Move Profiles to stable

Author: chrisThePattyEater

deploy/base/controller/controller.yaml

@@ -32,80 +32,31 @@ spec:
       serviceAccount: gcs-fuse-csi-controller-sa
       priorityClassName: csi-gcp-gcs-controller
       containers:
-        - name: liveness-probe
-          volumeMounts:
-            - mountPath: /csi
-              name: socket-dir
-          image: registry.k8s.io/sig-storage/livenessprobe
-          imagePullPolicy: IfNotPresent
-          args:
-            - --csi-address=/csi/csi.sock
-            - --probe-timeout=3s
-            - --health-port=29633
-            - --v=2
-          resources:
-            limits:
-              cpu: 50m
-              memory: 100Mi
-            requests:
-              cpu: 10m
-              memory: 20Mi
-        - name: csi-external-provisioner
-          image: registry.k8s.io/sig-storage/csi-provisioner
-          imagePullPolicy: IfNotPresent
-          args:
-            - "--v=5"
-            - "--csi-address=/csi/csi.sock"
-            - "--timeout=250s"
-            - "--extra-create-metadata"
-            - "--http-endpoint=:22021"
-            - "--leader-election-namespace=$(CLOUDSTORAGECSI_NAMESPACE)"
-            - "--leader-election"
-            - "--retry-interval-max=60s"
-          resources:
-            limits:
-              cpu: 100m
-              memory: 200Mi
-            requests:
-              cpu: 10m
-              memory: 20Mi
-          env:
-            - name: CLOUDSTORAGECSI_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          ports:
-            - containerPort: 22021
-              name: http-endpoint
-              protocol: TCP
-          livenessProbe:
-            failureThreshold: 1
-            httpGet:
-              path: /healthz/leader-election
-              port: http-endpoint
-            initialDelaySeconds: 10
-            timeoutSeconds: 10
-            periodSeconds: 20
-          volumeMounts:
-            - name: socket-dir
-              mountPath: /csi
         - name: gcs-fuse-csi-driver
           image: gke.gcr.io/gcs-fuse-csi-driver
-          imagePullPolicy: IfNotPresent
+          imagePullPolicy: Always
           args:
             - "--v=5"
             - "--endpoint=unix:/csi/csi.sock"
             - "--nodeid=$(KUBE_NODE_NAME)"
             - "--controller=true"
+            - "--enable-gcsfuse-profiles=true"
+            - "--dataflux-batch-size=25000"
+            - "--dataflux-parallelism=0"
+            - "--leader-election=true"
+            - "--leader-election-namespace=$(CLOUDSTORAGECSI_NAMESPACE)"
+            - "--cluster-location=$(CLUSTER_LOCATION)"
+            - "--project-number=$(PROJECT_NUMBER)"
+            - "--http-endpoint=:29633"
           ports:
             - containerPort: 29633
-              name: healthz
+              name: http-endpoint
               protocol: TCP
           livenessProbe:
             failureThreshold: 5
             httpGet:
-              path: /healthz
-              port: healthz
+              path: /healthz/leader-election
+              port: http-endpoint
             initialDelaySeconds: 30
             timeoutSeconds: 10
             periodSeconds: 30
@@ -121,6 +72,20 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: spec.nodeName
+            - name: CLOUDSTORAGECSI_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: CLUSTER_LOCATION
+              valueFrom:
+                configMapKeyRef:
+                  name: gcsfusecsi-profiles-config
+                  key: cluster-location
+            - name: PROJECT_NUMBER
+              valueFrom:
+                configMapKeyRef:
+                  name: gcsfusecsi-profiles-config
+                  key: project-number
           volumeMounts:
             - name: socket-dir
               mountPath: /csi

deploy/base/controller/controller_setup.yaml

@@ -100,4 +100,42 @@ subjects:
 roleRef:
   kind: Role
   name: gcs-fuse-csi-leaderelection-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gcs-fuse-csi-bucket-scanner-role
+rules:
+# Required to remove Pod scheduling gates.
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch", "patch"]
+# Required to patch PV annotations.
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch", "patch"]
+# Required to map PVC to PV from Pod.
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+# Required to get gcsfuse profile configs.
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+# Required to get node zone to enable AnyC.
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gcs-fuse-csi-bucket-scanner-rolebinding
+subjects:
+  - kind: ServiceAccount
+    name: gcs-fuse-csi-controller-sa
+roleRef:
+  kind: ClusterRole
+  name: gcs-fuse-csi-bucket-scanner-role
   apiGroup: rbac.authorization.k8s.io

deploy/base/node/node.yaml

@@ -46,7 +46,7 @@ spec:
             privileged: true
             readOnlyRootFilesystem: true
           image: gke.gcr.io/gcs-fuse-csi-driver
-          imagePullPolicy: IfNotPresent
+          imagePullPolicy: Always
           args:
             - --v=5
             - --endpoint=unix:/csi/csi.sock
@@ -58,6 +58,8 @@ spec:
             - --max-metric-collectors=10
             - --enable-sidecar-bucket-access-check=true
             - --enable-gcsfuse-kernel-params=true
+            - --enable-gcsfuse-profiles=true
+            - --enable-gcsfuse-profiles-internal=true
           ports:
           - containerPort: 9920
             name: metrics

deploy/base/node/node_setup.yaml

@@ -42,6 +42,14 @@ rules:
   - apiGroups: [""]
     resources: ["serviceaccounts"]
     verbs: ["get"]
+# Required to read PV annotations.
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch"]
+# Required to get gcsfuse profile configs.
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

deploy/base/setup/kustomization.yaml

@@ -18,4 +18,5 @@ kind: Kustomization
 namespace: gcs-fuse-csi-driver
 resources:
 - cluster_setup.yaml
-- csi_driver.yaml
+- csi_driver.yaml
+- storageclass.yaml

deploy/base/setup/storageclass.yaml

@@ -0,0 +1,73 @@
+# Copyright 2018 The Kubernetes Authors.
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: gcsfusecsi-training
+  labels:
+    gke-gcsfuse/profile: "true"
+provisioner: gcsfuse.csi.storage.gke.io
+mountOptions:
+  - profile:aiml-training
+parameters:
+  skipCSIBucketAccessCheck: "true"
+  gcsfuseMetadataPrefetchOnMount: "true"
+  fuseFileCacheMediumPriority: "gpu:ram|lssd,tpu:ram,general_purpose:ram|lssd"
+  fuseMemoryAllocatableFactor: "0.7"
+  fuseEphemeralStorageAllocatableFactor: "0.85"
+  bucketScanResyncPeriod: "168h"
+  bucketScanTimeout: "2m"
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: gcsfusecsi-serving
+  labels:
+    gke-gcsfuse/profile: "true"
+provisioner: gcsfuse.csi.storage.gke.io
+mountOptions:
+  - profile:aiml-serving
+  - read_ahead_kb=1024
+parameters:
+  anywhereCacheZones: "*"
+  anywhereCacheAdmissionPolicy: "admit-on-first-miss"
+  anywhereCacheTTL: "1h"
+  skipCSIBucketAccessCheck: "true"
+  gcsfuseMetadataPrefetchOnMount: "true"
+  fuseFileCacheMediumPriority: "gpu:ram|lssd,tpu:ram,general_purpose:ram|lssd"
+  fuseMemoryAllocatableFactor: "0.7"
+  fuseEphemeralStorageAllocatableFactor: "0.85"
+  bucketScanResyncPeriod: "168h"
+  bucketScanTimeout: "2m"
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: gcsfusecsi-checkpointing
+  labels:
+    gke-gcsfuse/profile: "true"
+provisioner: gcsfuse.csi.storage.gke.io
+mountOptions:
+  - profile:aiml-checkpointing
+  - read_ahead_kb=1024
+parameters:
+  skipCSIBucketAccessCheck: "true"
+  gcsfuseMetadataPrefetchOnMount: "true"
+  fuseFileCacheMediumPriority: "gpu:ram|lssd,tpu:ram,general_purpose:ram|lssd"
+  fuseMemoryAllocatableFactor: "0.7"
+  fuseEphemeralStorageAllocatableFactor: "0.85"
+  bucketScanResyncPeriod: "168h"
+  bucketScanTimeout: "2m"

deploy/base/webhook/deployment.yaml

@@ -60,9 +60,10 @@ spec:
             - --port=22030
             - --health-probe-bind-address=:22031
             - --should-inject-sa-vol=true
+            - --enable-gcsfuse-profiles=true
           env:
             - name: SIDECAR_IMAGE_PULL_POLICY
-              value: "IfNotPresent"
+              value: "Always"
             - name: SIDECAR_IMAGE
               valueFrom:
                 configMapKeyRef:

deploy/base/webhook/webhook_setup.yaml

@@ -36,6 +36,9 @@ rules:
   - apiGroups: [""]
     resources: ["nodes", "persistentvolumes", "persistentvolumeclaims", "configmaps"]
     verbs: ["get","list","watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get","list","watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding