Add CSI support

Signed-off-by: Artem Glazychev <artem.glazychev@xored.com>
networkservicemesh · Jun 15, 2023 · 4c65b57 · 4c65b57
1 parent 13cf707
commit 4c65b57
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 17 deletions.
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -51,6 +51,7 @@ type Config struct {
 	KeyFilePath           string            `desc:"Path to RSA/Ed25519 related to Config.CertFilePath" split_words:"true"`
 	CABundleFilePath      string            `desc:"Path to cabundle file related to Config.CertFilePath" split_words:"true"`
 	OpenTelemetryEndpoint string            `default:"otel-collector.observability.svc.cluster.local:4317" desc:"OpenTelemetry Collector Endpoint"`
+	UseCSI                bool              `default:"false" desc:"Use CSI volume instead of hostPath" split_words:"true"`
 	envs                  []corev1.EnvVar
 	caBundle              []byte
 	cert                  tls.Certificate

diff --git a/main.go b/main.go
@@ -206,27 +206,51 @@ func (s *admissionWebhookServer) postProcessPodMeta(podMetaPtr, metaPtr *v1.Obje
 }
 
 func (s *admissionWebhookServer) createVolumesPatch(p string, volumes []corev1.Volume) jsonpatch.JsonPatchOperation {
-	hostPathDir := corev1.HostPathDirectory
-	volumes = append(volumes,
-		corev1.Volume{
-			Name: "spire-agent-socket",
-			VolumeSource: corev1.VolumeSource{
-				HostPath: &corev1.HostPathVolumeSource{
-					Path: "/run/spire/sockets",
-					Type: &hostPathDir,
+	if s.config.UseCSI {
+		readOnly := true
+		volumes = append(volumes,
+			corev1.Volume{
+				Name: "spire-agent-socket",
+				VolumeSource: corev1.VolumeSource{
+					CSI: &corev1.CSIVolumeSource{
+						Driver:   "csi.spiffe.io",
+						ReadOnly: &readOnly,
+					},
 				},
 			},
-		},
-		corev1.Volume{
-			Name: "nsm-socket",
-			VolumeSource: corev1.VolumeSource{
-				HostPath: &corev1.HostPathVolumeSource{
-					Path: "/var/lib/networkservicemesh",
-					Type: &hostPathDir,
+			corev1.Volume{
+				Name: "nsm-socket",
+				VolumeSource: corev1.VolumeSource{
+					CSI: &corev1.CSIVolumeSource{
+						Driver:   "csi.networkservicemesh.io",
+						ReadOnly: &readOnly,
+					},
 				},
 			},
-		},
-	)
+		)
+	} else {
+		hostPathDir := corev1.HostPathDirectory
+		volumes = append(volumes,
+			corev1.Volume{
+				Name: "spire-agent-socket",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: "/run/spire/sockets",
+						Type: &hostPathDir,
+					},
+				},
+			},
+			corev1.Volume{
+				Name: "nsm-socket",
+				VolumeSource: corev1.VolumeSource{
+					HostPath: &corev1.HostPathVolumeSource{
+						Path: "/var/lib/networkservicemesh",
+						Type: &hostPathDir,
+					},
+				},
+			},
+		)
+	}
 	return jsonpatch.NewOperation("add", path.Join(p, "spec", "volumes"), volumes)
 }