From 67d4ffadae0c754f30bb226361f64166418367ec Mon Sep 17 00:00:00 2001
From: Jiafeng Liao <jliao@purestorage.com>
Date: Wed, 8 Apr 2020 13:15:31 -0700
Subject: [PATCH] CSI volume expansion support

---
 operator-csi-plugin/install.sh       | 32 +++++++++++--------
 pure-csi/templates/node.yaml         |  1 +
 pure-csi/templates/provisioner.yaml  | 17 ++++++++++
 pure-csi/templates/rbac.yaml         | 46 ++++++++++++++++++++++++++++
 pure-csi/templates/storageclass.yaml | 12 ++++++++
 pure-csi/values.yaml                 |  4 +++
 6 files changed, 100 insertions(+), 12 deletions(-)

diff --git a/operator-csi-plugin/install.sh b/operator-csi-plugin/install.sh
index 391f845..8e0eaf4 100755
--- a/operator-csi-plugin/install.sh
+++ b/operator-csi-plugin/install.sh
@@ -204,6 +204,7 @@ rules:
     - \"list\"
     - \"watch\"
     - \"update\"
+    - \"patch\"
   - apiGroups:
     - \"\"
     resources:
@@ -213,6 +214,13 @@ rules:
     - \"list\"
     - \"update\"
     - \"watch\"
+  - apiGroups:
+    - \"\"
+    resources:
+    - persistentvolumeclaims/status
+    verbs:
+    - \"update\"
+    - \"patch\"
   - apiGroups:
     - storage.k8s.io
     resources:
@@ -267,15 +275,15 @@ rules:
     - \"get\"
     - \"list\"
     - \"watch\"
-  - apiGroups: 
+  - apiGroups:
     - storage.k8s.io
-    resources: 
+    resources:
     - \"csinodes\"
-    verbs: 
+    verbs:
     - \"get\"
     - \"list\"
     - \"watch\"
-  - apiGroups: 
+  - apiGroups:
     - \"\"
     resources:
     - \"nodes\"
@@ -283,24 +291,24 @@ rules:
     - \"get\"
     - \"list\"
     - \"watch\"
-# Need the same permissions as driver-registrar-runner clusterrole to be able to create it. Only for K8s 1.13
-  - apiGroups: 
+# Need the same permissions as driver-registrat-runner clusterrole to be able to create it. Only for K8s 1.13
+  - apiGroups:
     - \"apiextensions.k8s.io\"
-    resources: 
+    resources:
     - \"customresourcedefinitions\"
-    verbs: 
+    verbs:
     - \"*\"
-  - apiGroups: 
+  - apiGroups:
     - \"csi.storage.k8s.io\"
     resources:
     - \"csidrivers\"
-    verbs: 
+    verbs:
     - \"*\"
-  - apiGroups: 
+  - apiGroups:
     - \"storage.k8s.io\"
     resources:
     - \"csidrivers\"
-    verbs: 
+    verbs:
     - \"*\"
 
 # Need the same permissions as pure-topology-runner clusterrole to be able to create it.
diff --git a/pure-csi/templates/node.yaml b/pure-csi/templates/node.yaml
index dd36cb4..cf6a430 100644
--- a/pure-csi/templates/node.yaml
+++ b/pure-csi/templates/node.yaml
@@ -76,6 +76,7 @@ spec:
         app: pure-csi
 {{ include "pure_csi.labels" . | indent 8}}
     spec:
+      serviceAccountName: {{ .Values.clusterrolebinding.serviceAccount.name }}
       hostNetwork: true
       hostPID: true
       containers:
diff --git a/pure-csi/templates/provisioner.yaml b/pure-csi/templates/provisioner.yaml
index e1cb494..9100c14 100644
--- a/pure-csi/templates/provisioner.yaml
+++ b/pure-csi/templates/provisioner.yaml
@@ -97,6 +97,23 @@ spec:
             - name: socket-dir
               mountPath: /csi
 {{- end }}
+# The csi-resizer sidecar that watches the Kubernetes API server for PersistentVolumeClaim updates.
+# Does not scale with more replicas, only one is elected as leader and running.
+# PSO requires K8s 1.16+ for CSI VolumeExpansion
+{{ if and (eq .Capabilities.KubeVersion.Major "1") (gt .Capabilities.KubeVersion.Minor "15") }}
+        - name: csi-resizer
+          {{- with .Values.csi.resizer.image }}
+          image: {{ .name | default "quay.io/k8scsi/csi-resizer" }}:v0.5.0
+          imagePullPolicy: {{ .pullPolicy }}
+          {{- end }}
+          args:
+            - "--csi-address=/csi/csi.sock"
+            - "--csiTimeout=15s"
+            - "--leader-election=false"
+          volumeMounts:
+            - name: socket-dir
+              mountPath: /csi
+{{ end }}
 # This is the cluster-driver-registrar sidecar that allows helm-install without CRD-hooks for the CSIDriver CRD
 # The reason we do not want a crd-hook with helm-chart is to avoid upgrade issues like: https://github.com/helm/helm/issues/4489
 {{ if and (eq .Capabilities.KubeVersion.Major "1") (eq .Capabilities.KubeVersion.Minor "13") }}
diff --git a/pure-csi/templates/rbac.yaml b/pure-csi/templates/rbac.yaml
index 8e0e990..6289630 100644
--- a/pure-csi/templates/rbac.yaml
+++ b/pure-csi/templates/rbac.yaml
@@ -174,3 +174,49 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
 
 {{ end }}
+
+{{ if and (eq .Capabilities.KubeVersion.Major "1") (gt .Capabilities.KubeVersion.Minor "15") }}
+# PSO requires K8s 1.16+ for CSI VolumeExpansion
+# This file is downloaded from https://github.com/kubernetes-csi/external-resizer/blob/master/deploy/kubernetes/rbac.yaml
+---
+kind: ClusterRole
+apiVersion: {{ template "rbac.apiVersion" . }}
+metadata:
+  name: external-resizer-runner
+  labels:
+{{ include "pure_csi.labels" . | indent 4}}
+rules:
+  # The following rule should be uncommented for plugins that require secrets
+  # for provisioning.
+  # - apiGroups: [""]
+  #   resources: ["secrets"]
+  #   verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["update", "patch"]
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["list", "watch", "create", "update", "patch"]
+---
+
+kind: ClusterRoleBinding
+apiVersion: {{ template "rbac.apiVersion" . }}
+metadata:
+  name: csi-resizer-role
+  labels:
+{{ include "pure_csi.labels" . | indent 4}}
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.clusterrolebinding.serviceAccount.name }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: external-resizer-runner
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}
diff --git a/pure-csi/templates/storageclass.yaml b/pure-csi/templates/storageclass.yaml
index 0f9db76..b97b0ae 100644
--- a/pure-csi/templates/storageclass.yaml
+++ b/pure-csi/templates/storageclass.yaml
@@ -15,6 +15,10 @@ parameters:
   csi.storage.k8s.io/fstype: {{ .Values.flasharray.defaultFSType | default "xfs" | quote }}
   createoptions: {{ .Values.flasharray.defaultFSOpt | default "-q" | quote }}
 {{- end }}
+# PSO requires K8s 1.16+ for CSI VolumeExpansion
+{{ if and (eq .Capabilities.KubeVersion.Major "1") (gt .Capabilities.KubeVersion.Minor "15") }}
+allowVolumeExpansion: true
+{{ end }}
 {{- if eq .Values.storageclass.pureBackend "file"}}
 mountOptions:
 {{- else -}}
@@ -40,6 +44,10 @@ metadata:
 provisioner: pure-csi # This must match the name of the CSIDriver. And the name of the CSI plugin from the RPC 'GetPluginInfo'
 parameters:
     backend: file
+# PSO requires K8s 1.16+ for CSI VolumeExpansion
+{{ if and (eq .Capabilities.KubeVersion.Major "1") (gt .Capabilities.KubeVersion.Minor "15") }}
+allowVolumeExpansion: true
+{{ end }}
 ---
 kind: StorageClass
 apiVersion: storage.k8s.io/v1
@@ -53,6 +61,10 @@ parameters:
   backend: block
   csi.storage.k8s.io/fstype: xfs
   createoptions: -q
+# PSO requires K8s 1.16+ for CSI VolumeExpansion
+{{ if and (eq .Capabilities.KubeVersion.Major "1") (gt .Capabilities.KubeVersion.Minor "15") }}
+allowVolumeExpansion: true
+{{ end }}
 # support either string or list for .Values.flasharray.defaultMountOpt
 {{- if or (kindIs "array" .Values.flasharray.defaultMountOpt) (kindIs "slice" .Values.flasharray.defaultMountOpt) }}
 mountOptions:
diff --git a/pure-csi/values.yaml b/pure-csi/values.yaml
index 2fadf04..05829d0 100644
--- a/pure-csi/values.yaml
+++ b/pure-csi/values.yaml
@@ -16,6 +16,10 @@ csi:
     image:
       name: quay.io/k8scsi/csi-snapshotter
       pullPolicy: Always
+  resizer:
+    image:
+      name: quay.io/k8scsi/csi-resizer
+      pullPolicy: Always
   clusterDriverRegistrar:
     image:
       name: quay.io/k8scsi/csi-cluster-driver-registrar