`cached` K8S CSI driver #89

airhorns · 2024-05-05T14:00:16Z

This makes cached able to operate in a new mode -- as a Kubernetes Container Storage Interface driver, where it can be the thing that powers K8S volumes directly! CSIs are usually used to implement strange and foreign storage interfaces, like GCP persistent disks or NFS or whatever weird mounts you can figure out in linux.

In order for the hardlinks to be on the same device and thus actually improve performance, the cache daemon has to have privileged access to the the volumes that pods mount. We can do that with ninja editing stuff in /var/lib/kubernetes in a privileged container, or we can do it the safer way that k8s endorses! It actually still ends up modifying stuff in /var/lib/kubernetes and has the same escalated privileges, but, a big win is that the CSI daemon needs no network interface, and only actually communicates with other trusted components (the kubelet). In our case, we don't need to implement very much of the CSI interface (and we report as such with the fancy capabilities RPCs), we just want an emptyDir on the same device as wherever the cache is stored. Turns out, this is pretty easy!

How this will work:

we'll deploy cached as a daemonset throughout the cluster, running in CSI mode talking to the kubelet
pods that want to use the DL cache will have volume declarations that look like this (instead of emptyDir):

      volumes:
       - name: gadget
         csi:
           driver: com.gadget.dateilager.cached
           volumeAttributes:
             placeCacheAtPath: "cache" # matches
           readOnly: false

when a new one of these volumes shows up, the kubelet will make GRPC calls to the CSI socket, which this PR makes cached implement
cached won't actually mount anything, but instead just drop the cache in an empty folder and set the permissions up right (the kubelet actually mounts the folder into the docker container as it always does) using the existing implementation from the previous PR
when the pod terminates, cached gets another RPC, and removes the whole folder (but not the shared golden copy of the cache).

Woop woop!

airhorns · 2024-05-05T14:00:32Z

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @airhorns and the rest of your teammates on Graphite

angelini · 2024-05-06T12:12:27Z

pkg/api/cachedcsi.go

@@ -0,0 +1,203 @@
+package api


Why do these methods on Cached exist in another file?

I figured it was nice to separate them since its the CSI stuff vs our stuff, but if that's against convention I will merge them?

pkg/api/cachedcsi.go

angelini · 2024-05-06T12:25:00Z

pkg/cli/cachedaemon.go

+			if csiSocket != "" {
+				go (func() {
+					logger.Info(ctx, "start CSI server")
+					err := s.ServeCSI(ctx, csiSocket)


I don't think this will cleanly stop on graceful shutdown. You likely want a cancellable context passed in here that we can abort on <-osSignals

Would you mind terribly shooting me a diff? I feel like I could figure it out but it would take you approximately 10 seconds to do

angelini · 2024-05-06T12:25:39Z

pkg/cli/cachedaemon.go

+
+			select {
+			case err := <-errors:
+				return err


If the CSI server caused this to fail, you need to also stop the GRPC server.

angelini · 2024-05-08T10:38:09Z

FYI, I'm going to push commits to this branch

a cache

This was referenced May 5, 2024

cached cache population daemon #85

Merged

Build dateilager within the dockerfile using the nix environment #86

Merged

Add a prerelease github workflow for building and publishing unfinished versions #87

Merged

airhorns force-pushed the cached branch from 492230e to 1cc3748 Compare May 5, 2024 17:01

airhorns force-pushed the harry/cached-csi branch from 3abf1c1 to 1f46c4f Compare May 5, 2024 17:01

airhorns force-pushed the cached branch from 1cc3748 to dbf53bc Compare May 5, 2024 17:02

airhorns mentioned this pull request May 5, 2024

Small changes to prep for caching daemon #90

Merged

airhorns force-pushed the cached branch 2 times, most recently from 7651505 to b48e6ea Compare May 5, 2024 19:45

airhorns force-pushed the harry/cached-csi branch from 1f46c4f to ca7677a Compare May 5, 2024 19:45

airhorns force-pushed the cached branch from b48e6ea to 3901875 Compare May 5, 2024 19:46

airhorns force-pushed the harry/cached-csi branch from ca7677a to 0baa853 Compare May 5, 2024 19:46

airhorns force-pushed the cached branch 2 times, most recently from 6b4d7cc to 7ee43f7 Compare May 5, 2024 22:32

airhorns force-pushed the harry/cached-csi branch from 0baa853 to 00250ab Compare May 5, 2024 22:32

airhorns force-pushed the cached branch from 7ee43f7 to 1f0db54 Compare May 5, 2024 22:40

airhorns force-pushed the harry/cached-csi branch from 00250ab to a362ebe Compare May 5, 2024 22:44

airhorns changed the title ~~Implement a CSI for kubernetes that prepopulates a mounted emptyDir with~~ cached K8S CSI driver May 5, 2024

airhorns force-pushed the cached branch from 1f0db54 to a1a8dc3 Compare May 5, 2024 23:27

airhorns force-pushed the harry/cached-csi branch from a362ebe to 75cd8b3 Compare May 5, 2024 23:27

airhorns force-pushed the cached branch from a1a8dc3 to 20d0682 Compare May 5, 2024 23:42

airhorns force-pushed the harry/cached-csi branch 4 times, most recently from ca00e2b to 332fe4e Compare May 6, 2024 01:58

airhorns mentioned this pull request May 6, 2024

Improve HardlinkDir performance #91

Draft