Update to version 1.2.0

Dockerfile

@@ -24,7 +24,7 @@ FROM alpine:latest
 LABEL maintainers="Synology Authors" \
       description="Synology CSI Plugin"
 
-RUN apk add --no-cache e2fsprogs e2fsprogs-extra xfsprogs xfsprogs-extra blkid util-linux iproute2 bash btrfs-progs ca-certificates cifs-utils
+RUN apk add --no-cache e2fsprogs e2fsprogs-extra xfsprogs xfsprogs-extra blkid util-linux iproute2 bash btrfs-progs ca-certificates cifs-utils nfs-utils
 
 # Create symbolic link for chroot.sh
 WORKDIR /

Makefile

@@ -2,7 +2,7 @@
 
 REGISTRY_NAME=synology
 IMAGE_NAME=synology-csi
-IMAGE_VERSION=v1.1.3
+IMAGE_VERSION=v1.2.0
 IMAGE_TAG=$(REGISTRY_NAME)/$(IMAGE_NAME):$(IMAGE_VERSION)
 
 # For now, only build linux/amd64 platform

README.md

@@ -6,7 +6,7 @@ The official [Container Storage Interface](https://github.com/container-storage-
 Driver Name: csi.san.synology.com
 | Driver Version                                                                   | Image                                                                 | Supported K8s Version |
 | -------------------------------------------------------------------------------- | --------------------------------------------------------------------- | --------------------- |
-| [v1.1.3](https://github.com/SynologyOpenSource/synology-csi/tree/release-v1.1.3) | [synology-csi:v1.1.3](https://hub.docker.com/r/synology/synology-csi) | 1.20+                 |
+| [v1.2.0](https://github.com/SynologyOpenSource/synology-csi/tree/release-v1.2.0) | [synology-csi:v1.2.0](https://hub.docker.com/r/synology/synology-csi) | 1.20+                 |
 
 
 
@@ -158,17 +158,36 @@ Create and apply StorageClasses with the properties you want.
     allowVolumeExpansion: true
     ```
 
+    **NFS Protocol**
+    ```
+    apiVersion: storage.k8s.io/v1
+    kind: StorageClass
+    metadata:
+      name: synostorage-nfs
+    provisioner: csi.san.synology.com
+    parameters:
+      protocol: "nfs"
+      dsm: "192.168.1.1"
+      location: '/volume1'
+      mountPermissions: '0755'
+    mountOptions:
+      - nfsvers=4.1
+    reclaimPolicy: Delete
+    allowVolumeExpansion: true
+    ```
+
 2. Configure the StorageClass properties by assigning the parameters in the table. You can also leave blank if you don’t have a preference:
 
     | Name                                             | Type   | Description                                                                                                                                                        | Default | Supported protocols |
     | ------------------------------------------------ | ------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | ------------------- |
-    | *dsm*                                            | string | The IPv4 address of your DSM, which must be included in the `client-info.yml` for the CSI driver to log in to DSM                                                  | -       | iSCSI, SMB          |
-    | *location*                                       | string | The location (/volume1, /volume2, ...) on DSM where the LUN for *PersistentVolume* will be created                                                                 | -       | iSCSI, SMB          |
+    | *dsm*                                            | string | The IPv4 address of your DSM, which must be included in the `client-info.yml` for the CSI driver to log in to DSM                                                  | -       | iSCSI, SMB, NFS     |
+    | *location*                                       | string | The location (/volume1, /volume2, ...) on DSM where the LUN for *PersistentVolume* will be created                                                                 | -       | iSCSI, SMB, NFS     |
     | *fsType*                                         | string | The formatting file system of the *PersistentVolumes* when you mount them on the pods. This parameter only works with iSCSI. For SMB, the fsType is always ‘cifs‘. | 'ext4'  | iSCSI               |
-    | *protocol*                                       | string | The storage backend protocol. Enter ‘iscsi’ to create LUNs or ‘smb‘ to create shared folders on DSM.                                                               | 'iscsi' | iSCSI, SMB          |
-    | *formatOptions*                                  | string | Additional options/arguments passed to `mkfs.*` command. See a linux manual that corresponds with your FS of choice.                                             | -       | iSCSI               |
+    | *protocol*                                       | string | The storage backend protocol. Enter ‘iscsi’ to create LUNs, or ‘smb‘ or 'nfs' to create shared folders on DSM.                                                     | 'iscsi' | iSCSI, SMB, NFS     |
+    | *formatOptions*                                  | string | Additional options/arguments passed to `mkfs.*` command. See a linux manual that corresponds with your FS of choice.                                               | -       | iSCSI               |
     | *csi.storage.k8s.io/node-stage-secret-name*      | string | The name of node-stage-secret. Required if DSM shared folder is accessed via SMB.                                                                                  | -       | SMB                 |
     | *csi.storage.k8s.io/node-stage-secret-namespace* | string | The namespace of node-stage-secret. Required if DSM shared folder is accessed via SMB.                                                                             | -       | SMB                 |
+    | *mountPermissions*                               | string | Mounted folder permissions. If set as non-zero, driver will perform `chmod` after mount                                                                            | '0750'  | NFS                 |
 
     **Notice**
 

deploy/example/storageclass-nfs.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: synology-nfs-storage
+provisioner: csi.san.synology.com
+parameters:
+  protocol: "nfs" # required for nfs protocol
+  mountPermissions: '0777'
+  # dsm: "1.1.1.1"
+  # location: '/volume1'
+mountOptions:
+  - nfsvers=4 #3,4,4.1
+reclaimPolicy: Delete
+allowVolumeExpansion: true

deploy/helm/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v1.1.3
+appVersion: v1.2.0
 name: synology-csi
 description: A Helm chart for the Synology CSI Driver
 keywords:

deploy/kubernetes/v1.19/controller.yml

@@ -144,7 +144,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: synology/synology-csi:v1.1.3
+          image: synology/synology-csi:v1.2.0
           args:
             - --nodeid=NotUsed
             - --endpoint=$(CSI_ENDPOINT)

deploy/kubernetes/v1.19/node.yml

@@ -86,7 +86,7 @@ spec:
           securityContext:
             privileged: true
           imagePullPolicy: IfNotPresent
-          image: synology/synology-csi:v1.1.3
+          image: synology/synology-csi:v1.2.0
           args:
             - --nodeid=$(KUBE_NODE_NAME)
             - --endpoint=$(CSI_ENDPOINT)

deploy/kubernetes/v1.19/snapshotter/snapshotter.yaml

@@ -81,7 +81,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: synology/synology-csi:v1.1.3
+          image: synology/synology-csi:v1.2.0
           args:
             - --nodeid=NotUsed
             - --endpoint=$(CSI_ENDPOINT)

deploy/kubernetes/v1.20/controller.yml

@@ -144,7 +144,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: synology/synology-csi:v1.1.3
+          image: synology/synology-csi:v1.2.0
           args:
             - --nodeid=NotUsed
             - --endpoint=$(CSI_ENDPOINT)

deploy/kubernetes/v1.20/node.yml

@@ -86,7 +86,7 @@ spec:
           securityContext:
             privileged: true
           imagePullPolicy: IfNotPresent
-          image: synology/synology-csi:v1.1.3
+          image: synology/synology-csi:v1.2.0
           args:
             - --nodeid=$(KUBE_NODE_NAME)
             - --endpoint=$(CSI_ENDPOINT)

deploy/kubernetes/v1.20/snapshotter/snapshotter.yaml

@@ -81,7 +81,7 @@ spec:
             capabilities:
               add: ["SYS_ADMIN"]
             allowPrivilegeEscalation: true
-          image: synology/synology-csi:v1.1.3
+          image: synology/synology-csi:v1.2.0
           args:
             - --nodeid=NotUsed
             - --endpoint=$(CSI_ENDPOINT)

pkg/driver/controllerserver.go

@@ -69,6 +69,18 @@ func (cs *controllerServer) isVolumeAccessModeSupport(mode csi.VolumeCapability_
 	return false
 }
 
+func parseNfsVesrion(ops []string) string {
+	for _, op := range ops {
+		if strings.HasPrefix(op, "nfsvers") {
+			kvpair := strings.Split(op, "=")
+			if len(kvpair) == 2 {
+				return kvpair[1]
+			}
+		}
+	}
+	return ""
+}
+
 func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequest) (*csi.CreateVolumeResponse, error) {
 	sizeInByte, err := getSizeByCapacityRange(req.GetCapacityRange())
 	volName, volCap := req.GetName(), req.GetVolumeCapabilities()
@@ -89,7 +101,7 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 	if volCap == nil {
 		return nil, status.Errorf(codes.InvalidArgument, "No volume capabilities are provided")
 	}
-
+	var mountOptions []string
 	for _, cap := range volCap {
 		accessMode := cap.GetAccessMode().GetMode()
 
@@ -102,6 +114,10 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 		} else if accessMode == csi.VolumeCapability_AccessMode_MULTI_NODE_MULTI_WRITER {
 			multiSession = true
 		}
+
+		if mount := cap.GetMount(); mount != nil {
+			mountOptions = mount.GetMountFlags()
+		}
 	}
 
 	if volContentSrc != nil {
@@ -129,8 +145,15 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 	}
 
 	// not needed during CreateVolume method
-	// used only in NodeStageVolume though VolumeContext
+	// used only in NodeStageVolume through VolumeContext
 	formatOptions := params["formatOptions"]
+	mountPermissions := params["mountPermissions"]
+	// check mountPermissions valid
+	if mountPermissions != "" {
+		if _, err := strconv.ParseUint(mountPermissions, 8, 32); err != nil {
+			return nil, status.Errorf(codes.InvalidArgument, fmt.Sprintf("invalid mountPermissions %s in storage class", mountPermissions))
+		}
+	}
 
 	lunDescription := ""
 	if _, ok := params["csi.storage.k8s.io/pvc/name"]; ok {
@@ -141,6 +164,11 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 		lunDescription = pvcNamespace + "/" + pvcName
 	}
 
+	nfsVer := parseNfsVesrion(mountOptions)
+	if nfsVer != "" && !isNfsVersionAllowed(nfsVer) {
+		return nil, status.Errorf(codes.InvalidArgument, "Unsupported nfsvers: %s", nfsVer)
+	}
+
 	spec := &models.CreateK8sVolumeSpec{
 		DsmIp:            params["dsm"],
 		K8sVolumeName:    volName,
@@ -156,6 +184,7 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 		SourceSnapshotId: srcSnapshotId,
 		SourceVolumeId:   srcVolumeId,
 		Protocol:         protocol,
+		NfsVersion:       nfsVer,
 	}
 
 	// idempotency
@@ -172,7 +201,8 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 	}
 
 	if (k8sVolume.Protocol == utils.ProtocolIscsi && k8sVolume.SizeInBytes != sizeInByte) ||
-		(k8sVolume.Protocol == utils.ProtocolSmb && utils.BytesToMB(k8sVolume.SizeInBytes) != utils.BytesToMBCeil(sizeInByte)) {
+		(k8sVolume.Protocol == utils.ProtocolSmb && utils.BytesToMB(k8sVolume.SizeInBytes) != utils.BytesToMBCeil(sizeInByte)) ||
+		(k8sVolume.Protocol == utils.ProtocolNfs && utils.BytesToMB(k8sVolume.SizeInBytes) != utils.BytesToMBCeil(sizeInByte)) {
 		return nil, status.Errorf(codes.AlreadyExists, "Already existing volume name with different capacity")
 	}
 
@@ -182,10 +212,12 @@ func (cs *controllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol
 			CapacityBytes: k8sVolume.SizeInBytes,
 			ContentSource: volContentSrc,
 			VolumeContext: map[string]string{
-				"dsm":           k8sVolume.DsmIp,
-				"protocol":      k8sVolume.Protocol,
-				"source":        k8sVolume.Source,
-				"formatOptions": formatOptions,
+				"dsm":              k8sVolume.DsmIp,
+				"protocol":         k8sVolume.Protocol,
+				"source":           k8sVolume.Source,
+				"formatOptions":    formatOptions,
+				"mountPermissions": mountPermissions,
+				"baseDir":          k8sVolume.BaseDir,
 			},
 		},
 	}, nil

pkg/driver/driver.go

@@ -25,12 +25,13 @@ import (
 
 const (
 	DriverName = "csi.san.synology.com" // CSI dirver name
-	DriverVersion = "1.1.3"
+	DriverVersion = "1.2.0"
 )
 
 var (
 	MultipathEnabled = true
-	supportedProtocolList = []string{utils.ProtocolIscsi, utils.ProtocolSmb}
+	supportedProtocolList = []string{utils.ProtocolIscsi, utils.ProtocolSmb, utils.ProtocolNfs}
+	allowedNfsVersionList = []string{"3", "4", "4.0", "4.1"}
 )
 
 type IDriver interface {
@@ -139,3 +140,7 @@ func (d *Driver) getVolumeCapabilityAccessModes() []*csi.VolumeCapability_Access
 func isProtocolSupport(protocol string) bool {
 	return utils.SliceContains(supportedProtocolList, protocol)
 }
+
+func isNfsVersionAllowed(ver string) bool {
+	return utils.SliceContains(allowedNfsVersionList, ver)
+}

pkg/driver/nfs_utils.go

@@ -0,0 +1,40 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package driver
+
+import (
+	"os"
+	log "github.com/sirupsen/logrus"
+)
+
+// chmodIfPermissionMismatch only perform chmod when permission mismatches
+func chmodIfPermissionMismatch(targetPath string, mode os.FileMode) error {
+	info, err := os.Lstat(targetPath)
+	if err != nil {
+		return err
+	}
+	perm := info.Mode() & os.ModePerm
+	if perm != mode {
+		log.Infof("chmod targetPath(%s, mode:0%o) with permissions(0%o)", targetPath, info.Mode(), mode)
+		if err := os.Chmod(targetPath, mode); err != nil {
+			return err
+		}
+	} else {
+		log.Infof("skip chmod on targetPath(%s) since mode is already 0%o)", targetPath, info.Mode())
+	}
+	return nil
+}