Pass VolumeAttributesClass Parameters as MutableParameters to CreateVolume

[ConnorJC3]

What type of PR is this?

/kind feature

What this PR does / why we need it:

Implements the external-provisioner component of https://kep.k8s.io/3751

Which issue(s) this PR fixes:

Fixes #952

Special notes for your reviewer:

There are several places where I was unsure of the best action, marked with "TODO" comments, please answer those if you have a better answer than I do.

Breakdown by commit:

• Update to go1.21
  Required because the Kubernetes dependency that will be upgrading in the following commit references the go1.21-only slices library.

• [TODO FIX AFTER PRS MERGE] Bump CSI spec, csi-test, and Kubernetes dependencies

  • Upgrades all k8s dependencies directly in k/k to the versions from [KEP-3751] introduce the VolumeAttributesClass API kubernetes/kubernetes#121104
  • Upgrades csi-test to the version from Update mock for ControllerModifyVolume csi-test#492
  • Upgrades the CSI spec to v1.9.0

• Add VolumeAttributesClass feature flag
  Adds a default-off VAC feature flag.

• Pass VolumeAttributesClass Parameters as MutableParameters to CreateVolume
  The meat of the PR: Adds the funcionality for VACs, as well as associated unit tests.

Does this PR introduce a user-facing change?:

Pass VolumeAttributesClass Parameters as MutableParameters to CreateVolume

[ConnorJC3]

/assign @sunnylovestiramisu @msau42

[ConnorJC3]

Chasing down CI failures, but I believe they are largely (if not entirely) false positives caused by issues with the go version - this PR should be reasonably safe to review now, I don't anticipate any large or architectural changes. make test passes locally for me.

[sunnylovestiramisu]

The csi spec states that "A Controller plugin MUST implement this RPC call if the plugin has the MODIFY_VOLUME controller capability. "

To consider backward compatibility I do not think we should reject the call. Maybe if there is a way to send a warning to users indicate that the VAC is not applied because of feature gate etc.

[msau42]

Why would it not be backwards compatible? A user would have to opt-in to specifying the VAC in their PVC.

[sunnylovestiramisu]

What if they downgrade their cluster and turn off the vac feature but the VAC is applied?

[ConnorJC3]

Kubernetes doesn't support downgrades, although I'm not 100% sure what would happen if you disabled the API Server feature gate on a cluster with VACs already in it

[pohly]

Kubernetes supports downgrades.

However, even with the help of the folks on #sig-architecture the best link that I could find was only the underlying design for API storage: https://kubernetes.io/docs/reference/using-api/deprecation-policy/

[ConnorJC3]

Maybe "doesn't support" is too strong of wording, but Kubernetes does not document any support for downgrading and it is widely considered unsafe: kubernetes/website#12327

That said, I'm not sure it really matters for the purpose of this question: My question is basically, if the volume does specify a VolumeAttributeClassName (i.e. the feature flag is enabled at the API level and the user is using it) but the local external-provisioner feature flag is disabled, what should we do?

Should we either (1) provision the volume as normal - ignoring the fact it has a VAC or (2) refuse to provision the volume and demand the user turns on the VAC feature flag or remove the VAC from the volume?

[jsafrane]

KEP says that "API server gets requests of modify parameters in VolumeAttributesClass but does not act on it", which I read as the external-provisioner / resizer should not act on it and thus ignore vacName.

Perhaps a little refactoring could help:

var vacName string
if utilfeature.DefaultFeatureGate.Enabled(features.VolumeAttributesClass) {
    if claim.Spec.VolumeAttributesClassName != nil {
        vacName = *claim.Spec.VolumeAttributesClassName
    }
}

if vacName != "" {
...
}

[ConnorJC3]

Much better than my version, I stole it wholesale for the next revision

[carlory]

@ConnorJC3 API changes is merged now, please use upstream kubernetes repo instead.

[ConnorJC3]

Bumped to use k8s 1.29.0-alpha.3 version. CI still broken because it uses go 1.20

[ConnorJC3]

Rebased on latest master branch as well as incorporated the most recent feedback

[jsafrane]

Yes, please send a PR for csi-release-tools. All sidecar releases for 1.29 will need a new go.

[ConnorJC3]

Working on a PR, for now I modified the directory directly to hopefully unblock CI, although this will cause make test to fail because it detects non-upstreamed changes

[jsafrane]

KEP says that "API server gets requests of modify parameters in VolumeAttributesClass but does not act on it", which I read as the external-provisioner / resizer should not act on it and thus ignore vacName.

Perhaps a little refactoring could help:

var vacName string
if utilfeature.DefaultFeatureGate.Enabled(features.VolumeAttributesClass) {
    if claim.Spec.VolumeAttributesClassName != nil {
        vacName = *claim.Spec.VolumeAttributesClassName
    }
}

if vacName != "" {
...
}

[torredil]

/lgtm

[k8s-ci-robot]

@torredil: changing LGTM is restricted to collaborators

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jsafrane]

/approve
LGTM-ish except for the release-tools hack.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ConnorJC3, jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jsafrane]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ConnorJC3]

csi-release-tools PR here: kubernetes-csi/csi-release-tools#238

[jsafrane]

release-tools have go 1.21 now

[jsafrane]

/lgtm