Add Supervisor CSI CreateVolume support for vSAN File Service volumes via FVS

manifests/supervisorcluster/1.32/cns-csi.yaml

@@ -126,6 +126,15 @@ rules:
   - apiGroups: ["crd.nsx.vmware.com"]
     resources: ["networkinfos"]
     verbs: ["get", "watch", "list"]
+  - apiGroups: ["crd.nsx.vmware.com"]
+    resources: ["vpcnetworkconfigurations"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["fvs.vcf.broadcom.com"]
+    resources: ["filevolumes"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
+  - apiGroups: ["fvs.vcf.broadcom.com"]
+    resources: ["filevolumeservices"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["encryption.vmware.com"]
     resources: ["encryptionclasses"]
     verbs: ["get", "list", "watch"]

manifests/supervisorcluster/1.33/cns-csi.yaml

@@ -126,6 +126,15 @@ rules:
   - apiGroups: ["crd.nsx.vmware.com"]
     resources: ["networkinfos"]
     verbs: ["get", "watch", "list"]
+  - apiGroups: ["crd.nsx.vmware.com"]
+    resources: ["vpcnetworkconfigurations"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["fvs.vcf.broadcom.com"]
+    resources: ["filevolumes"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
+  - apiGroups: ["fvs.vcf.broadcom.com"]
+    resources: ["filevolumeservices"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["encryption.vmware.com"]
     resources: ["encryptionclasses"]
     verbs: ["get", "list", "watch"]

manifests/supervisorcluster/1.34/cns-csi.yaml

@@ -126,6 +126,15 @@ rules:
   - apiGroups: ["crd.nsx.vmware.com"]
     resources: ["networkinfos"]
     verbs: ["get", "watch", "list"]
+  - apiGroups: ["crd.nsx.vmware.com"]
+    resources: ["vpcnetworkconfigurations"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["fvs.vcf.broadcom.com"]
+    resources: ["filevolumes"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
+  - apiGroups: ["fvs.vcf.broadcom.com"]
+    resources: ["filevolumeservices"]
+    verbs: ["get", "list", "watch"]
   - apiGroups: ["encryption.vmware.com"]
     resources: ["encryptionclasses"]
     verbs: ["get", "list", "watch"]

pkg/csi/service/common/constants.go

@@ -90,6 +90,15 @@ const (
 	// AttributeStorageClassName represents name of the Storage Class.
 	AttributeStorageClassName = "csi.storage.k8s.io/sc/name"
 
+	// StorageClassVsanFileServicePolicy is the supervisor StorageClass for vSAN file service (immediate binding).
+	StorageClassVsanFileServicePolicy = "vsan-file-service-policy"
+	// StorageClassVsanFileServicePolicyLateBinding is the supervisor StorageClass for vSAN file service (late binding).
+	StorageClassVsanFileServicePolicyLateBinding = "vsan-file-service-policy-latebinding"
+
+	// FVSVolumeIDPrefix is the CSI volume ID prefix for the FVS FileVolume CR workflow
+	// (fv:<instance-namespace>:<filevolume-name>).
+	FVSVolumeIDPrefix = "fv:"
+
 	// AttributeIsLinkedClone represents if this is a linked clone request
 	AttributeIsLinkedClone = "csi.vsphere.volume/fast-provisioning"
 

pkg/csi/service/common/vsphereutil.go

@@ -1217,7 +1217,7 @@ func GetCnsVolumeType(ctx context.Context, volumeId string) string {
 	log := logger.GetLogger(ctx)
 	var volumeType string
 	// Determine volume type based on volume ID prefix
-	if strings.HasPrefix(volumeId, "file:") {
+	if strings.HasPrefix(volumeId, "file:") || strings.HasPrefix(volumeId, FVSVolumeIDPrefix) {
 		volumeType = FileVolumeType
 	} else {
 		volumeType = BlockVolumeType

pkg/csi/service/wcp/controller.go

@@ -41,9 +41,15 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
+	corelisters "k8s.io/client-go/listers/core/v1"
+	"k8s.io/client-go/tools/cache"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
 	ctrlconfig "sigs.k8s.io/controller-runtime/pkg/client/config"
+	fvsapis "sigs.k8s.io/vsphere-csi-driver/v3/pkg/apis/filevolume"
 	"sigs.k8s.io/vsphere-csi-driver/v3/pkg/common/cns-lib/crypto"
 	cnsvolume "sigs.k8s.io/vsphere-csi-driver/v3/pkg/common/cns-lib/volume"
 	cnsvsphere "sigs.k8s.io/vsphere-csi-driver/v3/pkg/common/cns-lib/vsphere"
@@ -59,6 +65,7 @@ import (
 	"sigs.k8s.io/vsphere-csi-driver/v3/pkg/internalapis/cnsvolumeinfo"
 	cnsvolumeinfov1alpha1 "sigs.k8s.io/vsphere-csi-driver/v3/pkg/internalapis/cnsvolumeinfo/v1alpha1"
 	"sigs.k8s.io/vsphere-csi-driver/v3/pkg/internalapis/cnsvolumeoperationrequest"
+	k8s "sigs.k8s.io/vsphere-csi-driver/v3/pkg/kubernetes"
 )
 
 const (
@@ -87,6 +94,8 @@ var (
 	isPodVMOnStretchSupervisorFSSEnabled bool
 	// IsMultipleClustersPerVsphereZoneFSSEnabled is true when supports_multiple_clusters_per_zone FSS is enabled.
 	IsMultipleClustersPerVsphereZoneFSSEnabled bool
+	// isVsanFileVolumeServiceFSSEnabled is true when supports_vsan_fileservice capability is enabled on the supervisor.
+	isVsanFileVolumeServiceFSSEnabled bool
 )
 
 var getCandidateDatastores = cnsvsphere.GetCandidateDatastoresInCluster
@@ -113,11 +122,14 @@ type snapshotLockManager struct {
 }
 
 type controller struct {
-	manager         *common.Manager
-	authMgr         common.AuthorizationService
-	topologyMgr     commoncotypes.ControllerTopologyService
-	snapshotLockMgr *snapshotLockManager
-	k8sClient       kubernetes.Interface
+	manager          *common.Manager
+	authMgr          common.AuthorizationService
+	topologyMgr      commoncotypes.ControllerTopologyService
+	snapshotLockMgr  *snapshotLockManager
+	k8sClient        kubernetes.Interface
+	dynamicClient    dynamic.Interface
+	namespaceLister  corelisters.NamespaceLister
+	fileVolumeClient ctrlclient.Client
 	csi.UnimplementedControllerServer
 	csi.UnimplementedSnapshotMetadataServer
 }
@@ -181,6 +193,12 @@ func (c *controller) Init(config *cnsconfig.Config, version string) error {
 		common.FCDTransactionSupport)
 	IsMultipleClustersPerVsphereZoneFSSEnabled = commonco.ContainerOrchestratorUtility.IsFSSEnabled(ctx,
 		common.MultipleClustersPerVsphereZone)
+	isVsanFileVolumeServiceFSSEnabled = commonco.ContainerOrchestratorUtility.IsFSSEnabled(ctx,
+		common.VsanFileVolumeService)
+	if !commonco.ContainerOrchestratorUtility.IsFSSEnabled(ctx, common.VsanFileVolumeService) {
+		go commonco.ContainerOrchestratorUtility.HandleLateEnablementOfCapability(ctx, cnstypes.CnsClusterFlavorWorkload,
+			common.VsanFileVolumeService, "", "")
+	}
 	if !IsMultipleClustersPerVsphereZoneFSSEnabled {
 		go commonco.ContainerOrchestratorUtility.HandleLateEnablementOfCapability(ctx, cnstypes.CnsClusterFlavorWorkload,
 			common.MultipleClustersPerVsphereZone, "", "")
@@ -195,10 +213,6 @@ func (c *controller) Init(config *cnsconfig.Config, version string) error {
 		go commonco.ContainerOrchestratorUtility.HandleLateEnablementOfCapability(ctx, cnstypes.CnsClusterFlavorWorkload,
 			common.SharedDiskFss, "", "")
 	}
-	if !commonco.ContainerOrchestratorUtility.IsFSSEnabled(ctx, common.VsanFileVolumeService) {
-		go commonco.ContainerOrchestratorUtility.HandleLateEnablementOfCapability(ctx, cnstypes.CnsClusterFlavorWorkload,
-			common.VsanFileVolumeService, "", "")
-	}
 	if idempotencyHandlingEnabled {
 		log.Info("CSI Volume manager idempotency handling feature flag is enabled.")
 		operationStore, err = cnsvolumeoperationrequest.InitVolumeOperationRequestInterface(ctx,
@@ -256,6 +270,36 @@ func (c *controller) Init(config *cnsconfig.Config, version string) error {
 	}
 	log.Info("Initialized Kubernetes client")
 
+	if isVsanFileVolumeServiceFSSEnabled {
+		c.dynamicClient, err = dynamic.NewForConfig(cfg)
+		if err != nil {
+			log.Errorf("failed to create dynamic Kubernetes client. err=%v", err)
+			return err
+		}
+		log.Info("Initialized dynamic Kubernetes client")
+
+		fvsScheme := runtime.NewScheme()
+		if err = fvsapis.AddToScheme(fvsScheme); err != nil {
+			log.Errorf("failed to add FileVolume API types to scheme. err=%v", err)
+			return err
+		}
+		c.fileVolumeClient, err = ctrlclient.New(cfg, ctrlclient.Options{Scheme: fvsScheme})
+		if err != nil {
+			log.Errorf("failed to create FileVolume Kubernetes client. err=%v", err)
+			return err
+		}
+		log.Info("Initialized FileVolume Kubernetes client")
+
+		im := k8s.NewInformer(ctx, c.k8sClient, true)
+		im.InitNamespaceInformer()
+		im.Listen()
+		if nsSynced := im.NamespaceInformerSynced(); nsSynced != nil && !cache.WaitForCacheSync(ctx.Done(), nsSynced) {
+			return logger.LogNewErrorf(log, "FVS namespace informer cache sync failed")
+		}
+		c.namespaceLister = im.GetNamespaceLister()
+		log.Info("Namespace informer for FVS initialized")
+	}
+
 	vc, err := common.GetVCenter(ctx, c.manager)
 	if err != nil {
 		log.Errorf("failed to get vcenter. err=%v", err)
@@ -1745,6 +1789,14 @@ func (c *controller) CreateVolume(ctx context.Context, req *csi.CreateVolumeRequ
 				return nil, csifault.CSIUnimplementedFault, logger.LogNewErrorCode(log, codes.Unimplemented,
 					"file volume feature is disabled on the cluster")
 			}
+			scName := req.Parameters[common.AttributeStorageClassName]
+			useFVS, err := shouldProvisionVsanFileVolumeViaFVS(ctx, scName)
+			if err != nil {
+				return nil, csifault.CSIInvalidArgumentFault, err
+			}
+			if useFVS {
+				return c.createFileVolumeViaFVS(ctx, req)
+			}
 			// Block file volume provisioning if FSS Workload_Domain_Isolation_Supported is enabled but
 			// 'fileVolumeActivated' field is set to false in vSphere config secret.
 			if isWorkloadDomainIsolationEnabled &&