,11 @@ func (c *csiMountMgr) SetUpAt(dir string, mounterArgs volume.MounterArgs) error } // Inject pod service account token into volume attributes - if utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { - serviceAccountTokenAttrs, err := c.podServiceAccountTokenAttrs() - if err != nil { - return volumetypes.NewTransientOperationFailure(log("mounter.SetUpAt failed to get service accoount token attributes: %v", err)) - } - volAttribs = mergeMap(volAttribs, serviceAccountTokenAttrs) + serviceAccountTokenAttrs, err := c.podServiceAccountTokenAttrs() + if err != nil { + return volumetypes.NewTransientOperationFailure(log("mounter.SetUpAt failed to get service accoount token attributes: %v", err)) } + volAttribs = mergeMap(volAttribs, serviceAccountTokenAttrs) err = csi.NodePublishVolume( ctx, diff --git a/pkg/volume/csi/csi_mounter_test.go b/pkg/volume/csi/csi_mounter_test.go index a7fbdd9cac4..dc4ae225dff 100644 --- a/pkg/volume/csi/csi_mounter_test.go +++ b/pkg/volume/csi/csi_mounter_test.go @@ -938,7 +938,6 @@ func TestIsCorruptedDir(t *testing.T) { } func TestPodServiceAccountTokenAttrs(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIServiceAccountToken, true)() defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)() scheme := runtime.NewScheme() utilruntime.Must(pkgauthenticationv1.RegisterDefaults(scheme)) diff --git a/pkg/volume/csi/csi_plugin.go b/pkg/volume/csi/csi_plugin.go index e48b3d6deb7..70a57448511 100644 --- a/pkg/volume/csi/csi_plugin.go +++ b/pkg/volume/csi/csi_plugin.go @@ -339,9 +339,6 @@ func (p *csiPlugin) CanSupport(spec *volume.Spec) bool { } func (p *csiPlugin) RequiresRemount(spec *volume.Spec) bool { - if !utilfeature.DefaultFeatureGate.Enabled(features.CSIServiceAccountToken) { - return false - } if p.csiDriverLister == nil { return false } diff --git a/staging/src/k8s.io/api/storage/v1/generated.proto b/staging/src/k8s.io/api/storage/v1/generated.proto index a24e5df6449..9602c9098a7 100644 --- a/staging/src/k8s.io/api/storage/v1/generated.proto +++ b/staging/src/k8s.io/api/storage/v1/generated.proto @@ -182,9 +182,6 @@ message CSIDriverSpec { // most one token is empty string. To receive a new token after expiry, // RequiresRepublish can be used to trigger NodePublishVolume periodically. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional // +listType=atomic repeated TokenRequest tokenRequests = 6; @@ -197,9 +194,6 @@ message CSIDriverSpec { // to NodePublishVolume should only update the contents of the volume. New // mount points will not be seen by a running container. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional optional bool requiresRepublish = 7; } diff --git a/staging/src/k8s.io/api/storage/v1/types.go b/staging/src/k8s.io/api/storage/v1/types.go index d03a7417da0..d805e1539b0 100644 --- a/staging/src/k8s.io/api/storage/v1/types.go +++ b/staging/src/k8s.io/api/storage/v1/types.go @@ -381,9 +381,6 @@ type CSIDriverSpec struct { // most one token is empty string. To receive a new token after expiry, // RequiresRepublish can be used to trigger NodePublishVolume periodically. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional // +listType=atomic TokenRequests []TokenRequest `json:"tokenRequests,omitempty" protobuf:"bytes,6,opt,name=tokenRequests"` @@ -396,9 +393,6 @@ type CSIDriverSpec struct { // to NodePublishVolume should only update the contents of the volume. New // mount points will not be seen by a running container. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional RequiresRepublish *bool `json:"requiresRepublish,omitempty" protobuf:"varint,7,opt,name=requiresRepublish"` } diff --git a/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go index ea212e9f955..d3747dc8626 100644 --- a/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/storage/v1/types_swagger_doc_generated.go @@ -54,8 +54,8 @@ var map_CSIDriverSpec = map[string]string{ "volumeLifecycleModes": "volumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is \"Persistent\", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is \"Ephemeral\". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future. This field is beta.\n\nThis field is immutable.", "storageCapacity": "If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.\n\nThe check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.\n\nAlternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.\n\nThis field is immutable.\n\nThis is a beta field and only available when the CSIStorageCapacity feature is enabled. The default is false.", "fsGroupPolicy": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is beta, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.\n\nThis field is immutable.\n\nDefaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce.", - "tokenRequests": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"\": {\n \"token\": ,\n \"expirationTimestamp\": ,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.", - "requiresRepublish": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.", + "tokenRequests": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"\": {\n \"token\": ,\n \"expirationTimestamp\": ,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.", + "requiresRepublish": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.", } func (CSIDriverSpec) SwaggerDoc() map[string]string { diff --git a/staging/src/k8s.io/api/storage/v1beta1/generated.proto b/staging/src/k8s.io/api/storage/v1beta1/generated.proto index 6311e7ca4c8..f72ca6b237f 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/storage/v1beta1/generated.proto @@ -184,9 +184,6 @@ message CSIDriverSpec { // most one token is empty string. To receive a new token after expiry, // RequiresRepublish can be used to trigger NodePublishVolume periodically. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional // +listType=atomic repeated TokenRequest tokenRequests = 6; @@ -199,9 +196,6 @@ message CSIDriverSpec { // to NodePublishVolume should only update the contents of the volume. New // mount points will not be seen by a running container. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional optional bool requiresRepublish = 7; } diff --git a/staging/src/k8s.io/api/storage/v1beta1/types.go b/staging/src/k8s.io/api/storage/v1beta1/types.go index d1bcbffc6ab..9fe5646adc3 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/types.go +++ b/staging/src/k8s.io/api/storage/v1beta1/types.go @@ -402,9 +402,6 @@ type CSIDriverSpec struct { // most one token is empty string. To receive a new token after expiry, // RequiresRepublish can be used to trigger NodePublishVolume periodically. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional // +listType=atomic TokenRequests []TokenRequest `json:"tokenRequests,omitempty" protobuf:"bytes,6,opt,name=tokenRequests"` @@ -417,9 +414,6 @@ type CSIDriverSpec struct { // to NodePublishVolume should only update the contents of the volume. New // mount points will not be seen by a running container. // - // This is a beta feature and only available when the - // CSIServiceAccountToken feature is enabled. - // // +optional RequiresRepublish *bool `json:"requiresRepublish,omitempty" protobuf:"varint,7,opt,name=requiresRepublish"` } diff --git a/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go index b8d0f74a14c..9e1efa25b41 100644 --- a/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go +++ b/staging/src/k8s.io/api/storage/v1beta1/types_swagger_doc_generated.go @@ -54,8 +54,8 @@ var map_CSIDriverSpec = map[string]string{ "volumeLifecycleModes": "VolumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is \"Persistent\", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is \"Ephemeral\". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future.\n\nThis field is immutable.", "storageCapacity": "If set to true, storageCapacity indicates that the CSI volume driver wants pod scheduling to consider the storage capacity that the driver deployment will report by creating CSIStorageCapacity objects with capacity information.\n\nThe check can be enabled immediately when deploying a driver. In that case, provisioning new volumes with late binding will pause until the driver deployment has published some suitable CSIStorageCapacity object.\n\nAlternatively, the driver can be deployed with the field unset or false and it can be flipped later when storage capacity information has been published.\n\nThis field is immutable.\n\nThis is a beta field and only available when the CSIStorageCapacity feature is enabled. The default is false.", "fsGroupPolicy": "Defines if the underlying volume supports changing ownership and permission of the volume before being mounted. Refer to the specific FSGroupPolicy values for additional details. This field is beta, and is only honored by servers that enable the CSIVolumeFSGroupPolicy feature gate.\n\nThis field is immutable.\n\nDefaults to ReadWriteOnceWithFSType, which will examine each volume to determine if Kubernetes should modify ownership and permissions of the volume. With the default policy the defined fsGroup will only be applied if a fstype is defined and the volume's access mode contains ReadWriteOnce.", - "tokenRequests": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"\": {\n \"token\": ,\n \"expirationTimestamp\": ,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.", - "requiresRepublish": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.\n\nThis is a beta feature and only available when the CSIServiceAccountToken feature is enabled.", + "tokenRequests": "TokenRequests indicates the CSI driver needs pods' service account tokens it is mounting volume for to do necessary authentication. Kubelet will pass the tokens in VolumeContext in the CSI NodePublishVolume calls. The CSI driver should parse and validate the following VolumeContext: \"csi.storage.k8s.io/serviceAccount.tokens\": {\n \"\": {\n \"token\": ,\n \"expirationTimestamp\": ,\n },\n ...\n}\n\nNote: Audience in each TokenRequest should be different and at most one token is empty string. To receive a new token after expiry, RequiresRepublish can be used to trigger NodePublishVolume periodically.", + "requiresRepublish": "RequiresRepublish indicates the CSI driver wants `NodePublishVolume` being periodically called to reflect any possible change in the mounted volume. This field defaults to false.\n\nNote: After a successful initial NodePublishVolume call, subsequent calls to NodePublishVolume should only update the contents of the volume. New mount points will not be seen by a running container.", } func (CSIDriverSpec) SwaggerDoc() map[string]string {