Docs: fix vulnerable dependencies

.autocorrectrc

@@ -20,5 +20,6 @@ spellcheck:
     - JucieFS = JuiceFS
     - JueicFS = JuiceFS
     - JuiecFS = JuiceFS
+    - JuiceSF = JuiceFS
     - Kuberenetes = Kubernetes
     - mountpoint = mount point

.github/scripts/e2e-test.py

@@ -89,11 +89,11 @@
                 test_dynamic_expand()
                 test_multi_pvc()
                 test_mountpod_recreated()
+                test_config()
+                test_recreate_mountpod_reload_config()
                 test_secret_has_owner_reference()
                 if without_kubelet:
                     test_pod_resource_err()
-                test_config()
-                test_recreate_mountpod_reload_config()
 
             elif test_mode == "pod-mount-share":
                 if not IS_CE:
@@ -144,10 +144,10 @@
                 test_quota_using_storage_rw()
                 test_dynamic_expand()
                 test_multi_pvc()
-                if without_kubelet:
-                    test_pod_resource_err()
                 test_config()
                 test_recreate_mountpod_reload_config()
+                if without_kubelet:
+                    test_pod_resource_err()
 
             elif test_mode == "webhook":
                 test_deployment_use_pv_rw()

.github/scripts/k8s-deps.sh

@@ -14,7 +14,7 @@ function die() {
 
 function install_deps() {
     sudo apt-get update && sudo apt-get install -y snapd curl netcat-openbsd bc dnsutils redis-tools librados2 python3
-    sudo apt install -y python3-kubernetes
+    sudo pip install kubernetes==18.20.0
     curl -fsSL -o /tmp/kustomize.tar.gz "$KUSTOMIZE_URL" \
         && tar -xf /tmp/kustomize.tar.gz -C /usr/local/bin \
         && chmod a+x /usr/local/bin/kustomize \

.github/scripts/test_case.py

@@ -24,7 +24,7 @@
 from model import PVC, PV, Pod, StorageClass, Deployment, Job, Secret
 from util import check_mount_point, wait_dir_empty, wait_dir_not_empty, \
     get_only_mount_pod_name, get_mount_pods, check_pod_ready, check_mount_pod_refs, gen_random_string, get_vol_uuid, \
-    get_voldel_job, check_quota, is_quota_supported, update_config, wait_get_only_mount_pod_name
+    get_voldel_job, check_quota, is_quota_supported, update_config
 
 
 def test_deployment_using_storage_rw():
@@ -691,15 +691,13 @@ def test_dynamic_delete_pod():
     is_ready = False
     for i in range(0, 60):
         try:
-            new_mount_pod = Pod(name=get_only_mount_pod_name(unique_id), deployment_name="", replicas=1, namespace=KUBE_SYSTEM)
-            is_ready = new_mount_pod.is_ready()
+            is_ready = mount_pod.is_ready()
             if is_ready:
                 break
             time.sleep(5)
         except Exception as e:
             LOG.info(e)
-            time.sleep(5)
-            continue
+            raise e
     if not is_ready:
         raise Exception("Mount pod {} didn't recovery within 5 min.".format(mount_pod.name))
 
@@ -771,15 +769,13 @@ def test_static_delete_pod():
     is_ready = False
     for i in range(0, 60):
         try:
-            new_mount_pod = Pod(name=get_only_mount_pod_name(volume_id), deployment_name="", replicas=1, namespace=KUBE_SYSTEM)
-            is_ready = new_mount_pod.is_ready()
+            is_ready = mount_pod.is_ready()
             if is_ready:
                 break
             time.sleep(5)
         except Exception as e:
             LOG.info(e)
-            time.sleep(5)
-            continue
+            raise e
     if not is_ready:
         raise Exception("Mount pod {} didn't recovery within 5 min.".format(mount_pod.name))
 
@@ -2602,20 +2598,10 @@ def test_mountpod_recreated():
 
     # wait for mountpod recreated
     LOG.info("Wait for mountpod recreated..")
-    is_ready = False
     for i in range(0, 60):
-        try:
-            new_mount_pod = Pod(name=get_only_mount_pod_name(volume_id), deployment_name="", replicas=1, namespace=KUBE_SYSTEM)
-            is_ready = new_mount_pod.is_ready()
-            if is_ready:
-                break
-            time.sleep(5)
-        except Exception as e:
-            LOG.info(e)
-            time.sleep(5)
-            continue
-    if not is_ready:
-        raise Exception("Mount pod {} didn't recovery within 5 min.".format(mount_pod.name))
+        if mount_pod.watch_for_success():
+            break
+        time.sleep(5)
 
     # check mount point
     LOG.info("Check mount point..")
@@ -2699,7 +2685,6 @@ def test_config():
         ["kubectl", "annotate", "pods", "--overwrite", "-n", KUBE_SYSTEM, "-l", "app=juicefs-csi-node",
          "updatedAt=" + str(int(time.time()))])
 
-    time.sleep(2)
     # deploy pvc
     pvc1 = PVC(name="pvc-config-without-labels", access_mode="ReadWriteMany", storage_name=STORAGECLASS_NAME, pv="")
     LOG.info("Deploy pvc {}".format(pvc1.name))
@@ -2878,36 +2863,26 @@ def test_recreate_mountpod_reload_config():
     subprocess.check_call(
         ["kubectl", "annotate", "pods", "--overwrite", "-n", KUBE_SYSTEM, "-l", "app=juicefs-csi-node",
          "updatedAt=" + str(int(time.time()))])
-    # sleep 2s to wait config update
-    time.sleep(2)
 
     LOG.info("Start to delete mountpod..")
     mount_pod = Pod(name=get_only_mount_pod_name(volume_id), deployment_name="", replicas=1, namespace=KUBE_SYSTEM)
     mount_pod.delete()
 
     # wait for mountpod recreated
     LOG.info("Wait for mountpod recreated..")
-
-    result = pod.watch_for_success()
-    if not result:
-        if MOUNT_MODE == "webhook":
-            pods = client.CoreV1Api().list_namespaced_pod(
-                namespace="default",
-                label_selector="deployment={}".format(deployment.name)
-            )
-            for po in pods.items:
-                pod_name = po.metadata.name
-                if not check_pod_ready(po):
-                    subprocess.check_call(["kubectl", "get", "po", pod_name, "-o", "yaml", "-n", "default"])
-        raise Exception("Pods of deployment {} are not ready within 10 min.".format(deployment.name))
+    time.sleep(20)
+    for i in range(0, 60):
+        if mount_pod.watch_for_success():
+            break
+        time.sleep(5)
 
     # check mount point
     LOG.info("Check mount point..")
     result = check_mount_point(check_path)
     if not result:
         raise Exception("mount Point of /jfs/{}/out.txt are not ready within 5 min.".format(volume_id))
 
-    mount_pod = Pod(name=wait_get_only_mount_pod_name(volume_id), deployment_name="", replicas=1, namespace=KUBE_SYSTEM)
+    mount_pod = Pod(name=get_only_mount_pod_name(volume_id), deployment_name="", replicas=1, namespace=KUBE_SYSTEM)
     if mount_pod.get_metadata().labels.get("apply") != "updated_config":
         raise Exception("mountpod config labels not set")
     if mount_pod.get_metadata().labels.get("volume_id") != volume_id:

.github/scripts/util.py

@@ -117,7 +117,7 @@ def check_mount_point(check_path):
 
 def check_quota(name, expected):
     output = ""
-    for i in range(0, 30):
+    for i in range(0, 10):
         process = subprocess.run([
             "kubectl", "exec", name, "-c", "app", "-n", "default", "-t", "--", "df", "-h"],
             stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
@@ -184,15 +184,6 @@ def get_only_mount_pod_name(volume_id):
     return running_pods[0].metadata.name
 
 
-def wait_get_only_mount_pod_name(volume_id, timeout=60):
-    for i in range(0, timeout):
-        try:
-            return get_only_mount_pod_name(volume_id)
-        except Exception as e:
-            time.sleep(1)
-            continue
-
-
 def get_mount_pods(volume_id):
     pods = client.CoreV1Api().list_namespaced_pod(
         namespace=KUBE_SYSTEM,

.github/workflows/codeql-analysis.yml

@@ -16,6 +16,10 @@ on:
     branches: [ master ]
     paths:
       - '**.go'
+      - '!docs/**'
+      - '!**.md'
+      - '!.autocorrectrc'
+      - '!.markdownlint-cli2.jsonc'
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ master ]

.github/workflows/dashboard-ci.yaml

@@ -11,6 +11,10 @@ on:
       - 'dashboard-ui-v2/**'
       - 'cmd/dashboard/**'
       - 'pkg/dashboard/**'
+      - '!docs/**'
+      - '!**.md'
+      - '!.autocorrectrc'
+      - '!.markdownlint-cli2.jsonc'
   pull_request:
     branches:
       - master
@@ -21,6 +25,10 @@ on:
       - 'dashboard-ui-v2/**'
       - 'cmd/dashboard/**'
       - 'pkg/dashboard/**'
+      - '!docs/**'
+      - '!**.md'
+      - '!.autocorrectrc'
+      - '!.markdownlint-cli2.jsonc'
 
 jobs:
   build:

.github/workflows/go.yaml

@@ -12,6 +12,10 @@ on:
       - '**.sh'
       - '**.mod'
       - '**.sum'
+      - '!docs/**'
+      - '!**.md'
+      - '!.autocorrectrc'
+      - '!.markdownlint-cli2.jsonc'
   pull_request:
     branches:
       - master
@@ -23,6 +27,10 @@ on:
       - '**.sh'
       - '**.mod'
       - '**.sum'
+      - '!docs/**'
+      - '!**.md'
+      - '!.autocorrectrc'
+      - '!.markdownlint-cli2.jsonc'
   workflow_dispatch:
     inputs:
       debug:
@@ -75,7 +83,7 @@ jobs:
           value=`printf '%s\n' "${testmode[@]}" | jq -R . | jq -cs .`
           echo "value: $value"
           echo "matrix=$value" >> $GITHUB_OUTPUT
-          
+
           wtestmode=("pod" "pod-mount-share" "pod-provisioner")
           value=`printf '%s\n' "${wtestmode[@]}" | jq -R . | jq -cs .`
           echo "value without kubelet: $value"

.markdownlint-cli2.jsonc

@@ -15,7 +15,7 @@
     },
     "line-length": false,
     "no-duplicate-heading": {
-      "allow_different_nesting": true
+      "siblings_only": true
     },
     "no-inline-html": {
       "allowed_elements": [

cmd/app/mount_manager.go

@@ -31,7 +31,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 
-	"github.com/juicedata/juicefs-csi-driver/pkg/common"
 	"github.com/juicedata/juicefs-csi-driver/pkg/config"
 	mountctrl "github.com/juicedata/juicefs-csi-driver/pkg/controller"
 	"github.com/juicedata/juicefs-csi-driver/pkg/k8sclient"
@@ -72,10 +71,10 @@ func NewMountManager(
 			Scheme: scheme,
 			SelectorsByObject: cache.SelectorsByObject{
 				&corev1.Pod{}: {
-					Label: labels.SelectorFromSet(labels.Set{common.PodTypeKey: common.PodTypeValue}),
+					Label: labels.SelectorFromSet(labels.Set{config.PodTypeKey: config.PodTypeValue}),
 				},
 				&batchv1.Job{}: {
-					Label: labels.SelectorFromSet(labels.Set{common.PodTypeKey: common.JobTypeValue}),
+					Label: labels.SelectorFromSet(labels.Set{config.PodTypeKey: config.JobTypeValue}),
 				},
 			},
 		}),

cmd/app/pod_manager.go

@@ -26,7 +26,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 
-	"github.com/juicedata/juicefs-csi-driver/pkg/common"
+	"github.com/juicedata/juicefs-csi-driver/pkg/config"
 	mountctrl "github.com/juicedata/juicefs-csi-driver/pkg/controller"
 	"github.com/juicedata/juicefs-csi-driver/pkg/k8sclient"
 )
@@ -55,7 +55,7 @@ func NewPodManager() (*PodManager, error) {
 			Scheme: scheme,
 			SelectorsByObject: cache.SelectorsByObject{
 				&corev1.Pod{}: {
-					Label: labels.SelectorFromSet(labels.Set{common.PodTypeKey: common.PodTypeValue}),
+					Label: labels.SelectorFromSet(labels.Set{config.PodTypeKey: config.PodTypeValue}),
 				},
 			},
 		}),

cmd/app/webhook.go

@@ -26,7 +26,6 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
 
-	"github.com/juicedata/juicefs-csi-driver/pkg/common"
 	"github.com/juicedata/juicefs-csi-driver/pkg/config"
 	mountctrl "github.com/juicedata/juicefs-csi-driver/pkg/controller"
 	"github.com/juicedata/juicefs-csi-driver/pkg/k8sclient"
@@ -61,7 +60,7 @@ func NewWebhookManager(certDir string, webhookPort int, leaderElection bool,
 			Scheme: scheme,
 			SelectorsByObject: cache.SelectorsByObject{
 				&corev1.Pod{}: {
-					Label: labels.SelectorFromSet(labels.Set{common.InjectSidecarDone: common.True}),
+					Label: labels.SelectorFromSet(labels.Set{config.InjectSidecarDone: config.True}),
 				},
 			},
 		}),

cmd/main.go

@@ -102,8 +102,6 @@ func main() {
 	klog.InitFlags(goFlag)
 	cmd.PersistentFlags().AddGoFlagSet(goFlag)
 
-	cmd.AddCommand(upgradeCmd)
-
 	if err := cmd.Execute(); err != nil {
 		os.Exit(1)
 	}

cmd/node.go

@@ -31,8 +31,7 @@ import (
 	"github.com/juicedata/juicefs-csi-driver/pkg/config"
 	"github.com/juicedata/juicefs-csi-driver/pkg/controller"
 	"github.com/juicedata/juicefs-csi-driver/pkg/driver"
-	"github.com/juicedata/juicefs-csi-driver/pkg/fuse/grace"
-	"github.com/juicedata/juicefs-csi-driver/pkg/fuse/passfd"
+	"github.com/juicedata/juicefs-csi-driver/pkg/fuse"
 	k8s "github.com/juicedata/juicefs-csi-driver/pkg/k8sclient"
 	"github.com/juicedata/juicefs-csi-driver/pkg/util"
 )
@@ -126,16 +125,11 @@ func parseNodeConfig() {
 		os.Exit(1)
 	}
 	config.CSIPod = *pod
-	err = passfd.InitGlobalFds(context.TODO(), k8sclient, "/tmp")
+	err = fuse.InitGlobalFds(context.TODO(), "/tmp")
 	if err != nil {
 		log.Error(err, "Init global fds error")
 		os.Exit(1)
 	}
-	err = grace.ServeGfShutdown(config.ShutdownSockPath)
-	if err != nil {
-		log.Error(err, "Serve graceful shutdown error")
-		os.Exit(1)
-	}
 }
 
 func nodeRun(ctx context.Context) {