feat: add remount support

Author: paulgrammer

README.md

@@ -130,6 +130,49 @@ helm upgrade --install csi-rclone oci://ghcr.io/veloxpack/charts/csi-driver-rclo
 
 </details>
 
+**With Mount Existing (Automatic Remount on Restart):**
+
+Enable automatic remounting of volumes after driver restart. This feature saves mount state to Kubernetes Secrets and automatically remounts volumes when the driver restarts, ensuring volumes remain accessible even after node reboots or driver crashes.
+
+**Use cases:**
+- **Node reboots**: Volumes are automatically remounted when the node comes back online
+- **Driver restarts**: Maintains volume accessibility during driver updates or crashes
+- **High availability**: Ensures persistent volumes remain mounted across driver lifecycle events
+
+**How it works:**
+1. Mount state (remote config, mount options) is saved to Kubernetes Secrets when volumes are mounted
+2. On driver startup, saved mount states are loaded and volumes are automatically remounted
+3. If a volume is already mounted, it will be unmounted and remounted to ensure consistency
+
+**Installation:**
+
+```bash
+helm upgrade --install csi-rclone oci://ghcr.io/veloxpack/charts/csi-driver-rclone \
+  --namespace veloxpack --create-namespace \
+  --set node.extraArgs.mount-existing=true
+```
+
+<details>
+<summary>Advanced mount-existing configuration</summary>
+
+The mount state is stored in Kubernetes Secrets in the same namespace as the driver. You can customize the namespace if needed:
+
+```bash
+# The mount state manager automatically detects the driver namespace
+# Mount states are stored as Secrets with prefix: rclone-mount-state-<hash>
+# Each secret contains: volumeId, targetPath, configData, mountParams, etc.
+
+# View saved mount states
+kubectl get secrets -n veloxpack -l app.kubernetes.io/name=csi-driver-rclone,app.kubernetes.io/component=mount-state
+
+# Inspect a specific mount state
+kubectl get secret rclone-mount-state-<hash> -n veloxpack -o yaml
+```
+
+**Note:** When `mount-existing` is enabled, daemon mode is automatically enabled for all mounts to support proper cleanup and remounting.
+
+</details>
+
 **With Remote Control (RC) API:**
 
 Enable the rclone Remote Control API for programmatic control (e.g., VFS cache refresh, stats):

charts/templates/rbac-csi-rclone.yaml

@@ -83,6 +83,9 @@ rules:
   - apiGroups: ["storage.k8s.io"]
     resources: ["csinodes"]
     verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1

charts/values.yaml

@@ -213,7 +213,9 @@ node:
 
   # Additional command-line arguments.
   # Example: helm template ./charts --set node.extraArgs.metrics-addr=":5572"
-  extraArgs: {}
+  extraArgs:
+    # Mount existing volume mount points on startup
+    mount-existing: false
 
   # Cache directory mount configuration
   # This allows mounting a host path for the rclone cache directory, useful for:

cmd/rcloneplugin/main.go

@@ -29,9 +29,10 @@ import (
 )
 
 var (
-	endpoint   = flag.String("endpoint", "unix://tmp/csi.sock", "CSI endpoint")
-	nodeID     = flag.String("nodeid", "", "node id")
-	driverName = flag.String("drivername", rclone.DefaultDriverName, "name of the driver")
+	endpoint      = flag.String("endpoint", "unix://tmp/csi.sock", "CSI endpoint")
+	nodeID        = flag.String("nodeid", "", "node id")
+	driverName    = flag.String("drivername", rclone.DefaultDriverName, "name of the driver")
+	mountExisting = flag.Bool("mount-existing", false, "mount existing volume mount points on startup")
 )
 
 func main() {
@@ -108,9 +109,10 @@ func main() {
 	}
 
 	driverOptions := rclone.DriverOptions{
-		NodeID:     *nodeID,
-		DriverName: *driverName,
-		Endpoint:   *endpoint,
+		NodeID:        *nodeID,
+		DriverName:    *driverName,
+		Endpoint:      *endpoint,
+		MountExisting: *mountExisting,
 	}
 
 	driver := rclone.NewDriver(&driverOptions)

deploy/base/rbac-csi-rclone.yaml

@@ -58,3 +58,16 @@ roleRef:
   kind: ClusterRole
   name: rclone-external-provisioner-role
   apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rclone-csi-node-binding
+subjects:
+  - kind: ServiceAccount
+    name: csi-rclone-node-sa
+    namespace: system
+roleRef:
+  kind: ClusterRole
+  name: rclone-external-provisioner-role
+  apiGroup: rbac.authorization.k8s.io

deploy/components/mount-existing/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+patches:
+  - target:
+      kind: DaemonSet
+      name: csi-rclone-node
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/2/args/-
+        value: "--mount-existing"

deploy/example/rclone-secret-storageclass.yaml

@@ -14,9 +14,13 @@ parameters:
   # Reference to secret containing sensitive configuration
   csi.storage.k8s.io/node-publish-secret-name: "rclone-secret"
   csi.storage.k8s.io/node-publish-secret-namespace: "default"
+  # Optional: Mount options
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
 allowVolumeExpansion: true
+mountOptions:
+  - allow-non-empty
+
 ---
 # Example Secret for S3 Configuration
 apiVersion: v1

deploy/overlays/mount-existing/kustomization.yaml

@@ -0,0 +1,9 @@
+
+namespace: veloxpack
+
+resources:
+  - ../../base
+
+components:
+  - ../../components/mount-existing
+

pkg/rclone/mount_state.go

@@ -21,6 +21,7 @@ import (
 	"crypto/sha256"
 	"encoding/json"
 	"fmt"
+	"strconv"
 	"sync"
 	"time"
 
@@ -39,7 +40,6 @@ const (
 	// Kubernetes labels
 	labelAppName      = "app.kubernetes.io/name"
 	labelComponent    = "app.kubernetes.io/component"
-	labelVolumeID     = "rclone.csi.veloxpack.io/volume-id"
 	labelValueAppName = "csi-driver-rclone"
 	labelValueComp    = "mount-state"
 
@@ -54,9 +54,7 @@ const (
 	keyMountParams  = "mountParams"
 	keyMountOptions = "mountOptions"
 	keyReadOnly     = "readonly"
-
-	// Default namespace
-	defaultNamespace = "default"
+	keyPid          = "pid"
 )
 
 // MountState represents the complete state needed to remount a volume.
@@ -77,6 +75,9 @@ type MountState struct {
 	MountParams  map[string]string `json:"mountParams"`
 	MountOptions []string          `json:"mountOptions"`
 	ReadOnly     bool              `json:"readonly"`
+
+	// Daemon process ID (for remount cleanup)
+	MountDaemonPID int `json:"pid,omitempty"`
 }
 
 // Validate checks if the MountState contains required fields.
@@ -105,7 +106,7 @@ type MountStateManager struct {
 // It initializes the Kubernetes client and sets up the secret interface.
 func NewMountStateManager(namespace string) (*MountStateManager, error) {
 	if namespace == "" {
-		namespace = defaultNamespace
+		namespace = "default"
 	}
 
 	clientset, err := getK8sClient()
@@ -128,35 +129,6 @@ func (sm *MountStateManager) makeSecretName(volumeID string) string {
 	return secretNamePrefix + hash
 }
 
-// GetState retrieves the complete mount state for a specific volume.
-// Returns nil without error if no state exists for the volume.
-func (sm *MountStateManager) GetState(ctx context.Context, volumeID, targetPath string) (*MountState, error) {
-	if volumeID == "" {
-		return nil, fmt.Errorf("volumeID is required")
-	}
-
-	sm.mu.RLock()
-	defer sm.mu.RUnlock()
-
-	secretName := sm.makeSecretName(volumeID)
-	secret, err := sm.secrets.Get(ctx, secretName, metav1.GetOptions{})
-	if err != nil {
-		if errors.IsNotFound(err) {
-			klog.V(4).Infof("No state found for volume %s", volumeID)
-			return nil, nil
-		}
-		return nil, fmt.Errorf("failed to get state secret %s: %w", secretName, err)
-	}
-
-	state, err := sm.deserializeSecret(secret)
-	if err != nil {
-		return nil, fmt.Errorf("failed to deserialize secret %s: %w", secretName, err)
-	}
-
-	klog.V(4).Infof("Retrieved state for volume %s from secret %s", volumeID, secretName)
-	return state, nil
-}
-
 // deserializeSecret converts a Kubernetes Secret into a MountState struct.
 func (sm *MountStateManager) deserializeSecret(secret *v1.Secret) (*MountState, error) {
 	state := &MountState{
@@ -198,6 +170,16 @@ func (sm *MountStateManager) deserializeSecret(secret *v1.Secret) (*MountState,
 		state.MountOptions = make([]string, 0)
 	}
 
+	// Parse PID if present
+	if pidStr := byteToString(secret.Data[keyPid]); pidStr != "" {
+		if pid, err := strconv.Atoi(pidStr); err != nil {
+			klog.Warningf("Failed to parse PID '%s': %v", pidStr, err)
+			state.MountDaemonPID = 0
+		} else {
+			state.MountDaemonPID = pid
+		}
+	}
+
 	return state, nil
 }
 
@@ -264,7 +246,6 @@ func (sm *MountStateManager) buildSecret(state *MountState) (*v1.Secret, error)
 			Labels: map[string]string{
 				labelAppName:   labelValueAppName,
 				labelComponent: labelValueComp,
-				labelVolumeID:  state.VolumeID,
 			},
 		},
 		Type: v1.SecretTypeOpaque,
@@ -282,6 +263,11 @@ func (sm *MountStateManager) buildSecret(state *MountState) (*v1.Secret, error)
 		},
 	}
 
+	// Add PID if set
+	if state.MountDaemonPID > 0 {
+		secret.StringData[keyPid] = fmt.Sprintf("%d", state.MountDaemonPID)
+	}
+
 	return secret, nil
 }
 
@@ -338,31 +324,6 @@ func (sm *MountStateManager) LoadState(ctx context.Context) ([]*MountState, erro
 	return states, nil
 }
 
-// CleanupStaleStates removes mount state secrets older than the specified duration.
-// Useful for cleaning up orphaned secrets from failed mounts.
-func (sm *MountStateManager) CleanupStaleStates(ctx context.Context, olderThan time.Duration) (int, error) {
-	states, err := sm.LoadState(ctx)
-	if err != nil {
-		return 0, fmt.Errorf("failed to load states: %w", err)
-	}
-
-	cutoff := time.Now().Add(-olderThan)
-	deleted := 0
-
-	for _, state := range states {
-		if state.Timestamp.Before(cutoff) {
-			if err := sm.DeleteState(ctx, state.VolumeID, state.TargetPath); err != nil {
-				klog.Warningf("Failed to delete stale state for volume %s: %v", state.VolumeID, err)
-				continue
-			}
-			deleted++
-			klog.V(4).Infof("Deleted stale state for volume %s (age: %v)", state.VolumeID, time.Since(state.Timestamp))
-		}
-	}
-
-	return deleted, nil
-}
-
 func byteToString(value []byte) string {
 	return string(value)
 }