Merge pull request #82004 from pohly/ephemeral-beta

ephemeral inline CSI volumes as beta

api/openapi-spec/swagger.json

@@ -13276,7 +13276,7 @@
           "type": "boolean"
         },
         "allowedCSIDrivers": {
-          "description": "AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.",
+          "description": "AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes.",
           "items": {
             "$ref": "#/definitions/io.k8s.api.extensions.v1beta1.AllowedCSIDriver"
           },

pkg/features/kube_features.go

@@ -329,6 +329,7 @@ const (
 
 	// owner: @vladimirvivien
 	// alpha: v1.14
+	// beta: v1.16
 	//
 	// Enables CSI Inline volumes support for pods
 	CSIInlineVolume featuregate.Feature = "CSIInlineVolume"
@@ -549,7 +550,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
 	VolumeSubpathEnvExpansion:           {Default: true, PreRelease: featuregate.Beta},
 	ResourceQuotaScopeSelectors:         {Default: true, PreRelease: featuregate.Beta},
 	CSIBlockVolume:                      {Default: true, PreRelease: featuregate.Beta},
-	CSIInlineVolume:                     {Default: false, PreRelease: featuregate.Alpha},
+	CSIInlineVolume:                     {Default: true, PreRelease: featuregate.Beta},
 	RuntimeClass:                        {Default: true, PreRelease: featuregate.Beta},
 	NodeLease:                           {Default: true, PreRelease: featuregate.Beta},
 	SCTPSupport:                         {Default: false, PreRelease: featuregate.Alpha},

pkg/volume/csi/csi_mounter_test.go

@@ -154,8 +154,8 @@ func MounterSetUpTests(t *testing.T, podInfoEnabled bool) {
 			klog.Infof("Starting test %s", test.name)
 			// Modes must be set if (and only if) CSIInlineVolume is enabled.
 			var modes []storagev1beta1.VolumeLifecycleMode
+			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, test.csiInlineVolume)()
 			if test.csiInlineVolume {
-				defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, true)()
 				modes = append(modes, storagev1beta1.VolumeLifecyclePersistent)
 			}
 			fakeClient := fakeclient.NewSimpleClientset(

pkg/volume/csi/csi_plugin_test.go

@@ -231,6 +231,7 @@ func TestPluginGetVolumeNameWithInline(t *testing.T) {
 
 func TestPluginCanSupport(t *testing.T) {
 	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIBlockVolume, true)()
+	defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.CSIInlineVolume, false)()
 
 	tests := []struct {
 		name       string

staging/src/k8s.io/api/extensions/v1beta1/generated.proto

@@ -873,7 +873,6 @@ message PodSecurityPolicySpec {
 
   // AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
   // An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
-  // This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.
   // +optional
   repeated AllowedCSIDriver allowedCSIDrivers = 23;
 

staging/src/k8s.io/api/extensions/v1beta1/types.go

@@ -930,7 +930,6 @@ type PodSecurityPolicySpec struct {
 	AllowedFlexVolumes []AllowedFlexVolume `json:"allowedFlexVolumes,omitempty" protobuf:"bytes,18,rep,name=allowedFlexVolumes"`
 	// AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec.
 	// An empty value indicates that any CSI driver can be used for inline ephemeral volumes.
-	// This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.
 	// +optional
 	AllowedCSIDrivers []AllowedCSIDriver `json:"allowedCSIDrivers,omitempty" protobuf:"bytes,23,rep,name=allowedCSIDrivers"`
 	// allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none.

staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go

@@ -470,7 +470,7 @@ var map_PodSecurityPolicySpec = map[string]string{
 	"allowPrivilegeEscalation":        "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.",
 	"allowedHostPaths":                "allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.",
 	"allowedFlexVolumes":              "allowedFlexVolumes is a whitelist of allowed Flexvolumes.  Empty or nil indicates that all Flexvolumes may be used.  This parameter is effective only when the usage of the Flexvolumes is allowed in the \"volumes\" field.",
-	"allowedCSIDrivers":               "AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.",
+	"allowedCSIDrivers":               "AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes.",
 	"allowedUnsafeSysctls":            "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.",
 	"forbiddenSysctls":                "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.",
 	"allowedProcMountTypes":           "AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.",

test/e2e/storage/csi_mock_volume.go

@@ -322,8 +322,7 @@ var _ = utils.SIGDescribe("CSI mock volume", func() {
 				expectEphemeral:        false,
 			},
 			{
-				// TODO(pohly): remove the feature tag when moving to beta
+				name:                   "contain ephemeral=true when using inline volume",
-				name:                   "contain ephemeral=true when using inline volume [Feature:CSIInlineVolume]",
 				podInfoOnMount:         &podInfoTrue,
 				deployClusterRegistrar: true,
 				expectPodInfo:          true,

test/e2e/storage/testsuites/ephemeral.go

@@ -45,7 +45,7 @@ var _ TestSuite = &ephemeralTestSuite{}
 func InitEphemeralTestSuite() TestSuite {
 	return &ephemeralTestSuite{
 		tsInfo: TestSuiteInfo{
-			name: "ephemeral [Feature:CSIInlineVolume]",
+			name: "ephemeral",
 			testPatterns: []testpatterns.TestPattern{
 				{
 					Name:    "inline ephemeral CSI volume",