[WIP] Remove linode api token requirement from node-server

Dockerfile

@@ -20,7 +20,7 @@ FROM alpine:3.20.3
 LABEL maintainers="Linode"
 LABEL description="Linode CSI Driver"
 
-RUN apk add --no-cache e2fsprogs e2fsprogs-extra findmnt blkid cryptsetup
+RUN apk add --no-cache e2fsprogs e2fsprogs-extra findmnt blkid cryptsetup lsblk
 RUN apk add --no-cache xfsprogs=6.2.0-r2 xfsprogs-extra=6.2.0-r2 --repository=http://dl-cdn.alpinelinux.org/alpine/v3.18/main
 
 COPY --from=builder /bin/linode-blockstorage-csi-driver /linode

Dockerfile.dev

@@ -8,6 +8,7 @@ WORKDIR /linode
 
 RUN apk add \
     blkid \
+    lsblk \
     cryptsetup \
     cryptsetup-libs \
     cryptsetup-dev \

deploy/kubernetes/base/ds-csi-linode-node.yaml

@@ -54,17 +54,6 @@ spec:
           env:
             - name: CSI_ENDPOINT
               value: unix:///csi/csi.sock
-            - name: LINODE_URL
-              value: https://api.linode.com/v4
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: LINODE_TOKEN
-              valueFrom:
-                secretKeyRef:
-                  name: linode
-                  key: token
           imagePullPolicy: "Always"
           securityContext:
             # This container must run as privileged due to the requirement for bidirectional mount propagation

helm-chart/csi-driver/templates/daemonset.yaml

@@ -49,17 +49,6 @@ spec:
         env:
         - name: CSI_ENDPOINT
           value: unix:///csi/csi.sock
-        - name: LINODE_URL
-          value: https://api.linode.com
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        - name: LINODE_TOKEN
-          valueFrom:
-            secretKeyRef:
-              name: {{ if .Values.secretRef }}{{ .Values.secretRef.name | default "linode" }}{{ else }}"linode"{{ end }}
-              key: {{ if .Values.secretRef }}{{ .Values.secretRef.apiTokenRef | default "token" }}{{ else }}"token"{{ end }}
         - name: ENABLE_METRICS
           value: {{ .Values.enableMetrics | quote}}
         - name: METRICS_PORT

internal/driver/nodeserver.go

@@ -15,8 +15,10 @@
 */
 
 import (
+	"encoding/json"
 	"errors"
 	"fmt"
+	"os/exec"
 	"strconv"
 	"sync"
 	"time"
@@ -50,6 +52,14 @@
 	csi.UnimplementedNodeServer
 }
 
+type BlockDevice struct {
+	Name string `json:"name"`
+}
+
+type LsblkOutput struct {
+	BlockDevices []BlockDevice `json:"blockdevices"`
+}
+
 var _ csi.NodeServer = &NodeServer{}
 
 func NewNodeServer(ctx context.Context, linodeDriver *LinodeDriver, mounter *mountmanager.SafeFormatAndMount, deviceUtils devicemanager.DeviceUtils, client linodeclient.LinodeClient, metadata Metadata, encrypt Encryption, resize mountmanager.ResizeFSer) (*NodeServer, error) {
@@ -469,8 +479,12 @@
 	}, nil
 }
 
+func execRunner(name string, arg ...string) ([]byte, error) {
+	return exec.Command(name, arg...).CombinedOutput()
+}
+
 func (ns *NodeServer) NodeGetInfo(ctx context.Context, req *csi.NodeGetInfoRequest) (*csi.NodeGetInfoResponse, error) {
 	log, ctx := logger.GetLogger(ctx)
 	log, done := logger.WithMethod(log, "NodeGetInfo")
 	defer done()
 
@@ -484,13 +498,18 @@
 	// This is what the spec wants us to report: the actual number of volumes
 	// that can be attached, and not the theoretical maximum number of
 	// devices that can be attached.
-	log.V(4).Info("Listing instance disks", "nodeID", ns.metadata.ID)
-	disks, err := ns.client.ListInstanceDisks(ctx, ns.metadata.ID, nil)
+	log.V(4).Info("Listing attached block devices", "nodeID", ns.metadata.ID)
+
+	lsblkOutput, err := execRunner("lsblk", "-J", "--nodeps", "-e7")
 	if err != nil {
-		return &csi.NodeGetInfoResponse{}, errInternal("list instance disks: %v", err)
+		return &csi.NodeGetInfoResponse{}, errInternal("lsblk: %v", err)
+	}
+	var lsblkData LsblkOutput
+	if err := json.Unmarshal(lsblkOutput, &lsblkData); err != nil {
+		return &csi.NodeGetInfoResponse{}, errInternal("error unmarshaling lsblk json output: %s", err)
 	}
-	maxVolumes := maxVolumeAttachments(ns.metadata.Memory) - len(disks)
 
+	maxVolumes := maxVolumeAttachments(ns.metadata.Memory) - len(lsblkData.BlockDevices)
 	log.V(2).Info("functionStatusfully completed")
 	return &csi.NodeGetInfoResponse{
 		NodeId:            strconv.Itoa(ns.metadata.ID),

internal/driver/nodeserver_test.go

@@ -755,13 +755,6 @@ func TestNodeGetInfo(t *testing.T) {
 					},
 				},
 			},
-			expectLinodeClientCalls: func(m *mocks.MockLinodeClient) {
-				m.EXPECT().ListInstanceDisks(gomock.Any(), gomock.Any(), gomock.Any()).Return([]linodego.InstanceDisk{
-					{
-						ID: 1,
-					},
-				}, nil)
-			},
 			expectedError: nil,
 		},
 	}
@@ -771,9 +764,6 @@ func TestNodeGetInfo(t *testing.T) {
 			ctrl := gomock.NewController(t)
 			defer ctrl.Finish()
 			mockClient := mocks.NewMockLinodeClient(ctrl)
-			if tt.expectLinodeClientCalls != nil {
-				tt.expectLinodeClientCalls(mockClient)
-			}
 			ns := &NodeServer{
 				driver: &LinodeDriver{},
 				client: mockClient,

main.go

@@ -127,8 +127,12 @@ func handle(ctx context.Context) error {
 	log.V(4).Info("Driver vendor version", "version", vendorVersion)
 
 	cfg := loadConfig()
+
+	// Warn if LINODE_TOKEN is not set.
+	// Validation of LINODE_TOKEN being set is moved to the helm chart.
+	// ToDo: Decouple the node-server from the controller code.
 	if cfg.linodeToken == "" {
-		return errors.New("linode token required")
+		log.V(4).Info("LINODE_TOKEN is not set, this is OK for node-server")
 	}
 
 	linodeDriver := driver.GetLinodeDriver(ctx)