AWS ROSA support

[jsanchezmartinez]

/feature

Is your feature request related to a problem? Please describe.
Current Helm Chart not working in AWS ROSA.

Describe the solution you'd like in detail
AWS ROSA support.

Additional context
ImagePullBackOff

I1213 11:10:02.072905 1 driver.go:61] Driver version: 1.1.0, Git commit: c681ab1, build date: 2023-12-05T19:47:03Z, nodeID: ip-10-252-14-48.eu-west-1.compute.internal, mount-s3 version: 1.3.1
I1213 11:10:02.075541 1 mount_linux.go:282] Detected umount with safe 'not mounted' behavior
I1213 11:10:02.087546 1 driver.go:113] Listening for connections on address: &net.UnixAddr{Name:"/csi/csi.sock", Net:"unix"}

exitCode: 2

[dlakhaws]

Thank you for the feature request. This is something we are tracking, we are planning to publish a public roadmap shortly and will provide updates on the timeline for adding this feature.

[zonybob]

I'd like to second this request. We run on our own AWS infra (not ROSA), but it is still OpenShift atop RHCOS.
For me, the blockers were:

1. The autogenerated /opt/mountpoint-s3-csi/bin directory did not have the necessary SELinux context. I had to chcon -R -t bin_t /opt/mountpoint-s3-csi/bin UPDATE: only have to update node.mountpointInstallPath to /var/usrlocal/bin/

2. It seems SELinux also blocks the ability to open /dev/pts/N device files. I had to use audit2allow and follow https://access.redhat.com/solutions/7015317 to add the below

module fix_devpts 1.0;

require {
        type init_t;
        type devpts_t;
        class chr_file open;
}

#============= init_t ==============
allow init_t devpts_t:chr_file open;

After doing all of the above, I was able to use the driver to mount PVCs as documented.

I don't believe I'll be permitted to take these workarounds to any production environments, so I am very interested in seeing the driver work "out of the box" on RHCOS

[gisjedi]

@dlakhaws Are external PRs accepted? We have interest in assisting with technical contributions to resolve, if that is the case.

[akhilesh-delphix]

@dlakhaws : do you have any tentative date for this feature availability. We are planning to use S3 bucket as storage with in openshift cluster and eagerly waiting for this feature.

[ahmarsuhail]

@gisjedi We are happy to review contributions. Since this feature requires a substantial change, in case you are planning to contribute, could you please describe the changes you're planning to make in this issue first?

@akhilesh-delphix Unfortunately we are unable to provide any timelines.

[zonybob]

@akhilesh-delphix I have been able to run this driver on OpenShift using a couple of tweaks...

• set node.mountpointInstallPath to /var/usrlocal/bin/
• Use the Security Profile Operator (from Red Hat) to install the above SELinux module on all the nodes

apiVersion: security-profiles-operator.x-k8s.io/v1alpha2
kind: RawSelinuxProfile
metadata:
  name: fix-devpts
  namespace: kube-system
spec:
  policy: |
    (blockinherit container)
    (typeattributeset cil_gen_require init_t)
    (typeattributeset cil_gen_require devpts_t)
    (allow init_t devpts_t (chr_file (open)))

These are not ideal workarounds, but I thought I'd leave those notes here in case they are helpful