feat: add experimental Docker Swarm support (#376)

Author: s4ke

.github/workflows/publish_on_master.yml

@@ -26,3 +26,7 @@ jobs:
           tags: ${{ github.repository_owner }}/hcloud-csi-driver:latest
           cache-from: type=registry,ref=${{ github.repository_owner }}/hcloud-csi-driver:buildcache
           cache-to: type=registry,ref=${{ github.repository_owner }}/hcloud-csi-driver:buildcache,mode=max
+      - name: "make docker plugin"
+        run: |
+          cd deploy/docker-swarm/pkg
+          make push PLUGIN_NAME=${{ github.repository_owner }}/hcloud-csi-driver PLUGIN_TAG=latest-swarm

.github/workflows/publish_on_tag.yml

@@ -42,6 +42,12 @@ jobs:
           tags: ${{ github.repository_owner }}/hcloud-csi-driver:${{ steps.release_version.outputs.value}}
           cache-from: type=registry,ref=${{ github.repository_owner }}/hcloud-csi-driver:buildcache
           cache-to: type=registry,ref=${{ github.repository_owner }}/hcloud-csi-driver:buildcache,mode=max
+      - name: "make docker plugin"
+        env:
+          RELEASE_VERSION: ${{ steps.release_version.outputs.value}}
+        run: |
+          cd deploy/docker-swarm/pkg
+          make push PLUGIN_NAME=${{ github.repository_owner }}/hcloud-csi-driver PLUGIN_TAG=$RELEASE_VERSION-swarm
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:

cmd/aio/README.md

@@ -0,0 +1,3 @@
+This contains an all in one binary (aio). This is required
+for orchestrators such as Docker Swarm which need all endpoints in a single
+API.

cmd/aio/main.go

@@ -0,0 +1,125 @@
+package main
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	proto "github.com/container-storage-interface/spec/lib/go/csi"
+	"github.com/go-kit/kit/log"
+	"github.com/go-kit/kit/log/level"
+	"github.com/hetznercloud/csi-driver/api"
+	"github.com/hetznercloud/csi-driver/app"
+	"github.com/hetznercloud/csi-driver/driver"
+	"github.com/hetznercloud/csi-driver/volumes"
+	"github.com/hetznercloud/hcloud-go/hcloud/metadata"
+)
+
+var logger log.Logger
+
+func main() {
+	logger = app.CreateLogger()
+
+	m := app.CreateMetrics(logger)
+
+	hcloudClient, err := app.CreateHcloudClient(m.Registry(), logger)
+	if err != nil {
+		level.Error(logger).Log(
+			"msg", "failed to initialize hcloud client",
+			"err", err,
+		)
+		os.Exit(1)
+	}
+
+	metadataClient := metadata.NewClient(metadata.WithInstrumentation(m.Registry()))
+
+	// node
+	serverID, err := metadataClient.InstanceID()
+	if err != nil {
+		level.Error(logger).Log("msg", "failed to fetch server ID from metadata service", "err", err)
+		os.Exit(1)
+	}
+
+	serverAZ, err := metadataClient.AvailabilityZone()
+	if err != nil {
+		level.Error(logger).Log("msg", "failed to fetch server availability-zone from metadata service", "err", err)
+		os.Exit(1)
+	}
+	parts := strings.Split(serverAZ, "-")
+	if len(parts) != 2 {
+		level.Error(logger).Log("msg", fmt.Sprintf("unexpected server availability zone: %s", serverAZ), "err", err)
+		os.Exit(1)
+	}
+	serverLocation := parts[0]
+
+	level.Info(logger).Log("msg", "Fetched data from metadata service", "id", serverID, "location", serverLocation)
+
+	volumeMountService := volumes.NewLinuxMountService(
+		log.With(logger, "component", "linux-mount-service"),
+	)
+	volumeResizeService := volumes.NewLinuxResizeService(
+		log.With(logger, "component", "linux-resize-service"),
+	)
+	volumeStatsService := volumes.NewLinuxStatsService(
+		log.With(logger, "component", "linux-stats-service"),
+	)
+	nodeService := driver.NewNodeService(
+		log.With(logger, "component", "driver-node-service"),
+		strconv.Itoa(serverID),
+		serverLocation,
+		volumeMountService,
+		volumeResizeService,
+		volumeStatsService,
+	)
+
+	// controller
+	volumeService := volumes.NewIdempotentService(
+		log.With(logger, "component", "idempotent-volume-service"),
+		api.NewVolumeService(
+			log.With(logger, "component", "api-volume-service"),
+			hcloudClient,
+		),
+	)
+	controllerService := driver.NewControllerService(
+		log.With(logger, "component", "driver-controller-service"),
+		volumeService,
+		serverLocation,
+	)
+
+	// common
+	identityService := driver.NewIdentityService(
+		log.With(logger, "component", "driver-identity-service"),
+	)
+
+	// common
+	listener, err := app.CreateListener()
+	if err != nil {
+		level.Error(logger).Log(
+			"msg", "failed to create listener",
+			"err", err,
+		)
+		os.Exit(1)
+	}
+
+	grpcServer := app.CreateGRPCServer(logger, m.UnaryServerInterceptor())
+
+	// controller
+	proto.RegisterControllerServer(grpcServer, controllerService)
+	// common
+	proto.RegisterIdentityServer(grpcServer, identityService)
+	// node
+	proto.RegisterNodeServer(grpcServer, nodeService)
+
+	m.InitializeMetrics(grpcServer)
+
+	identityService.SetReady(true)
+
+	if err := grpcServer.Serve(listener); err != nil {
+		level.Error(logger).Log(
+			"msg", "grpc server failed",
+			"err", err,
+		)
+		os.Exit(1)
+	}
+}

deploy/docker-swarm/.gitignore

@@ -0,0 +1 @@
+plugin

deploy/docker-swarm/README.md

@@ -0,0 +1,104 @@
+# Docker Swarm Hetzner CSI plugin
+
+Currently in Beta. Please consult the Docker Swarm documentation
+for cluster volumes (=CSI) support at https://github.com/moby/moby/blob/master/docs/cluster_volumes.md
+
+The community is tracking the state of support for CSI in Docker Swarm over at https://github.com/olljanat/csi-plugins-for-docker-swarm
+
+## How to install the plugin
+
+Run the following steps on all nodes (especially master nodes).
+The simplest way to achieve this
+
+1. Create a read+write API token in the [Hetzner Cloud Console](https://console.hetzner.cloud/).
+
+2. Install the plugin 
+
+Note that docker plugins without a tag in the alias currently get `:latest` appended. To prevent this from happening, we will use
+the fake tag `:swarm` instead.
+
+```bash
+docker plugin install --disable --alias hetznercloud/hcloud-csi-driver:swarm --grant-all-permissions hetznercloud/hcloud-csi-driver:<version>-swarm
+```
+
+3. Set HCLOUD_TOKEN
+
+```bash
+docker plugin set hetznercloud/hcloud-csi-driver:swarm HCLOUD_TOKEN=<your token>
+```
+
+4. Enable plugin
+
+```bash
+docker plugin enable hetznercloud/hcloud-csi-driver:swarm
+```
+
+## How to create a volume
+
+Example: Create a volume wih size 50G in Nuremberg:
+
+```bash
+docker volume create --driver hetznercloud/hcloud-csi-driver:swarm --required-bytes 50G --type mount --sharing onewriter --scope single hcloud-debug1 --topology-required csi.hetzner.cloud/location=nbg1
+```
+
+We can now use this in a service:
+
+```bash
+docker service create --name hcloud-debug-serv1   --mount type=cluster,src=hcloud-debug1,dst=/srv/www   nginx:alpine
+```
+
+Note that only scope `single` is supported as Hetzner Cloud volumes can only be attached to one node at a time
+
+We can however share the volume on multiple containers on the same host:
+
+```bash
+docker volume create --driver hetznercloud/hcloud-csi-driver:swarm --required-bytes 50G --type mount --sharing all --scope single hcloud-debug1 --topology-required csi.hetzner.cloud/location=nbg1
+```
+
+After creation we can now use this volume with `--sharing all` in more than one replica:
+
+```bash
+docker service create --name hcloud-debug-serv2  --mount type=cluster,src=hcloud-debug2,dst=/srv/www   nginx:alpine
+docker service scale hcloud-debug-serv2=2
+```
+
+## How to resize a docker swarm Hetzner CSI volume
+
+Currently, the Docker Swarm CSI support does not come with support for volume resizing. See [this ticket](https://github.com/moby/moby/issues/44985) for the current state on the Docker side.
+The following explains a step by step guide on how to do this manually instead.
+
+Please test the following on a Swarm with the same version as your target cluster
+as this strongly depends on the logic of `docker volume rm -f` not deleting the cloud volume.
+
+### Steps
+
+1. Drain Volume
+
+```
+docker volume update <volume-name> --availability drain
+```
+
+This way, we ensure that all services stop using the volume.
+
+2. Force remove volume on cluster
+
+```
+docker volume rm -f <volume-name>
+```
+
+4. Resize Volume in Hetzner UI
+5. Attach Volume to temporary server manually
+6. Run resize2fs manually
+7. Detach Volume from temporary server manually
+8. Recreate Volume with new size to make it known to Swarm again
+
+```
+docker volume create --driver hetznercloud/hcloud-csi-driver:swarm --required-bytes <new-size>  --type mount   --sharing onewriter   --scope single <volume-name>
+```
+
+9. Verify that volume exists again:
+
+```
+docker volume ls --cluster
+```
+

deploy/docker-swarm/pkg/Dockerfile

@@ -0,0 +1,15 @@
+FROM golang:1.19 as builder
+WORKDIR /csi
+ADD go.mod go.sum /csi/
+RUN go mod download
+ADD . /csi/
+RUN ls -al
+RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o aio.bin github.com/hetznercloud/csi-driver/cmd/aio
+
+FROM --platform=linux/amd64 alpine:3.15
+RUN apk add --no-cache ca-certificates e2fsprogs xfsprogs blkid xfsprogs-extra e2fsprogs-extra btrfs-progs cryptsetup
+ENV GOTRACEBACK=all
+RUN mkdir -p /plugin
+COPY --from=builder /csi/aio.bin /plugin
+
+ENTRYPOINT [ "/plugin/aio.bin" ]

deploy/docker-swarm/pkg/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Leo Antunes (base packaging code from https://github.com/costela/docker-volume-hetzner)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

deploy/docker-swarm/pkg/Makefile

@@ -0,0 +1,31 @@
+PLUGIN_NAME = hetznercloud/hcloud-csi-driver
+PLUGIN_TAG ?= $(shell git describe --tags --exact-match 2> /dev/null || echo dev)-swarm
+
+all: create
+
+clean:
+	@rm -rf ./plugin
+	@docker container rm -vf tmp_plugin_build || true
+
+rootfs: clean
+	docker image build -f Dockerfile -t ${PLUGIN_NAME}:rootfs ../../../
+	mkdir -p ./plugin/rootfs
+	docker container create --name tmp_plugin_build ${PLUGIN_NAME}:rootfs
+	docker container export tmp_plugin_build | tar -x -C ./plugin/rootfs
+	cp config.json ./plugin/
+	docker container rm -vf tmp_plugin_build
+
+create: rootfs
+	docker plugin rm -f ${PLUGIN_NAME}:${PLUGIN_TAG} 2> /dev/null || true
+	docker plugin create ${PLUGIN_NAME}:${PLUGIN_TAG} ./plugin
+
+enable: create
+	docker plugin enable ${PLUGIN_NAME}:${PLUGIN_TAG}
+
+push: create
+	docker plugin push ${PLUGIN_NAME}:${PLUGIN_TAG}
+
+push_latest: create
+	docker plugin push ${PLUGIN_NAME}:latest-swarm
+
+.PHONY: clean rootfs create enable push

deploy/docker-swarm/pkg/README.md

@@ -0,0 +1,6 @@
+a lot in this directory comes from work originally done
+by other awesome people.
+
+Before CSI support, Docker Swarm volumes
+were graciously supported by @costela over at:
+https://github.com/costela/docker-volume-hetzner