From 5df685273dbde4904930cc5732dd21f44b832279 Mon Sep 17 00:00:00 2001
From: andyzhangx <xiazhang@microsoft.com>
Date: Sat, 29 May 2021 04:07:34 +0000
Subject: [PATCH] feat: support fsGroupPolicy feature

update chart file

fix chart file

fix helm options

fix Makefile
---
 Makefile                                      |  11 ++++++-----
 charts/README.md                              |   6 ++++++
 charts/latest/csi-driver-nfs-v3.0.0.tgz       | Bin 3168 -> 3210 bytes
 .../templates/csi-nfs-driverinfo.yaml         |   3 +++
 charts/latest/csi-driver-nfs/values.yaml      |   3 +++
 test/external-e2e/run.sh                      |   5 ++++-
 test/external-e2e/testdriver.yaml             |   1 +
 7 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 480ba557..c294a4d7 100644
--- a/Makefile
+++ b/Makefile
@@ -42,6 +42,9 @@ REGISTRY_NAME ?= $(shell echo $(REGISTRY) | sed "s/.azurecr.io//g")
 IMAGE_TAG = $(REGISTRY)/$(IMAGENAME):$(IMAGE_VERSION)
 IMAGE_TAG_LATEST = $(REGISTRY)/$(IMAGENAME):latest
 
+E2E_HELM_OPTIONS ?= --set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) --set image.nfs.tag=$(IMAGE_VERSION) --set image.nfs.pullPolicy=Always
+E2E_HELM_OPTIONS += ${EXTRA_HELM_OPTIONS}
+
 all: nfs
 
 .PHONY: verify
@@ -112,11 +115,9 @@ install-helm:
 e2e-bootstrap: install-helm
 	docker pull $(IMAGE_TAG) || make container push
 	helm install csi-driver-nfs ./charts/latest/csi-driver-nfs --namespace kube-system --wait --timeout=15m -v=5 --debug \
-	--set image.nfs.repository=$(REGISTRY)/$(IMAGENAME) \
-	--set image.nfs.tag=$(IMAGE_VERSION) \
-	--set image.nfs.pullPolicy=Always
-	--set controller.logLevel=8
-	--set node.logLevel=8
+		${E2E_HELM_OPTIONS} \
+		--set controller.logLevel=8 \
+		--set node.logLevel=8
 
 .PHONY: e2e-teardown
 e2e-teardown:
diff --git a/charts/README.md b/charts/README.md
index 982747c2..4d3ce5d1 100644
--- a/charts/README.md
+++ b/charts/README.md
@@ -3,6 +3,11 @@
 ## Prerequisites
  - [install Helm](https://helm.sh/docs/intro/quickstart/#install-helm)
 
+### Tips
+ - `--set controller.runOnMaster=true` could make csi-nfs-controller only run on master node
+ - `--set feature.enableFSGroupPolicy=true` could enable `fsGroupPolicy` on a k8s 1.20+ cluster
+ - `--set controller.replicas=1` could set replica of csi-nfs-controller as `1`
+
 ## install latest version
 ```console
 helm repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
@@ -31,6 +36,7 @@ The following table lists the configurable parameters of the latest NFS CSI Driv
 
 | Parameter                                         | Description                                                | Default                                                           |
 |---------------------------------------------------|------------------------------------------------------------|-------------------------------------------------------------------|
+| `feature.enableFSGroupPolicy`                     | enable `fsGroupPolicy` on a k8s 1.20+ cluster           | `false`                      |
 | `image.nfs.repository`                            | csi-driver-nfs docker image                                | gcr.io/k8s-staging-sig-storage/nfsplugin                          |
 | `image.nfs.tag`                                   | csi-driver-nfs docker image tag                            | amd64-linux-canary                                                |
 | `image.nfs.pullPolicy`                            | csi-driver-nfs image pull policy                           | IfNotPresent                                                      |
diff --git a/charts/latest/csi-driver-nfs-v3.0.0.tgz b/charts/latest/csi-driver-nfs-v3.0.0.tgz
index 86ff63a3bb105f35a54cd4e22cfad01ee8147ee6..46cc8ca3e1ab6b8c8e10c4ada8819268db6c1353 100644
GIT binary patch
delta 3010
zcmV;z3qADU7>XH?Jbzzv+c=WXGe1S2Jav`Hg_JD$PnK1F$k@)FYZJ#6<#IJOwdI1q
zmV`A3Z~#!T#^d|!R{$u9q$o>{|724mJlGP^Xf&GLjqV>Hs#%yQHbE7Np>7|Ki89fY
zr2NI>wN9tgIo#iO|2v&d{eNfop!;HXud~0`+u!ST_g-{%_kTLQ?hEKVq6{lrt_@Ky
zIuD+!zPKNxk&JyorI{2lOm+j3W%I9`7}O?6P*cS+<DMP&&*1!BA5NUfz)&jqM?OF$
z(4Y<kNil}1Nd=QR`(D(EI>Gl|@wSy)&HpEa=cpe!0Ic!<-Gjr!y8rh&dt3j1j>b|l
z!Z-i`5JT-h*ng%llbRW+rZJ>cMJc07YB@9!m1+Cxjc!xT+G40fs@Z&$A)|TRm_5sK
z&MzcqbQ;6i@LZY;g&Kt?pqgDMIbk+JplY7}>Wz*@R7Fg-H5-N6NJU0y=MS^R*s2VZ
zZnPV9Hj{y~2@2HuLdgN%ON80T%#K_Vptq?2LMG?~>VGF3F>MsNza}h?nIo$imnD(9
zn~0=QO&G<ul*(KfD+yId48~woj)58wy7Z7rVU*<Dze9x?XO!p|y7pTxK8g=S8&ok2
z3D;ItT#nx31bGbmL12ZCYY!XW%NPka;|r-w4BfvS?Dv9Th{WW|^`jsIj_>+^S2E9L
zOY;*3JAXUy35TdqPy{1E3IwSjl?p*4RcN$*JV3}bCh&EP!fA+!5jY>wmW9G$3}a(5
z9k<(8^Nr8GkVI15Hbh_PHkD$?M!CW;lSyb*LzqC-w){fJEX)*}5QDQ<HEjnwJAv!E
z$T{zOfnxaWpTQ1<;P=&5G1PMLBDWsCnbzXJ!GAP!{@XtP`1!OSnQQa#7_%<_voXIK
z|M&NM+xY)14L*;tp4Bl8BQ(aEeu5d7Q%tOHOl7Ws^4vOd6a=3o&@s}h`shq18nhuM
z*RLVtNHp3I5C;K(bs1_ngrPNQoe_#hH#ZP{LPr;!&z{2Vt(Czu3qy?@sgdfar99=*
zD1W%UZ9y1*C5Dc_w@!bgw$lGE$H+5OIx^WqQ^9rlU*~YY=KlwKz1^+<KS#T{X}^LA
zOJmSzV8}R{X@*CsRSO+s46oX^w?W{@POmc}5-?+QI}*sD`%E2X;OK5{LP&7P1VT#;
zb!5p}5H5O1&J9E!WpHjAeeo5CrTjQSrGHq0@TW~G1cig1`^eIMJ{+=ZXoU-AC=&PC
zi^j<SxpwvF7<mc`wagVo4UKYna?i|vw)q3evZ%VLGocL;)NZ~_0jF_HN(32U5)P)d
zQGK6RtsGeF@;5gy^TM(cqm|?41-6^b>-O!ujxUB;tweg<b}y?!S}Z19JeiIB(|;v$
zHX677s|Bsgmg7}Y{`WTCZF_KA8UI~TVavODX8+Boz?%4fc(8v^jsM-w{x<$UPYc5^
zxMCuS;l!nSsjUFZpdiUI-Ja|QDH@UxLu{a2;CxjJDY{$+7sIN=F1Wb?CMeI7S~QN}
zPhcWJVW4a2bcVEAPFj}5hEcN1S%1GB12D@KeZ`pCgz)`5#M?%)Y=!VM>o11RSG<A1
z2Y&K(GXTsMWt$D9Y&c(1z5ZLUT&fJMNJjojQoefhT(&n0Mzi2Oe=wHXoTK?F)s-*h
z0d`;^G7zpM2*kvd$EnPP0Wox6JOBU*o8b(J(6g%h*p~_Kn9}BdnHm4LpMRzxtRf8O
zE37Hhq@Wiv!G7hn+E(2KrH+9!kzddIYuYUv%mR@py|pSoB{{~BI-&|o6v=#0rkGUB
zOpiIy+OI=TwZSwj>ZFh=W*8;B7+@qvMGTXogtdimg*I7m7>=EHDWkBgT61~;nOQDU
z#n3waJtw@}=OEk|TJ~j@pMT?Uh}3TV=dw@7nB=_Fy-tKec^M}HpHPrFR#MT<BHT3L
zeT8=vIZfFaqAI!=Eub{Gy^YsV8!{?#r@33JQAsW@TPvI#bz4ghLn|#w5`|hH{q*wf
z$;qeFe*fnNLXIRs6*}u?QdATrCiUsODhhU$zPY{~FiSOyw4_&cEq`5<K)-bgSOA3O
z*ak3>JWuh1b=@U(xBziM%-G9Olh8|V<w6rK;s!XFvq;#h963u_eHH+k<uUAbI%(~B
zimAg%_d1;q)wvb^o}*sLX%(Yxna@o7Gh8yP!oGLdVFk%tXNFbc&8)C$Z>uc8Q#z?b
z!%~#FIqK;p0uQo=nSWH~sQb5r{q7RQ<fwZu!>TUnTkPr%%W>~(rP)2IUF|-pU5TOI
z#F%UXvc`lg$+F>Sq`BLyq%e4Gsv>8KO&G@!CIzBjSq;g^fN^G6U5@}HNn-e|)&I4B
z`S#?)*?H@q6#~M!{CY8CeyS<q#2+QsW?64Vc2%ovr#Uo-lYgV;jB$3*P}5K`%5H)z
zIr{14`Nxyf%d?ZFu#F<gBopT7r<ce5v&+--lZ%gM=bwMxD1H}wo8tF7CDXc!0fr2D
z@(G8_Jw>0leVbcGR(hL?G|pU>wR!u<1-p*h?Nu?vMujC!&$sQx$xOE~^!w2AN3AbY
z(nu<K44;oLN`HMT4(8mV3FEoK&trvpEP3Kjj23NdO!jv)b$w+%M63|Q3E$Mm1T&2A
z6XaytM=C|4W9W4%G(|w2ckfoaGgM3_&4bqmzDy=MbU|)S@S70T=4{~3rZ}3m9oR^&
zWJX4XC$@fJ2~$4*sHSkwyrp+nhu-cJgkG=rhE#K<x_@o8<Wy08w;Sr-Of!t(#Hm`U
z>C&`~TEsLn(-Wp*xVe3TyEAL?AK%HuP(Bs@)9LN+E#W_%E&lT?tqk=P_X(n_Hy&5s
z9iSn*1w3@zKl2BC4M>pPneATT2hMRDVho|<PxyPzl+7z<XaC;s-m@XnDdqS<CNn1t
z;lc`|jeoxyQLEsKqyDJjoZlq_LtQ!ff5$im<(mC_>-yiZt@VGKPCW2F*gE`ozgIv1
zJM11DZvFo`+75gkGY!AK{qWwM{>^eZ4fV@J@Si|6D;_&YF5~%#33z*P26FH(q(%oj
zV8+A%Q3wJlYE9G>j0BYncTb=+Y$%m0c?$HIV1Ft_AMXo3TZT^rJKqmTE(CcJ2)W?>
z1AxanAQc-iLAXPSsT9KJmGD*OJb?kiK*=i<@Rgad%uSgGXn*VEzHsulz{7VTjejM8
zrzD+=^i|;&_wB0X_7(<uLKx`Io1Aw6L(A7l*8)WiLzWGa&oZ?-WQ2Vqv-+CxdJ&^a
zntzaKN`!-o+5;xqdfa*qt&rNkDuqxDp*>rzjTf{0qu4C&=(9?4j!;3Knw_X>vG;YX
zqOc3gvV^wyJ6f*&oM^f#X%pv_7|}oe=a<t<2Na#Z{c!qhP|*f3T!YO#t1mAGS6;;3
zEXt&7kk=moCw)|0*t!a=15f?tu!T*Z7?b@84=5gp?MgheaV7V|GMo0ZyTHwl>eyWm
z`Tp4Ix2*GW_PdOY=73e((f5-y3Q~WP94l*c)Fd}!sn{RRofnvRGyEOmwLv8aFJDn|
z7pXR0g37s%-64>SIV4-#jIl@*7Zoi0*2?B6c@gsqq6w;jBN(Bvl@({&{dYf$u^+q&
z?5D)WJ9Oi|VM59YOE;c1&l1u+SM|uDY3720a-#Ky>)dcnI6+~)L371wUPFH?TQ%MK
zWl_y+#`&lVdJsb@rAnA6TYJ+S&PN|bX^Wf3B{%$qiG+#KL%p$fS1=qDY&V90bB||x
zcWjJvi*0}P&DBjJoQ)AhiLxA&Hj6MYf0K78s}dd;@xQkJM`PqE8wsiK@%ET?=fC^i
zgZl6PyL;RH|5@4&To7Xo%UuWQ_HW+*`gxO#3qLWA;G^JE_rvVWi)5=m;7ni?L?`{r
zzL5%p9XOV0Dg}Hw?nA<q4x$k=ZTHuUA4G#cll%)DNUvG&DjJZh;8kSOEO_;Q!47;O
zipgBV*~zI6qD)B}9)gG^NZOuG$$tgWL{phy`$tIpw{6?D?JwW{KL7y#|GxuanE*@x
E03hMimjD0&

delta 2907
zcmV-h3#9al8Q>U@Jb!I(+qjeOYki72XL0EED%r8~(7%AZ=qB0!1>2@U-RohoSOhdR
zwz;85ElIiYW^<qYKvK3PS&p6Np(xgTk=WvJI2_FkXMUuqW?`b(1XU=8x_vw*%0yF=
z@)wWSI-O4EU~kX;?{qr#|DD}~?u*^M&i?M+{^5S-;6-P5uYc3)zJSgn%CNHK+7R`k
z^WeGai~CL*$=GL9nn@AEWH%sLHvh_rL2ZHrHB~G#?%8qw49<V<!-+E)7)k}d<O5U!
z4eCIU6l18GR4|#d??s)c6MX9xZ(F(5{C`4tj{1=Uz#9MGJ?M4n{@*>^-TMD?G?tPP
z#sL6;7;68)Hh+bg)XYdVjUlBfN*PsB%b|&=Oxss)ben3{7DF9U&E}&F8O`Iy>{*s`
zejz!d(-_W%=h9p#)F?aw)$Bsa39}IbRrB;$Z*(-GDq^y&*(lUTDl$Slf0!-CR%MuU
zqur>pnGBpwP@vWqN)GT|BFsi+cI1)(y-fuWGC?0uKY!wgX`{&fHDP(o99hk{EQ!?J
zL?n%B!YIC_ROZ51NvJ|%Fb1P?4Ag+orH51sqa^449V*N?qeREhwcm2_LA)p0po(Eg
zxVEa|a`X--$Ya<K0xNu6d)WA1#z?psUr1$Q=>F?qzZV2MJMa;Qs8CP@BS8uTsUVdK
zK_gXYw3AH&2Y+RZ!Y!SN5jf-5mW9G$3}a(59k<(8^Bv7<I+0Yj4bfM+O{EyJQLZq|
zWD?pn6DCl#Ex*t)3p2$g#Ng~5OxwZEPT;yOa?bl+pcsDpJ=lQ|{D#>ohFUIO<kqw8
zlC}76FwLC*w$DF&I_*d1+B|%Yb@^YfyH|_<`}@7UZGZfKjs~B`SkLO1h7lTLJtV=5
z%PA(-g{CrBKzVK*ISPVL66hG|Ref|O6AjuBlk3-zaU>dT2#A9Kz<L%n9Kz6AzRn26
zqnjIuKBA+G&Sy{I_SVYanT4T7j?_qX)KZ>uX%yVvwjd0@5JSh`TBqMrTj~FoW8@hs
z9hvN*sej<Q{I7GkU-SQiz1}wedzN-{(|!dLmd2pbz>sk?(+rPNs}?%O7+$q+Z-c;*
zonB`|Bw)tqHZG7u_nA7(z|q~@gplBn351py>d2C{AYAm2oEwNd%HZ5K`s^zXOZj1f
zO0fjtZ<|yI3I{#+k){27IAqt*3Kz^!B<`~pjenB?a_#ETG4d1?YMCpF8XD#D<er)T
zZ1W3}Wl?qSXF?kysNJKR0#4(Yln64yBpgg@qxwFtS~;*t25xR(=7nV?Mk~k73v4%=
z*X`SR9bXKyT8Z?y?Os-ev{+2IcrqLLw@c(~G;aM@3tE>g$E&3LZ*9EW_TaWM{=1^W
zmVbBi%>JuUfi>~}@L>O-8vnbU{cZezo)(5-aK%It!--4vQd<F*K|zvbx;@zqQZytX
zhS)&4!1<~cQgpctE{0W!U2t;)Oi-RDwP+l{-@rtI!a&#3=?rPLoU|;94Wne2vwk}U
zV3sTTiZQhb;k$W=w~b`k3gKtgUkshEcz*+d5B%ioW&oHi$~GHH*>Jw3dYQOjxl}+}
zk&OJ6q<r=0xomG1jAp@m{$MP%IY;wFsw-d01MI*;WFTBi5QvGZqEnd*17hgDcmMzr
zHp3Ybp=W@?u`d&TW=fm?WoG=}ewu=?iZGn7u%=Lxf?mi3`<2&fTXh$dItI=}et$jh
zuW7ezFbhPY^wz5Ul;jvg>WC^VQ6%$0nPO5gGd<=+YrhUX)dthBsFOmfm|>LgVt|nx
z6){YT64n;N720IMVK{c)rHsO|YR%~ZWM;WY6+`Rv&z$gbpM!8?XxW!pevZQ-QoHq^
z%RU`rlJipcIuQ!xWt<3nLP6$`N`FN=i*VC~_Z8kz<TPbxh^pvfw1Cp!_BLKeZOEv|
zo#t+>MkTqtY^`u|)NL(246U>zNfc^*^ux=yCnq0I`~4pq2sx4jRp_jnNl{UhnAE59
zswmi1`sVs}z%11)(vn`)wRBMe{nja90T7mB8^A>JJjM6cb(hrP0>lL|V}CD4O+qid
zl?zR{h#TNw&LUy2a^x&!^;rODmdCK$>7=#iDW(o5-RpGTSLasvXO4O$r&Wx)Wj-_Q
z&v41G3j5w+hZQ7qof%e%H?zX3y{)nUPwAu%4NFnx=BTHa2t3FdW>T4>?!ON9yGs<4
zqwc*7tGcAGv8y{Q$GxwWW`FmncD4JYb|r>-6JxRo$Ql!}B+G`Qk>+l*lEUD%sfwH_
zHenn`m=uV9Wi=!t1IC$Qbv*)*B#Gg-R{z)j<=d0@XXmZoD+Gjd`Q>89{8UrIi9brN
z&9dH#?5bATPIG7uCr8a0<LscJrlDe#-2_>3^ux>Z4=1OWXD3Zz8-GQTNhZwE4=<1V
zXP2kvCl?>i&OiOQQT#6WHpTCsl}zg@1{gBr$wwS6_Y{5J_HAw%S?O&m(l~Qj*5>Ua
z7wkH2w^zjw8x@u`J>Rw$Co|o~(C<UbU$wqWNh7J`F?>3{DD|y4m~)FJjOPkJjTP##
z<cU8qTC}k-*}u`$^?#N55V1lGCwx;M6U;EePmq&oAE^|Hj-l77&=di6-o0Dx&QLL#
zG!I@M_%fO3&;_|Q!EZuTo3nvC!s2M!c3>m9k{KBlp4j?{B~1DJqng4!^OoLS9eTS@
z5PH4d8&b`c>bBLAQ$_XNZm4@R%`k=&r)sIDOVc)L5!1{}Pk)$-;pX-UP6gNEKfaTR
zp?oU*r_=5A>iEyz;r<r?d5%_wdW!o5(bXG|EAI}_klg|vI_{tO1HJ|%$nMN`ukZus
zxD7Fe(D6t7GiS=?6|=K{?|1Lm5b2b1d@qxk6NYeMh0z9u*<KWTj<(kSZ94J5`(W$v
z-~C?w{O_=PaDTY<|L15s@M+96{QCC&J9qjw%jGoGFB8Fk0@bW|>>#;}=OZTI?Zp|$
z!5>JC4tBtdi2<Sz1X9$Rs3{l;Di`jaKxx=eDp&Fp=rh4oiay>Ke6|dq2zI_7kX#7z
zBoK1J`#S)ScR(sOVuEmo5>qLJ&nw}J%y|L>gn^P*D1YD!Gh>;XG7r%H*2#V0<gbB;
z??M{?NdQktIv44y!Y%IGRm<%y4D^IB(499q?*fLFuaT|=iW-J28zi4)YIVp6`$lH<
zHRJUnMwK)n)07AY6}1OUwDq|48d@Q>e^m;h8bW)vS{pBB`A4x?+|g&1<Q$=bJT*H}
z)nf1KSRzGX7nWrSZSi-sT>ClEbXC$O&MPsZU;gK((@O^woxgp5ll=)80q>I*3Lz*K
zi0w)|vvDQ&!!n!pv%A2}59-)m5Bc`k>esCEa`y9$jpl$=+tIg^UkXwTlpHH-bJQd^
zW2x9*lf4QZfBjp@JkvH~EE2^<1q;8mvN=j##QcJ2f@<IhMrdqh#hG^h-Opm|2d@JA
zDY5Ym-MFuqkaEJ(jc3iXgf!1pJ#uK8xuBq&XuaV&H(V1=P?)dKT(O$h(8^X#w|-ev
zGn;Wf>Vh7`kV>f%Cd$^{G>7xiM^W11=5fgle_|qGUSjl6Z>-%F3<m|<jUnLN<JsOF
z8{^z!+h2Wib(08ZV?<G+EC;2{A`Hym<Q>YYgvUkvukHWQ7<tM@LMnW`J!akc?|%1S
z>G%J8+x`Dp+74V0V-3q)>Gp5l|44e1whKQ9jNpUdQ}_Grll==Abw2Jx!jul85i@P~
z*NY!SgTGYU{hd7+kJ|Rn?5m!L_JYxX(5pOir(ZgF73nWo@G2URtKd~+(kyuOf58rX
zCW^^i!`aEH4x&s+8y<p)B}m$yPRT!lXrif1u>CzG{@b=~+xCxd{~rJV|NpTTkWc_j
F0080;%@F_q

diff --git a/charts/latest/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml b/charts/latest/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml
index 6c7c462f..a1bfac8d 100755
--- a/charts/latest/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml
+++ b/charts/latest/csi-driver-nfs/templates/csi-nfs-driverinfo.yaml
@@ -6,3 +6,6 @@ spec:
   attachRequired: false
   volumeLifecycleModes:
     - Persistent
+  {{- if .Values.feature.enableFSGroupPolicy}}
+  fsGroupPolicy: File
+  {{- end}}
diff --git a/charts/latest/csi-driver-nfs/values.yaml b/charts/latest/csi-driver-nfs/values.yaml
index 74d1bcf1..5cf553fa 100755
--- a/charts/latest/csi-driver-nfs/values.yaml
+++ b/charts/latest/csi-driver-nfs/values.yaml
@@ -29,6 +29,9 @@ node:
   livenessProbe:
     healthPort: 29653
 
+feature:
+  enableFSGroupPolicy: false
+
 ## Reference to one or more secrets to be used when pulling images
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 ##
diff --git a/test/external-e2e/run.sh b/test/external-e2e/run.sh
index fffe607f..1d89d8ab 100644
--- a/test/external-e2e/run.sh
+++ b/test/external-e2e/run.sh
@@ -28,7 +28,10 @@ setup_e2e_binaries() {
     curl -sL https://storage.googleapis.com/kubernetes-release/release/v1.21.0/kubernetes-test-linux-amd64.tar.gz --output e2e-tests.tar.gz
     tar -xvf e2e-tests.tar.gz && rm e2e-tests.tar.gz
 
-    # install the csi driver nfs
+    # enable fsGroupPolicy (only available from k8s 1.20)
+    export EXTRA_HELM_OPTIONS="--set feature.enableFSGroupPolicy=true"
+
+    # install csi driver
     mkdir -p /tmp/csi && cp deploy/example/storageclass-nfs.yaml /tmp/csi/storageclass.yaml
     make e2e-bootstrap
     make install-nfs-server
diff --git a/test/external-e2e/testdriver.yaml b/test/external-e2e/testdriver.yaml
index 1cf77cfd..c9386554 100644
--- a/test/external-e2e/testdriver.yaml
+++ b/test/external-e2e/testdriver.yaml
@@ -10,3 +10,4 @@ DriverInfo:
     exec: true
     multipods: true
     RWX: true
+    fsGroup: true