Update ControllerModifyVolume Status API

[sunnylovestiramisu]

• One-line PR description:

• Google doc discussion of resizing status change
• Notes of discussion of modify volume

• Other comments:

[sunnylovestiramisu]

/assign @msau42

[msau42]

remove this field since it is now moved to actualclassname

[msau42]

replace Class with VolumeAttributesClass

[msau42]

It's either succeeded or not started. I don't know if we need a const for this.

[carlory]

What's the difference between a nil value and an empty value? the Status field of the ModifyVolumeStatus is pointer type.

[msau42]

I am wondering whether we should actually make this field an object reference instead of just a name.

I am thinking of the scenario where someone may delete and recreate the VAC with the same name but different content. But actually, if we really want to keep track of the attributes are, we may need to keep track of it in the PV object. @jsafrane @gnufied wdyt?

[sunnylovestiramisu]

Is uuid enough to distinguish instead of doing comparison of the whole VAC object?

Usually the protection controller will prevent the VAC to be deleted but an admin can force delete.

[msau42]

/assign @gnufied

[carlory]

What's the difference between a nil value and an empty value? the Status field of the ModifyVolumeStatus is pointer type.

[carlory]

IMO, If succeed, pvc.ModifyVolumeStatus.ActualClassName should be updated to pvc.ModifyVolumeStatus.TargetClassName and pvc.ModifyVolumeStatus.Status should be changed to nil.

[sunnylovestiramisu]

Yes both the status and actualClassName will be set as you said.

[carlory]

A user creates a pvc with a VolumeAttributesClassName set. if the parameters of the PVC are not accepted by the lower version csi-driver but are accepted by the higher version csi-driver, the status of the PVC may be stuck in infeasible state. If the admin upgrades the csi-driver to the higher version, the PVC how to recover the PVC to user expected state? To modify the PVC to a different VolumeAttributesClass which parameters is same as the previous one is not a good UX for the user.

[msau42]

A user creates a pvc with a VolumeAttributesClassName set. if the parameters of the PVC are not accepted by the lower version csi-driver but are accepted by the higher version csi-driver, the status of the PVC may be stuck in infeasible state. If the admin upgrades the csi-driver to the higher version, the PVC how to recover the PVC to user expected state? To modify the PVC to a different VolumeAttributesClass which parameters is same as the previous one is not a good UX for the user.

I am thinking that even in the Infeasible case, we will still have to periodically retry, but at a lower frequency than if it was InProgress

[gnufied]

The ModifyStatus field on the image diagram is not in right place.

[carlory]

I'm having trouble understanding this name of the new condition type. Is this saying that all the moditication of the volume which includes the reszie operation or just for changing volume attributes? If it's the latter, I think we should rename it to something like ModifyVolumeAttributes or ModifyVolumeAttributesClass.

[sunnylovestiramisu]

I do not have a strong opinion of the naming, I was following the previous naming by using actions instead of a noun. This condition is used to document the last error the controller sees.

[sunnylovestiramisu]

Discussed in the sig-storage meeting, we will name it "VolumeAttriburesModifyError"

[gnufied]

If we are not going to change status when we retry ModifyVolume after failing (and status is set to Infeasible), then we need to somehow communicate to the user that, we are again retrying ModifyVolume (albeit slowly), so we will I think need a condition for that too. cc @msau42

[msau42]

When do you propose we set a ModifyVolume condition to true and false? From api-conventions, it says:

For state transitions which take a long period of time (e.g. more than 1 minute), it is reasonable to treat the transition itself as an observed state. In these cases, the Condition (such as "Resizing") itself should not be transient, and should instead be signalled using the True/False/Unknown pattern. This allows other observers to determine the last update from the controller, whether successful or failed. In cases where the state transition is unable to complete and continued reconciliation is not feasible, the Reason and Message should be used to indicate that the transition failed.

I interpret the last sentence to mean that if we still intend to retry, the status should still be True.

So the main benefits I see of having the condition is:

1. that the timestamp can be updated every time we retry an operation.
2. we could potentially return false for some preconditions like VAC doesn't exist or is invalid, PVC not bound, etc.

[carlory]

In which case the controller cannot recognize the status value?

[sunnylovestiramisu]

This should not happen but like if someone setting their own status in a fork etc.

[msau42]

I think this comment is for telling consumers that how to handle the scenario where we may add new statuses in the future. I think it's simpler to reword it like "New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately".

[carlory]

What is the modify volume controller? pv controller in kube-controller-manager or CSI driver controller?

[sunnylovestiramisu]

it is the resize controller actually, we are putting this modify volume controller logic in the external-resizer.

[msau42]

I think we don't need to specify exactly which controller is handling what. That's more of an implementation detail. I think we can reword it to say something like "Pending indicates that the PersistentVolumeClaim cannot be modified due to requirements not being met, such as the PersistentVolumeClaim being in an invalid state or the specified VolumeAttributesClass is existing"

[msau42]

ditto below. I think we can remove references to specific controllers in the comments.

[carlory]

and here.

[sunnylovestiramisu]

Here what?

[msau42]

This comment should apply to the "Infeasible" one, not "InProgress"

[carlory]

Is the parameters field of the VAC optional? If the mutable_parameters is required, the field in the VAC definition may be required as well and at least contains one key.

from chatgpt:

[carlory]

I’m curious why the required and optional keyword is not used in fields in the csi proto file.

[sunnylovestiramisu]

We can add it, but that is the CSI spec update. The CSI Spec release has been cut already. We can revisit at next CSI meeting.

[sunnylovestiramisu]

Actually in the CSI spec, there are some extra paragraph I just did not copy pasted here because it is stand alone:

// Plugin specific creation-time parameters passed in as opaque 
  // key-value pairs. These mutable_parameteres MAY also be
  // changed during the lifetime of the volume via a subsequent
  // `ControllerModifyVolume` RPC. This field is OPTIONAL.
  // The Plugin is responsible for parsing and validating these
  // parameters. COs will treat these as opaque.

Please refer to the CSI spec for accuracy.

[sunnylovestiramisu]

And also in CSI spec:

message ControllerModifyVolumeRequest {
  option (alpha_message) = true;

  // Contains identity information for the existing volume.
  // This field is REQUIRED.
  string volume_id = 1;

  // Secrets required by plugin to complete modify volume request.
  // This field is OPTIONAL. Refer to the `Secrets Requirements`
  // section on how to use this field.
  map<string, string> secrets = 2 [(csi_secret) = true];

  // Plugin specific volume attributes to mutate, passed in as 
  // opaque key-value pairs. 
  // This field is REQUIRED. The Plugin is responsible for
  // parsing and validating these parameters. COs will treat these
  // as opaque. The CO SHOULD specify the intended values of all mutable
  // parameters it intends to modify. SPs MUST NOT modify volumes based
  // on the absence of keys, only keys that are specified should result
  // in modifications to the volume.
  map<string, string> mutable_parameters = 3;
}

[sunnylovestiramisu]

Can we defer this to CSI meeting in general? This PR is focusing on unblocking the k8s API change.

[msau42]

So in CreateVolume it is optional, but in ModifyVolume it is required. I think that makes sense.

From a k8s POV, if a user doesn't specify any vacName in the PVC, then that results in empty mutable_parameters.

A VAC having empty parameters doesn't make sense. If there is nothing to change then why would someone specify a vacName in their PVC?

[sunnylovestiramisu]

I am going to remove this session in the doc and please refer to the CSI spec.md

[msau42]

The comment needs to be updated

[msau42]

Instead of "Actual", I would use "Current" to be consistent with how other resources specify current status (like StatefulSet.status.currentReplicas)

[msau42]

It's not quite what was requested in the PVC. It is what is currently being reconciled, which may not necessarily match. For example, if user sets PVC.spec.vacName = A, then B, then C, we may still being trying to reconcile B even though the user has set C.

[msau42]

I think this comment is for telling consumers that how to handle the scenario where we may add new statuses in the future. I think it's simpler to reword it like "New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately".

[msau42]

I think we don't need to specify exactly which controller is handling what. That's more of an implementation detail. I think we can reword it to say something like "Pending indicates that the PersistentVolumeClaim cannot be modified due to requirements not being met, such as the PersistentVolumeClaim being in an invalid state or the specified VolumeAttributesClass is existing"

[msau42]

This comment should apply to the "Infeasible" one, not "InProgress"

[msau42]

ditto below. I think we can remove references to specific controllers in the comments.

[msau42]

I would save this for a future cleanup, but I'm not sure why we want to define the api definitions in multiple places in the doc. It means if we want to make changes like this, we need to remember to modify it everywhere.

[msau42]

I don't know if we need the "Controller" in the name since we're not going to support Node operations.

[sunnylovestiramisu]

We are not going to but will we ever consider supporting node operations?

[carlory]

@sunnylovestiramisu

Accroding to the discussion on the API PR, we also need to change the VolumeAttributesClassName description in the PVC and PV definition.

A VAC having empty parameters doesn't make sense. If there is nothing to change then why would someone specify a vacName in their PVC?

On the other hand, we need change the parameters field of the VolumeAttributesClass to required from optional. Users must provide at least one key-value pair for the parameters field.

[carlory]

@sunnylovestiramisu @msau42

Why use a pointer type? Do we want to distinguish a nil value and a zero value? If so, why? If not, why not use a non-pointer type?

[sunnylovestiramisu]

History of the VAC name being a pointer: https://github.com/kubernetes/enhancements/pull/3780/files#r1230300561

[sunnylovestiramisu]

Hmm actually this should not be a pointer. It should be consistent of the AllocatedResourceStatus

[msau42]

New fields in existing stucts:
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#optional-vs-required

[msau42]

We also want to add the "VolumeAttributesModifying" condition based on this discussion with @gnufied #4298 (comment)

[sunnylovestiramisu]

Why do we need a modifying? We cannot just say "Err but we are retrying" in the messaging?

[gnufied]

How does an operator that is possibly monitoring the pvc knows volume is being modified or not? By regexp. for message on the condition? Seems fragile.

[carlory]

If we don't want to distinct the ControllerModifyVolume and XXXModifyVolume, Is it possible to drop the Controller prefix in the ModifyVolumeStatus description?

[sunnylovestiramisu]

It is already dropped in the newest revision?

[carlory]

the ControllerModifyVolume word still exists in L197 and L201

[msau42]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: msau42, sunnylovestiramisu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• keps/sig-storage/OWNERS [msau42]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment