awslabs · unexge · Feb 3, 2025 · Jan 30, 2025 · Jan 30, 2025 · Feb 3, 2025
@@ -21,12 +21,11 @@ import (
 	"fmt"
 	"net"
 	"os"
-	"time"
 
 	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node"
+	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/credentialprovider"
 	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/node/mounter"
 	"github.com/awslabs/aws-s3-csi-driver/pkg/driver/version"
-	"github.com/awslabs/aws-s3-csi-driver/pkg/util"
 	"github.com/container-storage-interface/spec/lib/go/csi"
 	"google.golang.org/grpc"
 	"k8s.io/client-go/kubernetes"
@@ -35,15 +34,11 @@ import (
 )
 
 const (
-	driverName          = "s3.csi.aws.com"
-	webIdentityTokenEnv = "AWS_WEB_IDENTITY_TOKEN_FILE"
+	driverName = "s3.csi.aws.com"
 
 	grpcServerMaxReceiveMessageSize = 1024 * 1024 * 2 // 2MB
 
 	unixSocketPerm = os.FileMode(0700) // only owner can write and read.
-
-	// This is the plugin directory for CSI driver mounted in the container.
-	containerPluginDir = "/csi"
 )
 
 type Driver struct {
@@ -74,13 +69,19 @@ func NewDriver(endpoint string, mpVersion string, nodeID string) (*Driver, error
 	klog.Infof("Driver version: %v, Git commit: %v, build date: %v, nodeID: %v, mount-s3 version: %v, kubernetes version: %v",
 		version.DriverVersion, version.GitCommit, version.BuildDate, nodeID, mpVersion, kubernetesVersion)
 
-	systemd_mounter, err := mounter.NewSystemdMounter(mpVersion, kubernetesVersion)
+	// `credentialprovider.RegionFromIMDSOnce` is a `sync.OnceValues` and it only makes request to IMDS once,
+	// this call is basically here to pre-warm the cache of IMDS call.
+	go func() {
+		_, _ = credentialprovider.RegionFromIMDSOnce()
+	}()
+
+	credProvider := credentialprovider.New(clientset.CoreV1(), credentialprovider.RegionFromIMDSOnce)
+	systemdMounter, err := mounter.NewSystemdMounter(credProvider, mpVersion, kubernetesVersion)
 	if err != nil {
 		klog.Fatalln(err)
 	}
 
-	credentialProvider := mounter.NewCredentialProvider(clientset.CoreV1(), containerPluginDir, mounter.RegionFromIMDSOnce)
-	nodeServer := node.NewS3NodeServer(nodeID, systemd_mounter, credentialProvider)
+	nodeServer := node.NewS3NodeServer(nodeID, systemdMounter)
 
 	return &Driver{
 		Endpoint:   endpoint,
@@ -90,14 +91,6 @@ func NewDriver(endpoint string, mpVersion string, nodeID string) (*Driver, error
 }
 
 func (d *Driver) Run() error {
-	ctx, cancel := context.WithCancel(context.Background())
-	defer cancel()
-	tokenFile := os.Getenv(webIdentityTokenEnv)
-	if tokenFile != "" {
-		klog.Infof("Found AWS_WEB_IDENTITY_TOKEN_FILE, syncing token")
-		go tokenFileTender(ctx, tokenFile, "/csi/token")
-	}
-
 	scheme, addr, err := ParseEndpoint(d.Endpoint)
 	if err != nil {
 		return err
@@ -150,22 +143,6 @@ func (d *Driver) Stop() {
 	d.Srv.Stop()
 }
 
-func tokenFileTender(ctx context.Context, sourcePath string, destPath string) {
-	for {
-		timer := time.After(10 * time.Second)
-		err := util.ReplaceFile(destPath, sourcePath, 0600)
-		if err != nil {
-			klog.Infof("Failed to sync AWS web token file: %v", err)
-		}
-		select {
-		case <-timer:
-			continue
-		case <-ctx.Done():
-			return
-		}
-	}
-}
-
 func kubernetesVersion(clientset *kubernetes.Clientset) (string, error) {
 	version, err := clientset.ServerVersion()
 	if err != nil {