Add support to specify NSGs for Mount Targets provisioned by the CCM

[robo-cap]

FEATURE REQUEST

In the current implementation is not possible to set the NSG for the Mount Targets created using the OCI CCM CSI.

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: fss-dyn-storage
provisioner: fss.csi.oraclecloud.com
parameters:
  availabilityDomain: US-ASHBURN-AD-1
  mountTargetSubnetOcid: ocid1.subnet.oc1.iad.aaaaaaaa2xpk______zva
  compartmentOcid: ocid1.compartment.oc1..aaaaaaaay______t6q
  kmsKeyOcid: ocid1.key.oc1.iad.anntl______usjh
  exportPath: /FileSystem1
  exportOptions: "[{\"source\":\"0.0.0.0/0\",\"requirePrivilegedSourcePort\":false,\"access\":\"READ_WRITE\",\"identitySquash\":\"NONE\"}]"
  encryptInTransit: "true"

Versions

CCM Version: v1.28.0

Environment:

• Kubernetes version (use kubectl version): Not relevant
• OS (e.g. from /etc/os-release): Not relevant
• Kernel (e.g. uname -a): Not relevant
• Others:

What happened?

There is no annotation/attribute available to specify the NSG. The currently supported attributes are here.

What you expect to happen?

We should support setting an NSG at MT creation considering the least privileged access. This is something supported by the OCI API when we create the MT: https://docs.oracle.com/en-us/iaas/api/#/en/filestorage/20171215/datatypes/CreateMountTargetDetails

How to reproduce it (as minimally and precisely as possible)?

Anything else we need to know?

[mrunalpagnis]

ACK - related to - https://github.com/oracle/oci-cloud-controller-manager/issues/459 clarified over DM.