Alauda DevOps Connectors Docs
  • English

    • Connectors CSI Driver

    TOC

    OverviewQuick Start1. Create a ConnectorClass2. Create a Connector3. Create a Pod Using the CSI DriverBuilt-in ConfigurationsCSI Volume ParametersMultiple ConnectorsConfiguration MergingConfiguration File RenderingAvailable VariablesBuilt-in FunctionsAbout the Proxy ServiceConfiguration examples

    Overview

    The Connectors CSI Driver is a storage driver implemented based on the Container Storage Interface (CSI) specification. It can mount configurations from the Connector as volumes into Kubernetes workloads. Key features include:

    • Mounting configuration files from the Connector into Pods
    • Supporting dynamic variable rendering in configuration files to automatically inject runtime information
    • Supporting the simultaneous mounting of multiple configuration files

    All configuration data comes from the ConnectorClass configuration associated with the Connector.

    Quick Start

    1. Create a ConnectorClass

    First, create a ConnectorClass that includes Git configuration:

    cat << EOF | kubectl apply -f -
apiVersion: connectors.alauda.io/v1alpha1
kind: ConnectorClass
metadata:
  name: my-git
spec:
  address:
    type: string
  configurations:
  - name: config
    data:
      .gitconfig: |
        this is git config
EOF

    2. Create a Connector

    Then, create a Connector that connects to GitHub:

    cat << EOF | kubectl apply -f -
apiVersion: connectors.alauda.io/v1alpha1
kind: Connector
metadata:
  name: git-connector
spec:
  address: https://github.com
  connectorClassName: my-git
EOF

    3. Create a Pod Using the CSI Driver

    Create a Pod that mounts the configuration:

    cat << EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
  name: csi-demo
  namespace: default
spec:
  restartPolicy: Never
  containers:
  - name: web
    image: bitnami/git:2.47.1
    imagePullPolicy: IfNotPresent
    command: ["sleep", "3600"]
    volumeMounts:
    - name: git-config
      mountPath: /tmp/config
  volumes:
  - name: git-config
    csi:
      readOnly: true
      driver: connectors-csi
      volumeAttributes:
        connectors: "default/git-connector"
        configuration.names: "config"
EOF

    Verify the mounted files:

    # List all mounted files (including built-in configurations)
kubectl exec -ti csi-demo -- ls -l /tmp/config

# View the custom configuration from ConnectorClass
kubectl exec -ti csi-demo -- cat /tmp/config/.gitconfig

    Built-in Configurations

    The CSI Driver automatically provides built-in configuration files that are always mounted into Pods.

    File NameDescription
    .envEnvironment variables file containing http_proxy, https_proxy, and no_proxy in key=value format.
    If multiple Connector Categories are present, the proxy settings from the last ConnectorClass are applied.
    http.proxyForward proxy URL with authentication for HTTP.
    If multiple Connector Categories are present, the proxy settings from the last ConnectorClass are applied.
    https.proxyForward proxy URL with authentication for HTTPS.
    If multiple Connector Categories are present, the proxy settings from the last ConnectorClass are applied.
    context.tokenAuthentication token for the proxy service
    context.proxy.caCertCA certificate for the Connectors proxy
    connector.status.proxyAddressProxy address (see Connectors Proxy).
    If multiple Connectors are present, the proxy information from the last ConnectorClass will be used.
    ca.certCA certificate for the Connectors proxy, same as context.proxy.caCert

    Forward Proxy Usage:

    # Option 1
export http_proxy=$(cat /{mount-path}/http.proxy)
export https_proxy=$(cat /{mount-path}/https.proxy)

# Option 2
source /{mount-path}/.env

    Reverse Proxy Usage:

    export TOKEN=$(cat /{mount-path}/context.token)
export SERVER=$(cat /{mount-path}/connector.status.proxyAddress)

{cli} --server $SERVER --token $TOKEN

    CSI Volume Parameters

    Volume Parameters

    ParameterRequiredDescription
    readOnlyYesMust be true
    driverYesMust be connectors-csi

    Volume Attributes

    ParameterRequiredDescription
    connector.nameNoConnector name (Deprecated — use connectors instead)
    connector.namespaceNoConnector namespace, defaults to Pod's namespace (Deprecated — use connectors instead)
    configuration.namesNoComma-separated configuration names (e.g., config1,config2), the configuration names are the names of the configurations in the ConnectorClass
    token.expirationNoToken expiration time (default: 30m)
    connectorsYesComma-separated list of connectors in the format namespace/name or name; if namespace is omitted, the Pod's namespace is used. Used to specify multiple connectors.

    Examples

    Mount a single configuration:

    volumes:
- name: config
  csi:
    driver: connectors-csi
    readOnly: true
    volumeAttributes:
      connectors: "my-connector"
      configuration.names: "config1"

    Mount multiple configurations:

    volumes:
- name: config
  csi:
    driver: connectors-csi
    readOnly: true
    volumeAttributes:
      connectors: "my-connector"
      configuration.names: "config1,config2"

    Mount multiple connectors for proxy authentication:

    volumes:
- name: config
  csi:
    driver: connectors-csi
    readOnly: true
    volumeAttributes:
      connectors: "namespace1/connector1,namespace2/connector2"
      configuration.names: "config1,config2"

    Notes:

    • If configuration.names is omitted, only built-in configurations are mounted
    • When multiple configurations contain files with the same name, later configurations overwrite earlier ones
    • The connectors parameter is used to specify multiple connectors for mount config.

    Multiple Connectors

    The Connectors CSI Driver supports using multiple Connectors for configurations. You can specify multiple Connectors using the connectors volume attribute in the format namespace/name or name; if namespace is omitted, the Pod's namespace is used. Connectors should be separated by commas.

    volumes:
- name: config
  csi:
    driver: connectors-csi
    readOnly: true
    volumeAttributes:
      connectors: "namespace1/connector1,namespace2/connector2"
      configuration.names: "config1,config2"

    When multiple Connectors are specified, the CSI Driver merges configuration files based on the configuration.names attribute. The merging behavior is detailed in the Configuration Merging section.

    WARNING

    There is no strict limit on how many connectors you may list; however, avoid specifying too many Connectors to prevent oversized request headers and other proxy-related issues.

    Configuration Merging

    When multiple Connectors are specified, the CSI Driver will merge the configuration files from all specified Connectors based on the configuration.names attribute.

    There are several possible scenarios for processing configuration files; the cases below describe the behavior in each.

    Same Configuration Name

    For Connectors with the same configuration name, when multiple Connectors are specified, their configuration data will be merged into a single configuration file.

    Configuration templates should support rendering data for multiple Connectors so a single file can incorporate multiple connector-specific data sets.

    For example:

    apiVersion: connectors.alauda.io/v1alpha1
kind: ConnectorClass
metadata:
  name: multi-connector
spec:
  configurations:
  - name: config
    data:
      .multi-connector-config: |
        {{- range .connectors }}
        # Configuration for Connector: {{ .name }}
        param_name = {{ .name }}
        param_value = {{ .spec.address }}
        {{- end }}

    in the above example, the configuration file .multi-connector-config will include sections for each Connector specified in the connectors volume attribute.

    kubectl exec -ti pod-name -- ls -l /mount-path/
# Output:
# - .multi-connector-config
    WARNING

    If the merged connectors come from different ConnectorClasses and have configuration files with the same name, the configuration from the later ConnectorClass will override the configuration from the earlier ConnectorClass. Therefore, it is recommended to use different configuration file names in this scenario to avoid conflicts.

    Different Configuration Names

    When the specified Connectors have different configuration names, the CSI Driver will mount all configurations separately.

    apiVersion: connectors.alauda.io/v1alpha1
kind: ConnectorClass
metadata:
  name: connector-a
spec:
  configurations:
  - name: config-a
    data:
      config.xml: |
        {{- range .connectors }}
        # Configuration for Connector: {{ .name }}
        param_name = {{ .name }}
        param_value = {{ .spec.address }}
        {{- end }}
---
apiVersion: connectors.alauda.io/v1alpha1
kind: ConnectorClass
metadata:   
  name: connector-b
spec:
  configurations:
  - name: config-b
    data:
      settings.json: |
        {"connectors": [
        {{- range .connectors }}
          {"name": "{{ .name }}", "address": "{{ .spec.address }}"},
        {{- end }}
        ]}

    When mounting with both connectors and configuration names:

    - name: config
  csi:
    driver: connectors-csi
    readOnly: true
    volumeAttributes:
      connectors: "namespace-a/connector-a,namespace-b/connector-b"
      configuration.names: "config-a,config-b"

    The mounted volume will contain both config.xml and settings.json, each populated with data from their respective Connectors.

    kubectl exec -ti pod-name -- ls -l /mount-path/
# Output:
# - config.xml
# - settings.json

    Configuration File Rendering

    The CSI Driver performs variable rendering when mounting configuration files, using Go template syntax.

    Available Variables

    VariableDescription
    .connector.status.proxyAddressProxy address of the Connector; refer to connectors-proxy
    .connector.spec.*Spec of the Connector, you can get all fields of the Connector Spec, eg. .connector.spec.address or .connector.spec.params
    .context.tokenAuthentication token for accessing the proxy service
    .context.proxy.caCertCA certificate for accessing the connectors proxy (forward proxy); refer to connectors-proxy
    .connectorsList of Connectors when multiple Connectors are specified; each Connector has the same structure as .connector
    .connectorclass.proxyAddressProxy address of the ConnectorClass when multiple ConnectorClasses are specified.

    Built-in Functions

    Refer to sprig for supported functions

    For example: b64enc: Base64 encoding of a string

    About the Proxy Service

    Connectors provide a proxy service for each Connector, allowing clients to access target resources without needing to store the original credentials. For more details, please refer to connectors-proxy.

    Configuration examples

    Constant content

    apiVersion: connectors.alauda.io/v1alpha1
kind: ConnectorClass
metadata:
  name: my-git
spec:
  address:
    type: string
  configurations:
  - name: config
    data:
      .gitconfig: |
        this is git config

    Using connector.spec.params

    The following ConnectorClass defines a parameter sslVerify to control the SSL verification during git clone.

    kind: ConnectorClass
metadata:
  name: git
spec:

  params:
  - name: sslVerify
    type: string
    default: "true"

  configurations:
  - name: config
    data:
      .gitconfig: |
        {{ $sslVerify := "true" -}}
        {{- range .connector.spec.params }}{{- if eq .name "sslVerify" }}{{$sslVerify = .value }}{{ end }}{{- end }}
        [http]
          sslVerify = {{ $sslVerify }}

    Using proxy service and token

    The following ConnectorClass provides a file named .gitconfig, which automatically injects headers and replaces the git URL during git clone by using the proxy service and token.

    kind: ConnectorClass
metadata:
  name: git
spec:
  configurations:
  - name: config
    data:
      .gitconfig: |
        [http]
            extraHeader = Authorization: Basic {{ printf ":%s" .context.token | b64enc }}
        {{- range .connectors }}
        [url "{{ .status.proxyAddress }}"]
            insteadOf = {{.spec.address}}
        {{- end }}