From d20065f6e6788e30ea9ea15982572192e2e2c177 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Fri, 13 Mar 2026 15:03:13 +0100 Subject: [PATCH] Allow azure-disk sidecars to read VolumeAttributeClasses The driver supports volume modification and thus the sidecars need to be able to read VACs. --- .../generated/hypershift/manifests.yaml | 2 ++ ...butesclass_reader_provisioner_binding.yaml | 19 +++++++++++++++++++ ...ttributesclass_reader_resizer_binding.yaml | 19 +++++++++++++++++++ .../generated/standalone/manifests.yaml | 2 ++ ...butesclass_reader_provisioner_binding.yaml | 19 +++++++++++++++++++ ...ttributesclass_reader_resizer_binding.yaml | 19 +++++++++++++++++++ pkg/driver/azure-disk/azure_disk.go | 6 +++++- 7 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_provisioner_binding.yaml create mode 100644 assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_resizer_binding.yaml create mode 100644 assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_provisioner_binding.yaml create mode 100644 assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_resizer_binding.yaml diff --git a/assets/overlays/azure-disk/generated/hypershift/manifests.yaml b/assets/overlays/azure-disk/generated/hypershift/manifests.yaml index 5b7cbf3e3..59abf0175 100644 --- a/assets/overlays/azure-disk/generated/hypershift/manifests.yaml +++ b/assets/overlays/azure-disk/generated/hypershift/manifests.yaml @@ -28,5 +28,7 @@ guestStaticAssetNames: - prometheus_role.yaml - storageclass.yaml - storageclass_reader_resizer_binding.yaml +- volumeattributesclass_reader_provisioner_binding.yaml +- volumeattributesclass_reader_resizer_binding.yaml - volumesnapshot_reader_provisioner_binding.yaml - volumesnapshotclass.yaml diff --git a/assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_provisioner_binding.yaml b/assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_provisioner_binding.yaml new file mode 100644 index 000000000..6f3c69d7c --- /dev/null +++ b/assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_provisioner_binding.yaml @@ -0,0 +1,19 @@ +# Generated file. Do not edit. Update using "make update". +# +# Loaded from base/rbac/volumeattributesclass_reader_provisioner_binding.yaml +# because it's needed by controller sidecar common/sidecars/provisioner.yaml +# +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azure-disk-csi-volumeattributesclass-reader-provisioner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openshift-csi-provisioner-volumeattributesclass-reader-role +subjects: +- kind: ServiceAccount + name: azure-disk-csi-driver-controller-sa + namespace: ${NODE_NAMESPACE} diff --git a/assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_resizer_binding.yaml b/assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_resizer_binding.yaml new file mode 100644 index 000000000..436641d30 --- /dev/null +++ b/assets/overlays/azure-disk/generated/hypershift/volumeattributesclass_reader_resizer_binding.yaml @@ -0,0 +1,19 @@ +# Generated file. Do not edit. Update using "make update". +# +# Loaded from base/rbac/volumeattributesclass_reader_resizer_binding.yaml +# because it's needed by controller sidecar common/sidecars/resizer.yaml +# +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azure-disk-csi-volumeattributesclass-reader-resizer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openshift-csi-resizer-volumeattributesclass-reader-role +subjects: +- kind: ServiceAccount + name: azure-disk-csi-driver-controller-sa + namespace: ${NODE_NAMESPACE} diff --git a/assets/overlays/azure-disk/generated/standalone/manifests.yaml b/assets/overlays/azure-disk/generated/standalone/manifests.yaml index 6aeeb8605..30b660809 100644 --- a/assets/overlays/azure-disk/generated/standalone/manifests.yaml +++ b/assets/overlays/azure-disk/generated/standalone/manifests.yaml @@ -29,5 +29,7 @@ guestStaticAssetNames: - prometheus_role.yaml - storageclass.yaml - storageclass_reader_resizer_binding.yaml +- volumeattributesclass_reader_provisioner_binding.yaml +- volumeattributesclass_reader_resizer_binding.yaml - volumesnapshot_reader_provisioner_binding.yaml - volumesnapshotclass.yaml diff --git a/assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_provisioner_binding.yaml b/assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_provisioner_binding.yaml new file mode 100644 index 000000000..6f3c69d7c --- /dev/null +++ b/assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_provisioner_binding.yaml @@ -0,0 +1,19 @@ +# Generated file. Do not edit. Update using "make update". +# +# Loaded from base/rbac/volumeattributesclass_reader_provisioner_binding.yaml +# because it's needed by controller sidecar common/sidecars/provisioner.yaml +# +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azure-disk-csi-volumeattributesclass-reader-provisioner-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openshift-csi-provisioner-volumeattributesclass-reader-role +subjects: +- kind: ServiceAccount + name: azure-disk-csi-driver-controller-sa + namespace: ${NODE_NAMESPACE} diff --git a/assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_resizer_binding.yaml b/assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_resizer_binding.yaml new file mode 100644 index 000000000..436641d30 --- /dev/null +++ b/assets/overlays/azure-disk/generated/standalone/volumeattributesclass_reader_resizer_binding.yaml @@ -0,0 +1,19 @@ +# Generated file. Do not edit. Update using "make update". +# +# Loaded from base/rbac/volumeattributesclass_reader_resizer_binding.yaml +# because it's needed by controller sidecar common/sidecars/resizer.yaml +# +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: azure-disk-csi-volumeattributesclass-reader-resizer-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: openshift-csi-resizer-volumeattributesclass-reader-role +subjects: +- kind: ServiceAccount + name: azure-disk-csi-driver-controller-sa + namespace: ${NODE_NAMESPACE} diff --git a/pkg/driver/azure-disk/azure_disk.go b/pkg/driver/azure-disk/azure_disk.go index fb4870e8a..b86149753 100644 --- a/pkg/driver/azure-disk/azure_disk.go +++ b/pkg/driver/azure-disk/azure_disk.go @@ -18,7 +18,7 @@ import ( "github.com/openshift/library-go/pkg/operator/csi/csidrivercontrollerservicecontroller" "github.com/openshift/library-go/pkg/operator/csi/csidrivernodeservicecontroller" "github.com/openshift/library-go/pkg/operator/csi/csistorageclasscontroller" - "github.com/openshift/library-go/pkg/operator/hypershift/deploymentversion" + deploymentversioncontroller "github.com/openshift/library-go/pkg/operator/hypershift/deploymentversion" "github.com/openshift/library-go/pkg/operator/resourcesynccontroller" dc "github.com/openshift/library-go/pkg/operator/deploymentcontroller" @@ -89,6 +89,8 @@ func GetAzureDiskGeneratorConfig() *generator.CSIDriverGeneratorConfig { "--worker-threads=100", "--kube-api-qps=50", "--kube-api-burst=100", + ).WithAdditionalAssets( + "base/rbac/volumeattributesclass_reader_provisioner_binding.yaml", ), commongenerator.DefaultAttacher.WithExtraArguments( "--timeout=1200s", @@ -99,6 +101,8 @@ func GetAzureDiskGeneratorConfig() *generator.CSIDriverGeneratorConfig { commongenerator.DefaultResizer.WithExtraArguments( "--timeout=240s", "-handle-volume-inuse-error=false", + ).WithAdditionalAssets( + "base/rbac/volumeattributesclass_reader_resizer_binding.yaml", ), commongenerator.DefaultSnapshotter.WithExtraArguments( "--timeout=600s",