feat: Add DaemonSet mount mode for shared StorageClass mount pods

## Summary
Introduces a new DaemonSet deployment mode for JuiceFS mount pods when using StorageClass with mount sharing enabled. This feature provides better resource management by deploying mount pods as DaemonSets instead of individual shared pods, with configurable node affinity control through ConfigMaps.

## Key Features
- **Three mount modes**: per-pvc (default), shared-pod, and daemonset
- **ConfigMap-based configuration**: Control mount mode and node affinity via `juicefs-mount-config` ConfigMap
- **Node affinity support**: Restrict DaemonSet deployment to specific nodes using standard Kubernetes node affinity
- **Automatic fallback**: Falls back to shared-pod mode if DaemonSet cannot schedule on a node
- **Seamless transition**: Works with existing StorageClasses without modification

## Implementation Details

### Core Components
- `pkg/juicefs/mount/mount_selector.go`: Dynamic mount type selection based on configuration
- `pkg/juicefs/mount/daemonset_mount.go`: DaemonSet mount implementation with scheduling error handling
- `pkg/config/mount_config.go`: ConfigMap parsing for mount mode and node affinity
- `pkg/config/mount_config_helper.go`: Helper functions for DaemonSet configuration
- `pkg/juicefs/mount/builder/daemonset.go`: DaemonSet resource builder

### Configuration
Mount modes are configured via ConfigMap in kube-system namespace:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: juicefs-mount-config
  namespace: kube-system
data:
  default: |
    mode: shared-pod  # Options: per-pvc, shared-pod, daemonset
  my-storageclass: |
    mode: daemonset
    nodeAffinity:  # Required for daemonset mode
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: node.kubernetes.io/workload
            operator: In
            values: ["compute"]
```

### Changes to Existing Components
- **pod_driver.go**: Skip DaemonSet pods in deletion/recreation handlers
- **juicefs.go**: Add MountSelector for dynamic mount type selection and AuthFs serialization
- **k8sclient**: Add DaemonSet CRUD operations
- **RBAC**: Add DaemonSet permissions to CSI node service account

### Documentation & Examples
- `docs/en/guide/daemonset-mount.md`: Comprehensive usage documentation
- `docs/en/guide/mount-pod-configuration.md`: Mount pod configuration guide
- `deploy/kubernetes/csi-daemonset-mount/`: Example DaemonSet configurations
- `deploy/kubernetes/mount-config/`: Example ConfigMap configurations

### Testing
- Unit tests for mount selector logic
- Unit tests for DaemonSet mount implementation
- ConfigMap parsing and validation tests

## Benefits
1. **Better resource utilization**: One mount pod per node instead of per PVC
2. **Improved control**: Node affinity ensures mount pods only run where needed
3. **Simplified operations**: Easier to manage and monitor as DaemonSets
4. **Automatic lifecycle**: DaemonSet controller handles pod creation/deletion
5. **Backward compatible**: Works with existing StorageClasses and mount sharing

## Migration Path
1. Enable `STORAGE_CLASS_SHARE_MOUNT` in CSI Controller and Node
2. Grant DaemonSet RBAC permissions (included in updated manifests)
3. Create ConfigMap with desired mount mode configuration
4. New PVCs will automatically use configured mount mode

## Deployment Updates
- Updated `deploy/k8s.yaml` and `deploy/k8s_before_v1_18.yaml` with DaemonSet RBAC
- Added DaemonSet resource configurations
- Updated Docker build process for consistency

This feature enhances the JuiceFS CSI Driver's flexibility in managing mount pods, particularly beneficial for large-scale deployments where mount pod proliferation can become a resource management challenge.

Author: elijah-rou

.github/workflows/ci_release.yml

@@ -0,0 +1,201 @@
+name: JuiceFS CSI Release
+on:
+  push:
+    branches:
+      - master
+      - release-*
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+    steps:
+      - name: "Checkout Code"
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Determine version
+        id: version
+        run: |
+          # Get the latest tag that matches v* pattern
+          LATEST_TAG=$(git describe --tags --match 'v*' --abbrev=0 2>/dev/null || echo "v0.0.0")
+
+          # Extract major, minor, patch
+          VERSION=${LATEST_TAG#v}
+          MAJOR=$(echo $VERSION | cut -d. -f1)
+          MINOR=$(echo $VERSION | cut -d. -f2)
+          PATCH=$(echo $VERSION | cut -d. -f3)
+
+          # Increment patch version
+          PATCH=$((PATCH + 1))
+          NEXT_VERSION="v${MAJOR}.${MINOR}.${PATCH}"
+
+          echo "version=${NEXT_VERSION}" >> $GITHUB_OUTPUT
+          echo "Next version: ${NEXT_VERSION}"
+
+      - name: Create tag
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          git tag -a ${{ steps.version.outputs.version }} -m "Release ${{ steps.version.outputs.version }}"
+          git push origin ${{ steps.version.outputs.version }}
+
+  build-csi:
+    needs: release
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        region:
+          - name: us-east-1
+            identifier: virginia
+          - name: eu-west-2
+            identifier: london
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ matrix.region.name }}
+
+      - name: Login to ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - uses: depot/setup-action@v1
+
+      - name: Build and Push CSI Driver
+        uses: depot/build-push-action@v1
+        with:
+          platforms: linux/amd64,linux/arm64
+          file: docker/csi.Dockerfile
+          context: "{{defaultContext}}"
+          build-args: |
+            JFSCHAN=stable
+            JUICEFS_CE_MOUNT_IMAGE=juicedata/mount:ce-latest
+            JUICEFS_EE_MOUNT_IMAGE=juicedata/mount:ee-5.2.8-1305e8c
+          provenance: false
+          token: ${{ secrets.DEPOT_TOKEN }}
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-driver-${{ matrix.region.identifier }}:${{ needs.release.outputs.version }}
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-driver-${{ matrix.region.identifier }}:latest
+
+  # build-mount-images:
+  #   needs: release
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       region:
+  #         - name: us-east-1
+  #           identifier: virginia
+  #         - name: eu-west-2
+  #           identifier: london
+  #       edition:
+  #         - name: ce
+  #           dockerfile: ce.juicefs.Dockerfile
+  #           build-args: |
+  #             CEJUICEFS_VERSION=latest
+  #         - name: ee
+  #           dockerfile: ee.juicefs.Dockerfile
+  #           build-args: |
+  #             EEJUICEFS_VERSION=5.2.8-1305e8c
+  #   steps:
+  #     - name: "Checkout"
+  #       uses: actions/checkout@v4
+  #
+  #     - name: Configure AWS credentials
+  #       uses: aws-actions/configure-aws-credentials@v4
+  #       with:
+  #         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  #         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  #         aws-region: ${{ matrix.region.name }}
+  #
+  #     - name: Login to ECR
+  #       id: login-ecr
+  #       uses: aws-actions/amazon-ecr-login@v2
+  #
+  #     - uses: depot/setup-action@v1
+  #
+  #     - name: Build and Push Mount Image (${{ matrix.edition.name }})
+  #       uses: depot/build-push-action@v1
+  #       with:
+  #         platforms: linux/amd64,linux/arm64
+  #         context: docker
+  #         file: docker/${{ matrix.edition.dockerfile }}
+  #         build-args: ${{ matrix.edition.build-args }}
+  #         provenance: false
+  #         token: ${{ secrets.DEPOT_TOKEN }}
+  #         push: true
+  #         tags: |
+  #           ${{ steps.login-ecr.outputs.registry }}/juicefs-mount-${{ matrix.edition.name }}-${{ matrix.region.identifier }}:${{ needs.release.outputs.version }}
+  #           ${{ steps.login-ecr.outputs.registry }}/juicefs-mount-${{ matrix.edition.name }}-${{ matrix.region.identifier }}:latest
+  #
+  # build-dashboard:
+  #   needs: release
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       region:
+  #         - name: us-east-1
+  #           identifier: virginia
+  #         - name: eu-west-2
+  #           identifier: london
+  #   steps:
+  #     - name: "Checkout"
+  #       uses: actions/checkout@v4
+  #
+  #     - uses: pnpm/action-setup@v4
+  #       name: Install pnpm
+  #       with:
+  #         version: 9
+  #         run_install: |
+  #           cwd: dashboard-ui-v2
+  #
+  #     - name: Build dashboard
+  #       run: make dashboard-dist
+  #
+  #     - name: Configure AWS credentials
+  #       uses: aws-actions/configure-aws-credentials@v4
+  #       with:
+  #         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  #         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  #         aws-region: ${{ matrix.region.name }}
+  #
+  #     - name: Login to ECR
+  #       id: login-ecr
+  #       uses: aws-actions/amazon-ecr-login@v2
+  #
+  #     - uses: depot/setup-action@v1
+  #
+  #     - name: Build and Push Dashboard
+  #       uses: depot/build-push-action@v1
+  #       with:
+  #         platforms: linux/amd64,linux/arm64
+  #         context: .
+  #         file: docker/dashboard.Dockerfile
+  #         build-contexts: |
+  #           project=.
+  #           ui=./dashboard-ui-v2
+  #         provenance: false
+  #         token: ${{ secrets.DEPOT_TOKEN }}
+  #         push: true
+  #         tags: |
+  #           ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-dashboard-${{ matrix.region.identifier }}:${{ needs.release.outputs.version }}
+  #           ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-dashboard-${{ matrix.region.identifier }}:latest
+
+  notify:
+    needs: [release, build-csi]
+    runs-on: ubuntu-latest
+    if: always() && needs.build-csi.result == 'success' && needs.build-mount-images.result == 'success' && needs.build-dashboard.result == 'success'
+    steps:
+      - name: Notify Slack!
+        uses: someimportantcompany/github-actions-slack-message@v1
+        with:
+          webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          text: ":rocket: JuiceFS CSI Driver ${{ needs.release.outputs.version }} images built and pushed to all ECR registries! :rocket:"

.github/workflows/ci_update_dev.yml

@@ -0,0 +1,151 @@
+name: JuiceFS CSI Dev CI/CD
+on:
+  pull_request:
+    branches:
+      - master
+      - release-*
+  push:
+    branches:
+      - development
+      - dev
+
+jobs:
+  build-csi:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - uses: depot/setup-action@v1
+
+      - name: Build and Push CSI Driver
+        uses: depot/build-push-action@v1
+        with:
+          platforms: linux/amd64,linux/arm64
+          context: .
+          file: docker/csi.Dockerfile
+          build-contexts: |
+            project=.
+            ui=./dashboard-ui-v2
+          build-args: |
+            TARGETARCH=amd64
+            JFSCHAN=stable
+            JUICEFS_CE_MOUNT_IMAGE=juicedata/mount:ce-latest
+            JUICEFS_EE_MOUNT_IMAGE=juicedata/mount:ee-5.2.8-1305e8c
+          provenance: false
+          token: ${{ secrets.DEPOT_TOKEN }}
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-driver-dev-virginia:dev
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-driver-dev-virginia:pr-${{ github.event.pull_request.number || 'push' }}
+
+  build-mount-images:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        edition:
+          - name: ce
+            dockerfile: ce.juicefs.Dockerfile
+            build-args: |
+              CEJUICEFS_VERSION=latest
+          - name: ee
+            dockerfile: ee.juicefs.Dockerfile
+            build-args: |
+              EEJUICEFS_VERSION=5.2.8-1305e8c
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - uses: depot/setup-action@v1
+
+      - name: Build and Push Mount Image (${{ matrix.edition.name }})
+        uses: depot/build-push-action@v1
+        with:
+          platforms: linux/amd64,linux/arm64
+          context: docker
+          file: docker/${{ matrix.edition.dockerfile }}
+          build-args: ${{ matrix.edition.build-args }}
+          provenance: false
+          token: ${{ secrets.DEPOT_TOKEN }}
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-mount-${{ matrix.edition.name }}-dev-virginia:dev
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-mount-${{ matrix.edition.name }}-dev-virginia:pr-${{ github.event.pull_request.number || 'push' }}
+
+  build-dashboard:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout"
+        uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          version: 9
+          run_install: |
+            cwd: dashboard-ui-v2
+
+      - name: Build dashboard
+        run: make dashboard-dist
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+
+      - name: Login to ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - uses: depot/setup-action@v1
+
+      - name: Build and Push Dashboard
+        uses: depot/build-push-action@v1
+        with:
+          platforms: linux/amd64,linux/arm64
+          context: .
+          file: docker/dashboard.Dockerfile
+          build-contexts: |
+            project=.
+            ui=./dashboard-ui-v2
+          provenance: false
+          token: ${{ secrets.DEPOT_TOKEN }}
+          push: true
+          tags: |
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-dashboard-dev-virginia:dev
+            ${{ steps.login-ecr.outputs.registry }}/juicefs-csi-dashboard-dev-virginia:pr-${{ github.event.pull_request.number || 'push' }}
+
+  notify:
+    needs: [build-csi, build-mount-images, build-dashboard]
+    runs-on: ubuntu-latest
+    if: always() && needs.build-csi.result == 'success' && needs.build-mount-images.result == 'success' && needs.build-dashboard.result == 'success'
+    steps:
+      - name: Notify Slack!
+        uses: someimportantcompany/github-actions-slack-message@v1
+        with:
+          webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
+          text: ":construction: JuiceFS CSI Driver dev images built and pushed to ECR! :construction:"

.gitignore

@@ -20,3 +20,4 @@ cov2.out
 yalc.lock
 .ropeproject
 dist/
+*.test

.markdownlint-cli2.jsonc

@@ -47,6 +47,7 @@
     },
     "link-fragments": false,
     "no-trailing-slash-in-links": true,
+    "MD029": false,
     "enhanced-proper-names": {
       "code_blocks": false,
       "html_elements": false,

deploy/k8s.yaml

@@ -255,7 +255,19 @@ rules:
   resources:
   - nodes
   verbs:
+  - get
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - get
   - list
+  - watch
+  - create
+  - update
+  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole