Adding Snapshotting Functionality

Author: FarnazBGH

.github/workflows/pr-check.yaml

@@ -8,7 +8,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
@@ -25,7 +25,7 @@ jobs:
           go-version: "^1.15"
 
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Cache
         uses: actions/cache@v3

.github/workflows/release.yaml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Cache
         uses: actions/cache@v3
@@ -32,7 +32,7 @@ jobs:
         run: make container
 
       - name: Log into registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{github.actor}}
@@ -77,7 +77,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Create manifest
         run: |

Makefile

@@ -31,7 +31,7 @@ clean:
 .PHONY: build-%
 $(CMDS:%=build-%): build-%:
 	mkdir -p bin 
-	CGO_ENABLED=0 go build -ldflags '$(FULL_LDFLAGS)' -o "./bin/$*" ./cmd/$*
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags '$(FULL_LDFLAGS)' -o "./bin/$*" ./cmd/$*
 
 .PHONY: container-%
 $(CMDS:%=container-%): container-%: build-%

deploy/k8s/controller-deployment.yaml

@@ -1,3 +1,5 @@
+# In this YAML file CloudStack CSI Controller contains the following sidecars:
+# external-attacher, external-provisioner, external-snapshotter, liveness-probe
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -105,6 +107,26 @@ spec:
             - name: socket-dir
               mountPath: /var/lib/csi/sockets/pluginproxy/
 
+        - name: external-snapshotter
+          image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.1
+          imagePullPolicy: IfNotPresent
+          args:
+          - --v=4
+          - --csi-address=$(ADDRESS)
+          - --timeout=300s
+          - --leader-election
+          - --leader-election-lease-duration=120s
+          - --leader-election-renew-deadline=60s
+          - --leader-election-retry-period=30s
+          - --kube-api-qps=100
+          - --kube-api-burst=100
+          env:
+          - name: ADDRESS
+            value: /var/lib/csi/sockets/pluginproxy/csi.sock
+          volumeMounts:
+          - mountPath: /var/lib/csi/sockets/pluginproxy/
+            name: socket-dir
+
         - name: liveness-probe
           image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0
           args:

deploy/k8s/rbac.yaml

@@ -49,3 +49,46 @@ roleRef:
   kind: ClusterRole
   name: cloudstack-csi-controller-role
   apiGroup: rbac.authorization.k8s.io
+
+---
+# external snapshotter
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-snapshotter-role
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+  # Secret permission is optional.
+  # Enable it if your driver needs secret.
+  # For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass.
+  # See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details.
+  #  - apiGroups: [""]
+  #    resources: ["secrets"]
+  #    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["get", "watch", "list", "delete", "update", "create"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: csi-snapshotter-binding
+subjects:
+  - kind: ServiceAccount
+    name: cloudstack-csi-controller
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: csi-snapshotter-role
+  apiGroup: rbac.authorization.k8s.io

examples/k8s/pod.yaml

@@ -6,6 +6,8 @@ spec:
   containers:
     - name: example
       image: busybox
+      command: ["/bin/sh"]
+      args: ["-c", "while true; do date >> /data/date.txt; sleep 5; done"]
       volumeMounts:
         - mountPath: "/data"
           name: example-volume

examples/k8s/snapshot/0-volumestorageclass.yaml

@@ -0,0 +1,6 @@
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshotClass
+metadata:
+  name: csi-cloudstack-snapclass
+deletionPolicy: Delete
+driver: csi.cloudstack.apache.org

examples/k8s/snapshot/pod-with-snapshot-data.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example-pod-from-snapshot-data
+spec:
+  containers:
+    - name: example
+      image: busybox
+      volumeMounts:
+        - mountPath: "/data"
+          name: example-volume
+      stdin: true
+      stdinOnce: true
+      tty: true
+  volumes:
+    - name: example-volume
+      persistentVolumeClaim:
+        claimName: pvc-from-snapshot

examples/k8s/snapshot/pvc-from-snapshot.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pvc-from-snapshot
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: cloudstack-custom
+  resources:
+    requests:
+      storage: 1Gi
+  dataSource:
+    kind: VolumeSnapshot
+    name: example-snapshot
+    apiGroup: snapshot.storage.k8s.io

examples/k8s/snapshot/volumesnapshot.yaml

@@ -0,0 +1,8 @@
+apiVersion: snapshot.storage.k8s.io/v1
+kind: VolumeSnapshot
+metadata:
+  name: example-snapshot
+spec:
+  volumeSnapshotClassName: csi-cloudstack-snapclass
+  source:
+    persistentVolumeClaimName: example-pvc