feat: initial implementation (WIP)

TODO:
- tests
- integration tests

Signed-off-by: Mateusz Urbanek <[email protected]>

Author: shanduur-akamai

cmd/linode-cosi-driver/main.go

@@ -27,12 +27,14 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/go-logr/logr"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/logging"
 	"github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/recovery"
 	"github.com/linode/linode-cosi-driver/pkg/endpoint"
 	"github.com/linode/linode-cosi-driver/pkg/envflag"
 	"github.com/linode/linode-cosi-driver/pkg/grpc/handlers"
 	grpclogger "github.com/linode/linode-cosi-driver/pkg/grpc/logger"
+	"github.com/linode/linode-cosi-driver/pkg/kubereader/tracedkubereader"
 	"github.com/linode/linode-cosi-driver/pkg/linodeclient"
 	"github.com/linode/linode-cosi-driver/pkg/linodeclient/tracedclient"
 	maxprocslogger "github.com/linode/linode-cosi-driver/pkg/maxprocs/logger"
@@ -47,7 +49,11 @@ import (
 	semconv "go.opentelemetry.io/otel/semconv/v1.21.0"
 	"go.uber.org/automaxprocs/maxprocs"
 	"google.golang.org/grpc"
+	v1 "k8s.io/api/core/v1"
 	cosi "sigs.k8s.io/container-object-storage-interface-spec"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/config"
+	ctrlLog "sigs.k8s.io/controller-runtime/pkg/log"
 )
 
 const (
@@ -67,12 +73,26 @@ func main() {
 
 	// TODO: any logger settup must be done here, before first log call.
 	log := slog.Default()
+	ctrlLog.SetLogger(logr.FromSlogHandler(log.Handler()))
+
+	kubeclient, err := client.New(config.GetConfigOrDie(), client.Options{
+		Cache: &client.CacheOptions{
+			DisableFor: []client.Object{
+				&v1.Secret{},
+			},
+		},
+	})
+	if err != nil {
+		slog.Error("initializing kube client failed", "error", err)
+		os.Exit(1)
+	}
 
 	if err := run(context.Background(), log, mainOptions{
 		cosiEndpoint:     cosiEndpoint,
 		linodeToken:      linodeToken,
 		linodeURL:        linodeURL,
 		linodeAPIVersion: linodeAPIVersion,
+		kubeclient:       kubeclient,
 	},
 	); err != nil {
 		slog.Error("critical failure", "error", err)
@@ -85,6 +105,7 @@ type mainOptions struct {
 	linodeToken      string
 	linodeURL        string
 	linodeAPIVersion string
+	kubeclient       client.Client
 }
 
 func run(ctx context.Context, log *slog.Logger, opts mainOptions) error {
@@ -112,7 +133,7 @@ func run(ctx context.Context, log *slog.Logger, opts mainOptions) error {
 	// initialize Linode client
 	client, err := linodeclient.NewLinodeClient(
 		opts.linodeToken,
-		fmt.Sprintf("LinodeCOSI/%s", version.Version),
+		version.UserAgent(),
 		opts.linodeURL,
 		opts.linodeAPIVersion)
 	if err != nil {
@@ -121,10 +142,13 @@ func run(ctx context.Context, log *slog.Logger, opts mainOptions) error {
 
 	client.SetLogger(restylogger.Wrap(log))
 
+	podName := os.Getenv(envK8sPodName)
+
 	// create provisioner server
 	prvSrv, err := provisioner.New(
 		log,
-		tracedclient.NewClientWithTracing(client, os.Getenv(envK8sPodName)),
+		tracedclient.NewClientWithTracing(client, podName),
+		tracedkubereader.NewKubeReaderWithTracing(opts.kubeclient, podName),
 	)
 	if err != nil {
 		return fmt.Errorf("failed to create provisioner server: %w", err)

go.mod

@@ -3,6 +3,7 @@ module github.com/linode/linode-cosi-driver
 go 1.23.1
 
 require (
+	github.com/go-logr/logr v1.4.2
 	github.com/go-resty/resty/v2 v2.15.3
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0
 	github.com/linode/linodego v1.42.0
@@ -15,7 +16,10 @@ require (
 	go.opentelemetry.io/otel/trace v1.31.0
 	go.uber.org/automaxprocs v1.6.0
 	google.golang.org/grpc v1.67.1
+	k8s.io/api v0.31.1
+	k8s.io/apimachinery v0.31.1
 	sigs.k8s.io/container-object-storage-interface-spec v0.1.0
+	sigs.k8s.io/controller-runtime v0.19.0
 )
 
 // tools
@@ -134,7 +138,6 @@ require (
 	github.com/go-critic/go-critic v0.11.4 // indirect
 	github.com/go-errors/errors v1.5.1 // indirect
 	github.com/go-gorp/gorp/v3 v3.1.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
@@ -392,9 +395,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	honnef.co/go/tools v0.5.1 // indirect
-	k8s.io/api v0.31.1 // indirect
 	k8s.io/apiextensions-apiserver v0.31.1 // indirect
-	k8s.io/apimachinery v0.31.1 // indirect
 	k8s.io/apiserver v0.31.1 // indirect
 	k8s.io/cli-runtime v0.31.0 // indirect
 	k8s.io/client-go v0.31.1 // indirect
@@ -408,7 +409,6 @@ require (
 	mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect
-	sigs.k8s.io/controller-runtime v0.19.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kubectl-validate v0.0.5-0.20240827210056-ce13d95db263 // indirect
 	sigs.k8s.io/kustomize/api v0.18.0 // indirect

pkg/kubereader/resource.go

@@ -0,0 +1,23 @@
+// Copyright 2024 Akamai Technologies, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package kubereader
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+type KubeReader interface {
+	client.Reader
+}

pkg/kubereader/tracedkubereader/tracedkubereader.gen.go

@@ -26,6 +26,7 @@ const (
 	ParamACL         = "cosi.linode.com/v1/acl"
 	ParamCORS        = "cosi.linode.com/v1/cors"
 	ParamPermissions = "cosi.linode.com/v1/permissions"
+	ParamSecretRef   = "cosi.linode.com/v1/secretRef" //nolint:gosec // this is key under which secret reference is placed
 )
 
 type ParamCORSValue string
@@ -59,12 +60,22 @@ const (
 	S3SecretAccessSecretKey = "accessSecretKey"
 )
 
+const (
+	LinodeTokenKey      = "LINODE_TOKEN"
+	LinodeAPIURLKey     = "LINODE_API_URL"
+	LinodeAPIVersionKey = "LINODE_API_VERSION"
+	LinodeDebugKey      = "LINODE_DEBUG"
+	// LinodeCAKey         = "LINODE_CA" // TODO: enable setting Linode CA from string in Linode Go.
+)
+
 var (
-	ErrNotFound            = linodego.Error{Code: http.StatusNotFound}
-	ErrBucketExists        = errors.New("bucket exists with different parameters")
-	ErrUnsuportedAuth      = errors.New("unsupported authentication schema")
-	ErrMissingRegion       = errors.New("region was not provided")
-	ErrUnknownPermsissions = errors.New("unknown permissions")
+	ErrNotFound               = linodego.Error{Code: http.StatusNotFound}
+	ErrBucketExists           = errors.New("bucket exists with different parameters")
+	ErrUnsuportedAuth         = errors.New("unsupported authentication schema")
+	ErrMissingRegion          = errors.New("region was not provided")
+	ErrUnknownPermsissions    = errors.New("unknown permissions")
+	ErrInvalidSecretReference = errors.New("invalid secret reference")
+	ErrInvalidSecret          = errors.New("invalid secret")
 )
 
 const (