From 4ad4333f6e812905de9ba54cf70ea8f4049df357 Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Thu, 31 Aug 2023 23:48:58 +0000
Subject: [PATCH 1/9] Add basic experimental cache support

---
 cmd/sidecar_mounter/main.go                   |  7 ++
 .../jupyter-experimental-readcache.yaml       | 85 +++++++++++++++++++
 pkg/cloud_provider/clientset/fake.go          |  6 +-
 pkg/webhook/mutatingwebhook.go                | 16 +++-
 pkg/webhook/sidecar_spec.go                   | 36 ++++++--
 5 files changed, 137 insertions(+), 13 deletions(-)
 create mode 100644 examples/jupyter/jupyter-experimental-readcache.yaml

diff --git a/cmd/sidecar_mounter/main.go b/cmd/sidecar_mounter/main.go
index 8b10b7e8a..949ae049b 100644
--- a/cmd/sidecar_mounter/main.go
+++ b/cmd/sidecar_mounter/main.go
@@ -25,6 +25,7 @@ import (
 	"os"
 	"os/signal"
 	"path/filepath"
+	"strings"
 	"sync"
 	"syscall"
 	"time"
@@ -189,5 +190,11 @@ func prepareMountConfig(sp string) (*sidecarmounter.MountConfig, error) {
 		return nil, fmt.Errorf("failed to fetch bucket name from CSI driver")
 	}
 
+	for _, opt := range mc.Options{
+		if strings.Contains(opt, "experimental-local-file-cache") {
+			mc.TempDir = "/cache/gcsfuse-tmp"
+		}
+	}
+
 	return &mc, nil
 }
diff --git a/examples/jupyter/jupyter-experimental-readcache.yaml b/examples/jupyter/jupyter-experimental-readcache.yaml
new file mode 100644
index 000000000..dcc1965ea
--- /dev/null
+++ b/examples/jupyter/jupyter-experimental-readcache.yaml
@@ -0,0 +1,85 @@
+# Tensorflow/Jupyter StatefulSet
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: tensorflow
+  namespace: example
+spec:
+  selector:
+    matchLabels:
+      pod: tensorflow-pod
+  serviceName: tensorflow
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        gke-gcsfuse/volumes: "true"
+        gke-gcsfuse/cpu-limit: 500m
+        gke-gcsfuse/memory-limit: 10Gi
+        gke-gcsfuse/ephemeral-storage-limit: 30Gi
+      labels:
+        pod: tensorflow-pod
+    spec:
+      serviceAccountName: gcsfuse-ksa
+      nodeSelector:
+        cloud.google.com/gke-accelerator: nvidia-tesla-t4
+      terminationGracePeriodSeconds: 30
+      containers:
+      - name: tensorflow-container
+        securityContext:
+          privileged: true
+        image: tensorflow/tensorflow:2.13.0-gpu-jupyter
+        volumeMounts:
+        - name: tensorflow-pvc
+          mountPath: /tf/saved
+        resources:
+            limits:
+              nvidia.com/gpu: "1"
+              ephemeral-storage: 30Gi
+              memory: 10Gi
+            requests:
+              nvidia.com/gpu: "1"
+              ephemeral-storage: 30Gi
+              memory: 10Gi
+        env:
+        - name: JUPYTER_TOKEN
+          value: "jupyter"
+      volumes:
+      - name: tensorflow-pvc
+        csi:
+          driver: gcsfuse.csi.storage.gke.io
+          volumeAttributes:
+            bucketName: <bucket-name> # unique bucket name
+            # update your experimental cache file options according to flags
+            # from
+            # https://github.com/GoogleCloudPlatform/gcsfuse/blob/19ed094b6612789b09ad4a1df3a2314099c65129/flags.go#L233C1-L236
+            mountOptions: "experimental-local-file-cache,stat-cache-ttl=240m0s,type-cache-ttl=240m0s,stat-cache-capacity=5000000000"
+
+---
+# Headless service for the above StatefulSet
+apiVersion: v1
+kind: Service
+metadata:
+  name: tensorflow
+  namespace: example
+spec:
+  ports:
+  - port: 8888
+  clusterIP: None
+  selector:
+    pod: tensorflow-pod
+---
+# External service
+apiVersion: "v1"
+kind: "Service"
+metadata:
+  name: tensorflow-jupyter
+  namespace: example
+spec:
+  ports:
+  - protocol: "TCP"
+    port: 80
+    targetPort: 8888
+  selector:
+    pod: tensorflow-pod
+  type: LoadBalancer
diff --git a/pkg/cloud_provider/clientset/fake.go b/pkg/cloud_provider/clientset/fake.go
index f92f12a5c..dc1aedafa 100644
--- a/pkg/cloud_provider/clientset/fake.go
+++ b/pkg/cloud_provider/clientset/fake.go
@@ -38,11 +38,9 @@ func (c *FakeClientset) GetPod(_ context.Context, namespace, name string) (*v1.P
 		},
 		Spec: v1.PodSpec{
 			Containers: []v1.Container{
-				webhook.GetSidecarContainerSpec(config),
-			},
-			Volumes: []v1.Volume{
-				webhook.GetSidecarContainerVolumeSpec(),
+				webhook.GetSidecarContainerSpec(config, false),
 			},
+			Volumes: webhook.GetSidecarContainerVolumeSpec(false),
 		},
 	}
 
diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
index 2f8b6599d..3a22e4fe6 100644
--- a/pkg/webhook/mutatingwebhook.go
+++ b/pkg/webhook/mutatingwebhook.go
@@ -109,8 +109,20 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 
 	klog.Infof("mutating Pod: Name %q, GenerateName %q, Namespace %q, CPU limit %q, memory limit %q, ephemeral storage limit %q", pod.Name, pod.GenerateName, pod.Namespace, configCopy.CPULimit.String(), configCopy.MemoryLimit.String(), configCopy.EphemeralStorageLimit.String())
 	// the gcsfuse sidecar container has to before the containers that consume the gcsfuse volume
-	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy)}, pod.Spec.Containers...)
-	pod.Spec.Volumes = append([]corev1.Volume{GetSidecarContainerVolumeSpec()}, pod.Spec.Volumes...)
+	useExperimentalLocalFileCache := false
+	for _, v := range pod.Spec.Volumes{
+		if v.CSI == nil || v.CSI.VolumeAttributes == nil {
+			continue
+		}
+		if val, ok := v.CSI.VolumeAttributes["mountOptions"]; ok{
+			if strings.Contains(val, "experimental-local-file-cache"){
+				useExperimentalLocalFileCache = true
+			}
+		}
+	}
+	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy, useExperimentalLocalFileCache)}, pod.Spec.Containers...)
+
+	pod.Spec.Volumes = append(GetSidecarContainerVolumeSpec(useExperimentalLocalFileCache), pod.Spec.Volumes...)
 	marshaledPod, err := json.Marshal(pod)
 	if err != nil {
 		return admission.Errored(http.StatusBadRequest, fmt.Errorf("failed to marshal pod: %w", err))
diff --git a/pkg/webhook/sidecar_spec.go b/pkg/webhook/sidecar_spec.go
index 54e2cd512..f735c399b 100644
--- a/pkg/webhook/sidecar_spec.go
+++ b/pkg/webhook/sidecar_spec.go
@@ -34,10 +34,11 @@ const (
 	NobodyGID = 65534
 )
 
-func GetSidecarContainerSpec(c *Config) v1.Container {
+
+func GetSidecarContainerSpec(c *Config, useExperimentalLocalFileCache bool) v1.Container {
 	// The sidecar container follows Restricted Pod Security Standard,
 	// see https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-	return v1.Container{
+	toReturn := v1.Container{
 		Name:            SidecarContainerName,
 		Image:           c.ContainerImage,
 		ImagePullPolicy: v1.PullPolicy(c.ImagePullPolicy),
@@ -74,15 +75,36 @@ func GetSidecarContainerSpec(c *Config) v1.Container {
 			},
 		},
 	}
+
+	if useExperimentalLocalFileCache {
+		toReturn.VolumeMounts = append(toReturn.VolumeMounts, v1.VolumeMount{
+			Name:      "scratch-volume",
+			MountPath: "/cache",
+		})
+	}
+	return toReturn
 }
 
-func GetSidecarContainerVolumeSpec() v1.Volume {
-	return v1.Volume{
-		Name: SidecarContainerVolumeName,
-		VolumeSource: v1.VolumeSource{
-			EmptyDir: &v1.EmptyDirVolumeSource{},
+func GetSidecarContainerVolumeSpec(useExperimentalLocalFileCache bool) []v1.Volume {
+	toReturn := []v1.Volume {
+		{
+			Name: SidecarContainerVolumeName,
+			VolumeSource: v1.VolumeSource{
+				EmptyDir: &v1.EmptyDirVolumeSource{},
+			},
 		},
 	}
+	if useExperimentalLocalFileCache {
+		toReturn = append(toReturn, v1.Volume{
+				Name: "scratch-volume",
+				VolumeSource: v1.VolumeSource{
+					HostPath: &v1.HostPathVolumeSource{
+						Path: "/mnt/stateful_partition/kube-ephemeral-ssd",
+					},
+				},
+			})
+	}
+	return toReturn
 }
 
 // ValidatePodHasSidecarContainerInjected validates the following:

From 31e29eabc87bb21b25472f9c1f8ff84af6859fe6 Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Tue, 5 Sep 2023 17:24:43 +0000
Subject: [PATCH 2/9] Run formatter

---
 cmd/sidecar_mounter/main.go    |  2 +-
 pkg/webhook/mutatingwebhook.go |  6 +++---
 pkg/webhook/sidecar_spec.go    | 15 +++++++--------
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/cmd/sidecar_mounter/main.go b/cmd/sidecar_mounter/main.go
index 949ae049b..5cf35635d 100644
--- a/cmd/sidecar_mounter/main.go
+++ b/cmd/sidecar_mounter/main.go
@@ -190,7 +190,7 @@ func prepareMountConfig(sp string) (*sidecarmounter.MountConfig, error) {
 		return nil, fmt.Errorf("failed to fetch bucket name from CSI driver")
 	}
 
-	for _, opt := range mc.Options{
+	for _, opt := range mc.Options {
 		if strings.Contains(opt, "experimental-local-file-cache") {
 			mc.TempDir = "/cache/gcsfuse-tmp"
 		}
diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
index 3a22e4fe6..5533fbedc 100644
--- a/pkg/webhook/mutatingwebhook.go
+++ b/pkg/webhook/mutatingwebhook.go
@@ -110,12 +110,12 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 	klog.Infof("mutating Pod: Name %q, GenerateName %q, Namespace %q, CPU limit %q, memory limit %q, ephemeral storage limit %q", pod.Name, pod.GenerateName, pod.Namespace, configCopy.CPULimit.String(), configCopy.MemoryLimit.String(), configCopy.EphemeralStorageLimit.String())
 	// the gcsfuse sidecar container has to before the containers that consume the gcsfuse volume
 	useExperimentalLocalFileCache := false
-	for _, v := range pod.Spec.Volumes{
+	for _, v := range pod.Spec.Volumes {
 		if v.CSI == nil || v.CSI.VolumeAttributes == nil {
 			continue
 		}
-		if val, ok := v.CSI.VolumeAttributes["mountOptions"]; ok{
-			if strings.Contains(val, "experimental-local-file-cache"){
+		if val, ok := v.CSI.VolumeAttributes["mountOptions"]; ok {
+			if strings.Contains(val, "experimental-local-file-cache") {
 				useExperimentalLocalFileCache = true
 			}
 		}
diff --git a/pkg/webhook/sidecar_spec.go b/pkg/webhook/sidecar_spec.go
index f735c399b..9d509a75d 100644
--- a/pkg/webhook/sidecar_spec.go
+++ b/pkg/webhook/sidecar_spec.go
@@ -34,7 +34,6 @@ const (
 	NobodyGID = 65534
 )
 
-
 func GetSidecarContainerSpec(c *Config, useExperimentalLocalFileCache bool) v1.Container {
 	// The sidecar container follows Restricted Pod Security Standard,
 	// see https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
@@ -86,7 +85,7 @@ func GetSidecarContainerSpec(c *Config, useExperimentalLocalFileCache bool) v1.C
 }
 
 func GetSidecarContainerVolumeSpec(useExperimentalLocalFileCache bool) []v1.Volume {
-	toReturn := []v1.Volume {
+	toReturn := []v1.Volume{
 		{
 			Name: SidecarContainerVolumeName,
 			VolumeSource: v1.VolumeSource{
@@ -96,13 +95,13 @@ func GetSidecarContainerVolumeSpec(useExperimentalLocalFileCache bool) []v1.Volu
 	}
 	if useExperimentalLocalFileCache {
 		toReturn = append(toReturn, v1.Volume{
-				Name: "scratch-volume",
-				VolumeSource: v1.VolumeSource{
-					HostPath: &v1.HostPathVolumeSource{
-						Path: "/mnt/stateful_partition/kube-ephemeral-ssd",
-					},
+			Name: "scratch-volume",
+			VolumeSource: v1.VolumeSource{
+				HostPath: &v1.HostPathVolumeSource{
+					Path: "/mnt/stateful_partition/kube-ephemeral-ssd",
 				},
-			})
+			},
+		})
 	}
 	return toReturn
 }

From a43c6965a23eb14ef15c35d416e63e40b2c33131 Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Tue, 5 Sep 2023 19:50:48 +0000
Subject: [PATCH 3/9] allow custom cache

---
 cmd/sidecar_mounter/main.go    |  5 ++++-
 pkg/webhook/mutatingwebhook.go |  9 +++++++--
 pkg/webhook/sidecar_spec.go    | 16 +++++++++-------
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/cmd/sidecar_mounter/main.go b/cmd/sidecar_mounter/main.go
index 5cf35635d..b1d1d7e1f 100644
--- a/cmd/sidecar_mounter/main.go
+++ b/cmd/sidecar_mounter/main.go
@@ -31,6 +31,8 @@ import (
 	"time"
 
 	sidecarmounter "github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/sidecar_mounter"
+	sidecarspec "github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/webhook"
+
 	"github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/util"
 	"k8s.io/klog/v2"
 )
@@ -192,7 +194,8 @@ func prepareMountConfig(sp string) (*sidecarmounter.MountConfig, error) {
 
 	for _, opt := range mc.Options {
 		if strings.Contains(opt, "experimental-local-file-cache") {
-			mc.TempDir = "/cache/gcsfuse-tmp"
+
+			mc.TempDir = filepath.Join(sidecarspec.CacheVolumeMountPath, "gcsfuse-tmp")
 		}
 	}
 
diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
index 5533fbedc..d97182a1d 100644
--- a/pkg/webhook/mutatingwebhook.go
+++ b/pkg/webhook/mutatingwebhook.go
@@ -110,7 +110,11 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 	klog.Infof("mutating Pod: Name %q, GenerateName %q, Namespace %q, CPU limit %q, memory limit %q, ephemeral storage limit %q", pod.Name, pod.GenerateName, pod.Namespace, configCopy.CPULimit.String(), configCopy.MemoryLimit.String(), configCopy.EphemeralStorageLimit.String())
 	// the gcsfuse sidecar container has to before the containers that consume the gcsfuse volume
 	useExperimentalLocalFileCache := false
+	hasCacheVolume := false
 	for _, v := range pod.Spec.Volumes {
+		if v.Name == CacheVolumeName {
+			hasCacheVolume = false
+		}
 		if v.CSI == nil || v.CSI.VolumeAttributes == nil {
 			continue
 		}
@@ -121,8 +125,9 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 		}
 	}
 	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy, useExperimentalLocalFileCache)}, pod.Spec.Containers...)
-
-	pod.Spec.Volumes = append(GetSidecarContainerVolumeSpec(useExperimentalLocalFileCache), pod.Spec.Volumes...)
+	// Add a volume for the experimental read cache if none already exists
+	addCacheVolume := useExperimentalLocalFileCache && !hasCacheVolume
+	pod.Spec.Volumes = append(GetSidecarContainerVolumeSpec(addCacheVolume), pod.Spec.Volumes...)
 	marshaledPod, err := json.Marshal(pod)
 	if err != nil {
 		return admission.Errored(http.StatusBadRequest, fmt.Errorf("failed to marshal pod: %w", err))
diff --git a/pkg/webhook/sidecar_spec.go b/pkg/webhook/sidecar_spec.go
index 9d509a75d..6be32f877 100644
--- a/pkg/webhook/sidecar_spec.go
+++ b/pkg/webhook/sidecar_spec.go
@@ -28,13 +28,15 @@ const (
 	SidecarContainerName            = "gke-gcsfuse-sidecar"
 	SidecarContainerVolumeName      = "gke-gcsfuse-tmp"
 	SidecarContainerVolumeMountPath = "/gcsfuse-tmp"
+	CacheVolumeName                 = "cache-volume"
+	CacheVolumeMountPath            = "/cache"
 
 	// See the nonroot user discussion: https://github.com/GoogleContainerTools/distroless/issues/443
 	NobodyUID = 65534
 	NobodyGID = 65534
 )
 
-func GetSidecarContainerSpec(c *Config, useExperimentalLocalFileCache bool) v1.Container {
+func GetSidecarContainerSpec(c *Config, addCacheVolume bool) v1.Container {
 	// The sidecar container follows Restricted Pod Security Standard,
 	// see https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 	toReturn := v1.Container{
@@ -75,16 +77,16 @@ func GetSidecarContainerSpec(c *Config, useExperimentalLocalFileCache bool) v1.C
 		},
 	}
 
-	if useExperimentalLocalFileCache {
+	if addCacheVolume {
 		toReturn.VolumeMounts = append(toReturn.VolumeMounts, v1.VolumeMount{
-			Name:      "scratch-volume",
-			MountPath: "/cache",
+			Name:      CacheVolumeName,
+			MountPath: CacheVolumeMountPath,
 		})
 	}
 	return toReturn
 }
 
-func GetSidecarContainerVolumeSpec(useExperimentalLocalFileCache bool) []v1.Volume {
+func GetSidecarContainerVolumeSpec(addCacheVolume bool) []v1.Volume {
 	toReturn := []v1.Volume{
 		{
 			Name: SidecarContainerVolumeName,
@@ -93,9 +95,9 @@ func GetSidecarContainerVolumeSpec(useExperimentalLocalFileCache bool) []v1.Volu
 			},
 		},
 	}
-	if useExperimentalLocalFileCache {
+	if addCacheVolume {
 		toReturn = append(toReturn, v1.Volume{
-			Name: "scratch-volume",
+			Name: CacheVolumeName,
 			VolumeSource: v1.VolumeSource{
 				HostPath: &v1.HostPathVolumeSource{
 					Path: "/mnt/stateful_partition/kube-ephemeral-ssd",

From 7f537f4107da1ba6cd0741f769b910f8274a61ea Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Tue, 5 Sep 2023 19:55:13 +0000
Subject: [PATCH 4/9] fix reference

---
 pkg/webhook/mutatingwebhook.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
index d97182a1d..d696f1d02 100644
--- a/pkg/webhook/mutatingwebhook.go
+++ b/pkg/webhook/mutatingwebhook.go
@@ -124,9 +124,9 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 			}
 		}
 	}
-	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy, useExperimentalLocalFileCache)}, pod.Spec.Containers...)
 	// Add a volume for the experimental read cache if none already exists
 	addCacheVolume := useExperimentalLocalFileCache && !hasCacheVolume
+	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy, addCacheVolume)}, pod.Spec.Containers...)
 	pod.Spec.Volumes = append(GetSidecarContainerVolumeSpec(addCacheVolume), pod.Spec.Volumes...)
 	marshaledPod, err := json.Marshal(pod)
 	if err != nil {

From 27bc440e37ce0a419147b89461b213cae452e03f Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Tue, 5 Sep 2023 23:56:18 +0000
Subject: [PATCH 5/9] remove reliance on exp flag

---
 cmd/sidecar_mounter/main.go          |  9 --------
 examples/README.md                   | 31 ++++++++++++++++++++++++++--
 pkg/cloud_provider/clientset/fake.go |  4 ++--
 pkg/webhook/mutatingwebhook.go       | 23 ++++-----------------
 pkg/webhook/sidecar_spec.go          | 20 ++----------------
 5 files changed, 37 insertions(+), 50 deletions(-)

diff --git a/cmd/sidecar_mounter/main.go b/cmd/sidecar_mounter/main.go
index b1d1d7e1f..2ee80b155 100644
--- a/cmd/sidecar_mounter/main.go
+++ b/cmd/sidecar_mounter/main.go
@@ -25,13 +25,11 @@ import (
 	"os"
 	"os/signal"
 	"path/filepath"
-	"strings"
 	"sync"
 	"syscall"
 	"time"
 
 	sidecarmounter "github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/sidecar_mounter"
-	sidecarspec "github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/webhook"
 
 	"github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/util"
 	"k8s.io/klog/v2"
@@ -192,12 +190,5 @@ func prepareMountConfig(sp string) (*sidecarmounter.MountConfig, error) {
 		return nil, fmt.Errorf("failed to fetch bucket name from CSI driver")
 	}
 
-	for _, opt := range mc.Options {
-		if strings.Contains(opt, "experimental-local-file-cache") {
-
-			mc.TempDir = filepath.Join(sidecarspec.CacheVolumeMountPath, "gcsfuse-tmp")
-		}
-	}
-
 	return &mc, nil
 }
diff --git a/examples/README.md b/examples/README.md
index 4309a4469..c2649c557 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 Copyright 2018 The Kubernetes Authors.
 Copyright 2022 Google LLC
 
@@ -170,7 +170,7 @@ kubectl apply -f ./examples/tensorflow/train-job-tensorflow-dlc.yaml
 kubectl delete -f ./examples/tensorflow/train-job-tensorflow-dlc.yaml
 ```
 
-## Jupyter Notebook Example
+## Jupyter Notebook Example (no experimental read cache)
 
 ```bash
 # replace <bucket-name> with your pre-provisioned GCS bucket name
@@ -186,3 +186,30 @@ kubectl port-forward jupyter-notebook-server 8888:8888
 # clean up
 kubectl delete -f ./examples/jupyter/jupyter-notebook-server.yaml
 ```
+
+## Jupyter Notebook Example (no experimental read cache)
+
+# Prerequisite:
+
+Your node pool must have created an ephemeral local ssds as described in
+https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/local-ssd#node-pool
+
+```bash
+# 1. replace <bucket-name> with your pre-provisioned GCS bucket name
+GCS_BUCKET_NAME=your-bucket-name
+sed -i "s/<bucket-name>/$GCS_BUCKET_NAME/g" ./examples/jupyter/jupyter-experimental-readcache.yaml
+
+# 2. install a Jupyter Notebook server using experimental gcsfuse read cache
+kubectl apply -f ./examples/jupyter/jupyter-experimental-readcache.yaml
+
+# get service IPs
+kubectl get services -n example
+
+# copy EXTERNAL-IP of tensorflow-jupyter server
+# Open IP Address in a browser
+# input token "jupyter" (from yaml)
+
+# clean up
+kubectl delete -f ./examples/jupyter/jupyter-notebook-server.yaml
+```
+
diff --git a/pkg/cloud_provider/clientset/fake.go b/pkg/cloud_provider/clientset/fake.go
index dc1aedafa..ed6236b05 100644
--- a/pkg/cloud_provider/clientset/fake.go
+++ b/pkg/cloud_provider/clientset/fake.go
@@ -38,9 +38,9 @@ func (c *FakeClientset) GetPod(_ context.Context, namespace, name string) (*v1.P
 		},
 		Spec: v1.PodSpec{
 			Containers: []v1.Container{
-				webhook.GetSidecarContainerSpec(config, false),
+				webhook.GetSidecarContainerSpec(config),
 			},
-			Volumes: webhook.GetSidecarContainerVolumeSpec(false),
+			Volumes: webhook.GetSidecarContainerVolumeSpec(),
 		},
 	}
 
diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
index d696f1d02..72dc1d6ac 100644
--- a/pkg/webhook/mutatingwebhook.go
+++ b/pkg/webhook/mutatingwebhook.go
@@ -108,26 +108,11 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 	}
 
 	klog.Infof("mutating Pod: Name %q, GenerateName %q, Namespace %q, CPU limit %q, memory limit %q, ephemeral storage limit %q", pod.Name, pod.GenerateName, pod.Namespace, configCopy.CPULimit.String(), configCopy.MemoryLimit.String(), configCopy.EphemeralStorageLimit.String())
-	// the gcsfuse sidecar container has to before the containers that consume the gcsfuse volume
-	useExperimentalLocalFileCache := false
-	hasCacheVolume := false
-	for _, v := range pod.Spec.Volumes {
-		if v.Name == CacheVolumeName {
-			hasCacheVolume = false
-		}
-		if v.CSI == nil || v.CSI.VolumeAttributes == nil {
-			continue
-		}
-		if val, ok := v.CSI.VolumeAttributes["mountOptions"]; ok {
-			if strings.Contains(val, "experimental-local-file-cache") {
-				useExperimentalLocalFileCache = true
-			}
-		}
+	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy)}, pod.Spec.Containers...)
+	pod.Spec.Volumes = append(GetSidecarContainerVolumeSpec(), pod.Spec.Volumes...)
+	pod.Spec.NodeSelector = map[string]string{
+		"cloud.google.com/gke-ephemeral-storage-local-ssd": "true",
 	}
-	// Add a volume for the experimental read cache if none already exists
-	addCacheVolume := useExperimentalLocalFileCache && !hasCacheVolume
-	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy, addCacheVolume)}, pod.Spec.Containers...)
-	pod.Spec.Volumes = append(GetSidecarContainerVolumeSpec(addCacheVolume), pod.Spec.Volumes...)
 	marshaledPod, err := json.Marshal(pod)
 	if err != nil {
 		return admission.Errored(http.StatusBadRequest, fmt.Errorf("failed to marshal pod: %w", err))
diff --git a/pkg/webhook/sidecar_spec.go b/pkg/webhook/sidecar_spec.go
index 6be32f877..9486d311c 100644
--- a/pkg/webhook/sidecar_spec.go
+++ b/pkg/webhook/sidecar_spec.go
@@ -36,7 +36,7 @@ const (
 	NobodyGID = 65534
 )
 
-func GetSidecarContainerSpec(c *Config, addCacheVolume bool) v1.Container {
+func GetSidecarContainerSpec(c *Config) v1.Container {
 	// The sidecar container follows Restricted Pod Security Standard,
 	// see https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 	toReturn := v1.Container{
@@ -77,16 +77,10 @@ func GetSidecarContainerSpec(c *Config, addCacheVolume bool) v1.Container {
 		},
 	}
 
-	if addCacheVolume {
-		toReturn.VolumeMounts = append(toReturn.VolumeMounts, v1.VolumeMount{
-			Name:      CacheVolumeName,
-			MountPath: CacheVolumeMountPath,
-		})
-	}
 	return toReturn
 }
 
-func GetSidecarContainerVolumeSpec(addCacheVolume bool) []v1.Volume {
+func GetSidecarContainerVolumeSpec() []v1.Volume {
 	toReturn := []v1.Volume{
 		{
 			Name: SidecarContainerVolumeName,
@@ -95,16 +89,6 @@ func GetSidecarContainerVolumeSpec(addCacheVolume bool) []v1.Volume {
 			},
 		},
 	}
-	if addCacheVolume {
-		toReturn = append(toReturn, v1.Volume{
-			Name: CacheVolumeName,
-			VolumeSource: v1.VolumeSource{
-				HostPath: &v1.HostPathVolumeSource{
-					Path: "/mnt/stateful_partition/kube-ephemeral-ssd",
-				},
-			},
-		})
-	}
 	return toReturn
 }
 

From 1076978f3b2c8e2465dea3c86f5e6b7fc5ae1d95 Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Wed, 6 Sep 2023 00:01:18 +0000
Subject: [PATCH 6/9] remove reliance on exp flag

---
 examples/README.md                   |  4 +++-
 pkg/cloud_provider/clientset/fake.go |  4 +++-
 pkg/webhook/mutatingwebhook.go       |  3 ++-
 pkg/webhook/sidecar_spec.go          | 19 ++++++-------------
 4 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/examples/README.md b/examples/README.md
index c2649c557..34903c02b 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -189,11 +189,13 @@ kubectl delete -f ./examples/jupyter/jupyter-notebook-server.yaml
 
 ## Jupyter Notebook Example (no experimental read cache)
 
-# Prerequisite:
+#### Prerequisite
 
 Your node pool must have created an ephemeral local ssds as described in
 https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/local-ssd#node-pool
 
+#### Steps
+
 ```bash
 # 1. replace <bucket-name> with your pre-provisioned GCS bucket name
 GCS_BUCKET_NAME=your-bucket-name
diff --git a/pkg/cloud_provider/clientset/fake.go b/pkg/cloud_provider/clientset/fake.go
index ed6236b05..f92f12a5c 100644
--- a/pkg/cloud_provider/clientset/fake.go
+++ b/pkg/cloud_provider/clientset/fake.go
@@ -40,7 +40,9 @@ func (c *FakeClientset) GetPod(_ context.Context, namespace, name string) (*v1.P
 			Containers: []v1.Container{
 				webhook.GetSidecarContainerSpec(config),
 			},
-			Volumes: webhook.GetSidecarContainerVolumeSpec(),
+			Volumes: []v1.Volume{
+				webhook.GetSidecarContainerVolumeSpec(),
+			},
 		},
 	}
 
diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
index 72dc1d6ac..7e36a84b7 100644
--- a/pkg/webhook/mutatingwebhook.go
+++ b/pkg/webhook/mutatingwebhook.go
@@ -108,8 +108,9 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 	}
 
 	klog.Infof("mutating Pod: Name %q, GenerateName %q, Namespace %q, CPU limit %q, memory limit %q, ephemeral storage limit %q", pod.Name, pod.GenerateName, pod.Namespace, configCopy.CPULimit.String(), configCopy.MemoryLimit.String(), configCopy.EphemeralStorageLimit.String())
+	// the gcsfuse sidecar container has to before the containers that consume the gcsfuse volume
 	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy)}, pod.Spec.Containers...)
-	pod.Spec.Volumes = append(GetSidecarContainerVolumeSpec(), pod.Spec.Volumes...)
+	pod.Spec.Volumes = append([]corev1.Volume{GetSidecarContainerVolumeSpec()}, pod.Spec.Volumes...)
 	pod.Spec.NodeSelector = map[string]string{
 		"cloud.google.com/gke-ephemeral-storage-local-ssd": "true",
 	}
diff --git a/pkg/webhook/sidecar_spec.go b/pkg/webhook/sidecar_spec.go
index 9486d311c..54e2cd512 100644
--- a/pkg/webhook/sidecar_spec.go
+++ b/pkg/webhook/sidecar_spec.go
@@ -28,8 +28,6 @@ const (
 	SidecarContainerName            = "gke-gcsfuse-sidecar"
 	SidecarContainerVolumeName      = "gke-gcsfuse-tmp"
 	SidecarContainerVolumeMountPath = "/gcsfuse-tmp"
-	CacheVolumeName                 = "cache-volume"
-	CacheVolumeMountPath            = "/cache"
 
 	// See the nonroot user discussion: https://github.com/GoogleContainerTools/distroless/issues/443
 	NobodyUID = 65534
@@ -39,7 +37,7 @@ const (
 func GetSidecarContainerSpec(c *Config) v1.Container {
 	// The sidecar container follows Restricted Pod Security Standard,
 	// see https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-	toReturn := v1.Container{
+	return v1.Container{
 		Name:            SidecarContainerName,
 		Image:           c.ContainerImage,
 		ImagePullPolicy: v1.PullPolicy(c.ImagePullPolicy),
@@ -76,20 +74,15 @@ func GetSidecarContainerSpec(c *Config) v1.Container {
 			},
 		},
 	}
-
-	return toReturn
 }
 
-func GetSidecarContainerVolumeSpec() []v1.Volume {
-	toReturn := []v1.Volume{
-		{
-			Name: SidecarContainerVolumeName,
-			VolumeSource: v1.VolumeSource{
-				EmptyDir: &v1.EmptyDirVolumeSource{},
-			},
+func GetSidecarContainerVolumeSpec() v1.Volume {
+	return v1.Volume{
+		Name: SidecarContainerVolumeName,
+		VolumeSource: v1.VolumeSource{
+			EmptyDir: &v1.EmptyDirVolumeSource{},
 		},
 	}
-	return toReturn
 }
 
 // ValidatePodHasSidecarContainerInjected validates the following:

From 573c5e1d4cd4b0e4b5f03d6e99471f4a6e6c63fc Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Wed, 6 Sep 2023 00:02:35 +0000
Subject: [PATCH 7/9] remove space

---
 cmd/sidecar_mounter/main.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cmd/sidecar_mounter/main.go b/cmd/sidecar_mounter/main.go
index 2ee80b155..8b10b7e8a 100644
--- a/cmd/sidecar_mounter/main.go
+++ b/cmd/sidecar_mounter/main.go
@@ -30,7 +30,6 @@ import (
 	"time"
 
 	sidecarmounter "github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/sidecar_mounter"
-
 	"github.com/googlecloudplatform/gcs-fuse-csi-driver/pkg/util"
 	"k8s.io/klog/v2"
 )

From ecda89cdc7d60fae7ddbb6eea7234c209165596c Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Wed, 6 Sep 2023 16:10:26 +0000
Subject: [PATCH 8/9] add node selector to pod sepc

---
 examples/jupyter/jupyter-experimental-readcache.yaml | 1 +
 pkg/webhook/mutatingwebhook.go                       | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/examples/jupyter/jupyter-experimental-readcache.yaml b/examples/jupyter/jupyter-experimental-readcache.yaml
index dcc1965ea..d70a027df 100644
--- a/examples/jupyter/jupyter-experimental-readcache.yaml
+++ b/examples/jupyter/jupyter-experimental-readcache.yaml
@@ -23,6 +23,7 @@ spec:
       serviceAccountName: gcsfuse-ksa
       nodeSelector:
         cloud.google.com/gke-accelerator: nvidia-tesla-t4
+        cloud.google.com/gke-ephemeral-storage-local-ssd: "true"
       terminationGracePeriodSeconds: 30
       containers:
       - name: tensorflow-container
diff --git a/pkg/webhook/mutatingwebhook.go b/pkg/webhook/mutatingwebhook.go
index 7e36a84b7..2f8b6599d 100644
--- a/pkg/webhook/mutatingwebhook.go
+++ b/pkg/webhook/mutatingwebhook.go
@@ -111,9 +111,6 @@ func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admi
 	// the gcsfuse sidecar container has to before the containers that consume the gcsfuse volume
 	pod.Spec.Containers = append([]corev1.Container{GetSidecarContainerSpec(configCopy)}, pod.Spec.Containers...)
 	pod.Spec.Volumes = append([]corev1.Volume{GetSidecarContainerVolumeSpec()}, pod.Spec.Volumes...)
-	pod.Spec.NodeSelector = map[string]string{
-		"cloud.google.com/gke-ephemeral-storage-local-ssd": "true",
-	}
 	marshaledPod, err := json.Marshal(pod)
 	if err != nil {
 		return admission.Errored(http.StatusBadRequest, fmt.Errorf("failed to marshal pod: %w", err))

From 0debcb5836a4ec26614c648efeb83cac87cbf69a Mon Sep 17 00:00:00 2001
From: Julianne DeMars <judemars@google.com>
Date: Wed, 6 Sep 2023 17:34:14 +0000
Subject: [PATCH 9/9] update readme

---
 examples/README.md | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/examples/README.md b/examples/README.md
index 34903c02b..d0f0bb5e6 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -187,13 +187,18 @@ kubectl port-forward jupyter-notebook-server 8888:8888
 kubectl delete -f ./examples/jupyter/jupyter-notebook-server.yaml
 ```
 
-## Jupyter Notebook Example (no experimental read cache)
+## Jupyter Notebook Example (with experimental read cache)
 
-#### Prerequisite
+#### Prerequisites
 
-Your node pool must have created an ephemeral local ssds as described in
+1. Your node pool must have created an ephemeral local ssds as described in
 https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/local-ssd#node-pool
 
+2. Your node pool must have a GPU accelerator. This example uses nvidia-tesla-t4,
+but you can use another one (just make sure to update the nodeSelector in the
+yaml below if so). See
+[an example here](https://github.com/GoogleCloudPlatform/gcs-fuse-csi-driver/tree/main/examples#prerequisites)
+
 #### Steps
 
 ```bash
@@ -204,14 +209,15 @@ sed -i "s/<bucket-name>/$GCS_BUCKET_NAME/g" ./examples/jupyter/jupyter-experimen
 # 2. install a Jupyter Notebook server using experimental gcsfuse read cache
 kubectl apply -f ./examples/jupyter/jupyter-experimental-readcache.yaml
 
-# get service IPs
+# 3. get service IPs
 kubectl get services -n example
 
-# copy EXTERNAL-IP of tensorflow-jupyter server
-# Open IP Address in a browser
-# input token "jupyter" (from yaml)
+# 4. Open jupyter
+#  a. copy EXTERNAL-IP of tensorflow-jupyter server
+#  b. open IP Address in a browser
+#  c. input token "jupyter" (from yaml)
 
-# clean up
+# 5. (optional) clean up
 kubectl delete -f ./examples/jupyter/jupyter-notebook-server.yaml
 ```