Skip to content

feat: add hf-mount-sidecar binary for CSI sidecar injection#86

Draft
XciD wants to merge 9 commits intomainfrom
feat/sidecar-mounter
Draft

feat: add hf-mount-sidecar binary for CSI sidecar injection#86
XciD wants to merge 9 commits intomainfrom
feat/sidecar-mounter

Conversation

@XciD
Copy link
Copy Markdown
Member

@XciD XciD commented Mar 31, 2026
edited
Loading

Summary

Native Rust sidecar mounter for the HF CSI driver's unprivileged sidecar injection mode.

New files

  • src/sidecar.rs: discover mount configs in shared emptyDir, receive FUSE fd via SCM_RIGHTS
  • src/bin/hf-mount-sidecar.rs: entry point that polls for configs, receives fd, runs FUSE daemon in-process

Key changes

  • src/fuse.rs: Session::from_fd() support, disable clone_fd in sidecar mode (sidecar has no /dev/fuse access)
  • src/setup.rs: MountOptions::default_for_sidecar() for programmatic construction
  • MountConfig.token: HF token passed via config.json from the CSI driver for private repo authentication
  • Dockerfile builds both hf-mount-fuse and hf-mount-sidecar

How it works

CSI driver (privileged) -> opens /dev/fuse, kernel mount, writes config.json + token
                        -> sends fd via Unix socket (SCM_RIGHTS)
Sidecar (user 65534)   -> discovers config.json in emptyDir
                        -> connects to socket, receives fd
                        -> Session::from_fd(fd) with clone_fd=false
                        -> serves FUSE requests on the pre-mounted volume

The sidecar is fully unprivileged: no root, no /dev/fuse, no CAP_SYS_ADMIN.

Companion PR: huggingface/hf-csi-driver#19

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 31, 2026

POSIX Compliance (pjdfstest)

============================================================
  pjdfstest POSIX Compliance Results
------------------------------------------------------------
  Files: 130/130 passed    Tests: 832 total (0 subtests failed)
  Result: PASS
------------------------------------------------------------
  Category               Passed    Total   Status
  -------------------- -------- -------- --------
  chflags                     5        5       OK
  chmod                       8        8       OK
  chown                       6        6       OK
  ftruncate                  13       13       OK
  granular                    5        5       OK
  mkdir                       9        9       OK
  open                       19       19       OK
  posix_fallocate             1        1       OK
  rename                     10       10       OK
  rmdir                      11       11       OK
  symlink                    10       10       OK
  truncate                   13       13       OK
  unlink                     11       11       OK
  utimensat                   9        9       OK
============================================================

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 31, 2026
edited
Loading

Benchmark Results

============================================================
  Benchmark — 50MB
------------------------------------------------------------
  Metric                                 FUSE          NFS
  ------------------------------ ------------ ------------
  Sequential read                    261.4 MB/s     246.3 MB/s
  Sequential re-read                1559.9 MB/s    2371.9 MB/s
  Range read (1MB@25MB)               33.8 ms         0.2 ms
  Random reads (100x4KB avg)          33.1 ms         0.0 ms
  Sequential write (FUSE)           1324.2 MB/s
  Close latency (CAS+Hub)            0.646 s
  Write end-to-end                    73.1 MB/s
  Dedup write                       1496.4 MB/s
  Dedup close latency                0.833 s
  Dedup end-to-end                    57.7 MB/s
============================================================
============================================================
  Benchmark — 200MB
------------------------------------------------------------
  Metric                                 FUSE          NFS
  ------------------------------ ------------ ------------
  Sequential read                   1039.4 MB/s     844.2 MB/s
  Sequential re-read                1701.5 MB/s    2364.0 MB/s
  Range read (1MB@25MB)               30.7 ms         0.2 ms
  Random reads (100x4KB avg)          36.4 ms         0.0 ms
  Sequential write (FUSE)           1136.7 MB/s
  Close latency (CAS+Hub)            0.110 s
  Write end-to-end                   699.4 MB/s
  Dedup write                       1132.8 MB/s
  Dedup close latency                0.140 s
  Dedup end-to-end                   630.8 MB/s
============================================================
============================================================
  Benchmark — 500MB
------------------------------------------------------------
  Metric                                 FUSE          NFS
  ------------------------------ ------------ ------------
  Sequential read                   1517.7 MB/s    1457.9 MB/s
  Sequential re-read                1816.8 MB/s    2483.1 MB/s
  Range read (1MB@25MB)               42.2 ms         0.2 ms
  Random reads (100x4KB avg)          32.8 ms         0.0 ms
  Sequential write (FUSE)           1300.0 MB/s
  Close latency (CAS+Hub)            0.527 s
  Write end-to-end                   548.4 MB/s
  Dedup write                       1138.4 MB/s
  Dedup close latency                0.161 s
  Dedup end-to-end                   833.5 MB/s
============================================================
============================================================
  fio Benchmark Results
------------------------------------------------------------
  Job                        FUSE MB/s   NFS MB/s  FUSE IOPS   NFS IOPS
  ------------------------- ---------- ---------- ---------- ----------
  seq-read-100M                  432.9      436.7                      
  seq-reread-100M               2325.6      591.7                      
  rand-read-4k-100M                0.1        0.1         20         19
  seq-read-5x10M                 769.2      588.2                      
  rand-read-10x1M                  0.1        0.1         33         37
  Random Read Latency           FUSE avg      NFS avg
  ------------------------- ------------ ------------
  rand-read-4k-100M           50234.5 us   52726.1 us
  rand-read-10x1M             30428.4 us   27163.1 us
============================================================

@XciD XciD force-pushed the feat/sidecar-mounter branch 2 times, most recently from 34220cc to 9a4bc01 Compare April 1, 2026 15:12
XciD added 3 commits April 1, 2026 23:09
@XciD
feat: add Session::from_fd() support for pre-opened FUSE fd
7e6e15b 
Allow running the FUSE daemon on a pre-opened /dev/fuse file descriptor
received via SCM_RIGHTS from the CSI driver. The CSI driver (privileged)
does the kernel mount, the sidecar (unprivileged) serves FUSE requests.

- --fuse-fd flag on hf-mount-fuse binary
- MountOptions::default_for_sidecar() for programmatic construction
- Disable clone_fd when using from_fd (sidecar has no /dev/fuse access)
@XciD
feat: add hf-mount-sidecar binary for CSI sidecar injection
628c064 
Self-contained binary that runs as a native sidecar (KEP-753):
- Discovers mount configs in shared emptyDir
- Connects to CSI driver's Unix socket, receives FUSE fd via SCM_RIGHTS
- Runs hf-mount FUSE daemon in-process with Session::from_fd()
- Reads HF token from config for private repo authentication

All sidecar logic is contained in the binary (no lib.rs pollution).
Dockerfile builds both hf-mount-fuse and hf-mount-sidecar.
@XciD
fix: address review feedback on sidecar binary
0971d17 
- Return OwnedFd from connect_and_receive_fd (prevents fd leak on panic)
- Propagate OwnedFd through mount_fuse instead of raw i32
- Replace glob crate with std::fs::read_dir (simpler, no extra dep)
- Add revision field to MountConfig (honors CSI driver volume attributes)
- Make wait_for_socket return Result instead of silently continuing
@XciD XciD force-pushed the feat/sidecar-mounter branch from 9a4bc01 to 0971d17 Compare April 1, 2026 21:12
XciD added 6 commits April 1, 2026 23:20
@XciD
fix: handle SIGTERM during config discovery and simplify MountOptions
8bda22f 
- Install ctrlc handler so SIGTERM/SIGINT during wait_for_configs exits
  cleanly instead of hanging until timeout
- Replace default_for_sidecar() with Default impl on MountOptions
  (new fields get a compile error only if they lack a Default value,
  which is easier to maintain)
@XciD
refactor: simplify sidecar after review
040e846 
- Replace stringly-typed source_type with SourceType enum (catches
  invalid values at deserialization instead of runtime match)
- Add warn logging when config.json fails to parse (was silently skipped)
- Add stabilization check in config discovery to avoid missing
  late-arriving configs when CSI driver writes them non-atomically
@XciD
feat: parse mount args from config.json using shared MountOptions
d177156
@XciD
refactor: replace config.json with args file for sidecar config
53d216d 
The CSI driver now writes a plain args file (one flag per line) using
the same CLI syntax as hf-mount-fuse. The sidecar parses it with the
shared Args struct, eliminating MountConfig, SourceType, and the
MountOptionsWrapper. This ensures the sidecar supports every flag
that hf-mount-fuse supports with zero additional maintenance.
@XciD
feat: write .ready file after all FUSE daemons are started
4802753
@XciD
feat: write error file on FUSE mount failure for CSI health checks
7c2ab87
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@XciD