Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for in-tree PV Deletion protection finalizer #108400

Merged
merged 1 commit into from
Mar 11, 2022
Merged

Support for in-tree PV Deletion protection finalizer #108400

merged 1 commit into from
Mar 11, 2022

Conversation

deepakkinni
Copy link
Member

@deepakkinni deepakkinni commented Feb 28, 2022
edited

What type of PR is this?

/kind feature
/sig storage

What this PR does / why we need it:

Support for in-tree volume deletion protection as a part of kubernetes/enhancements#2644

Which issue(s) this PR fixes:

Fixes # kubernetes/enhancements#2644

Special notes for your reviewer:

Testing done:

  1. Verified that the new finalizer kubernetes.io/pv-controller is present on the PV
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pvc-2f355c16-1c7d-445c-8620-38d2b002118a
  uid: 6ba5d724-7e4d-4bf7-99f1-2cd9cbc3512f
  resourceVersion: '169754'
  creationTimestamp: '2022-03-03T23:04:37Z'
  annotations:
    kubernetes.io/createdby: vsphere-volume-dynamic-provisioner
    pv.kubernetes.io/bound-by-controller: 'yes'
    pv.kubernetes.io/provisioned-by: kubernetes.io/vsphere-volume
  finalizers:
    - kubernetes.io/pv-controller
    - kubernetes.io/pv-protection
status:
  phase: Bound
spec:
  capacity:
    storage: 1Gi
  vsphereVolume:
    volumePath: >-
      [vsanDatastore]
      6a492162-5521-98f4-6007-0200406001ba/kubernetes-dynamic-pvc-2f355c16-1c7d-445c-8620-38d2b002118a.vmdk
    fsType: ext4
    storagePolicyName: vSAN Default Storage Policy
    storagePolicyID: aa6d5a82-1c88-45da-85d3-3d74b91a5bad
  accessModes:
    - ReadWriteOnce
  claimRef:
    kind: PersistentVolumeClaim
    namespace: default
    name: vcp-pvc-1
    uid: 2f355c16-1c7d-445c-8620-38d2b002118a
    apiVersion: v1
    resourceVersion: '169688'
  persistentVolumeReclaimPolicy: Delete
  storageClassName: vcp-sc
  volumeMode: Filesystem
  1. Verified that deleting the pv first followed by deleting the PVC results in the disk being removed from the underlying storage.

Does this PR introduce a user-facing change?

Support in-tree PV deletion protection finalizer.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/pull/3181

Signed-off-by: Deepak Kinni dkinni@vmware.com

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. sig/storage Categorizes an issue or PR as relevant to SIG Storage. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 28, 2022
@k8s-ci-robot
Copy link
Contributor

@deepakkinni: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-priority Indicates a PR lacks a `priority/foo` label and requires one. sig/apps Categorizes an issue or PR as relevant to SIG Apps. labels Feb 28, 2022
@deepakkinni deepakkinni force-pushed the in_tree_protect_v1 branch 3 times, most recently from cae69af to 655653a Compare March 2, 2022 20:55
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 2, 2022
@deepakkinni
Copy link
Member Author

/retest

1 similar comment
@deepakkinni
Copy link
Member Author

/retest

@deepakkinni deepakkinni changed the title [WIP]Support for in-tree PV Deletion protection finalizer Support for in-tree PV Deletion protection finalizer Mar 3, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 3, 2022
@deepakkinni
Copy link
Member Author

/assign @jsafrane @xing-yang

jsafrane
jsafrane reviewed Mar 9, 2022
View reviewed changes
Copy link
Member

@jsafrane jsafrane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also miss an e2e test for this feature - can it be tested with a hostpath volume?

pkg/controller/volume/persistentvolume/pv_controller.go Outdated Show resolved Hide resolved
pkg/controller/volume/persistentvolume/pv_controller_test.go Show resolved Hide resolved
@jsafrane
Copy link
Member

Now that I think about an e2e test, maybe iSCSI or NFS might be a better choice. We don't support deletion of these volumes in-tree. Hence, create a PV that looks like iSCSI, but it does not need to represent any actual volume (and don't use it in a Pod). Set its ReclaimPolicy to Delete or Retain, check it gets the finalizer, delete it, check it's not deleted (Delete policy) / it is deleted (Retain) and that could be it for the "easy" cases.

The hard case is to ensure that if user deletes a PV, the finalizer is removed after PV controller / external-provisioner deletes the corresponding volume. Hence you need a way how to check the volume is really deleted. We don't have a good way how to do it. For CSI, HostPath CSI driver + deletion hooks could work, for in-tree I don't see an easy way.

It can be in a separate PR.

Support for in-tree PV Deletion protection finalizer
d37f14d 
Signed-off-by: Deepak Kinni <dkinni@vmware.com>
@deepakkinni
Copy link
Member Author

deepakkinni commented Mar 11, 2022
edited

It can be in a separate PR.

Thanks, it's a bit more complicated than I anticipated, will have the tests in a separate PR. This PR will have only the unit tests.

@jsafrane
Copy link
Member

/lgtn
/approve

@jsafrane
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 11, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deepakkinni, jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 11, 2022
@k8s-ci-robot k8s-ci-robot merged commit 370b7cc into kubernetes:master Mar 11, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.24 milestone Mar 11, 2022
@tengqm tengqm mentioned this pull request Mar 18, 2022
Merged
@github-actions github-actions bot mentioned this pull request Mar 22, 2022
Open
xing-yang
xing-yang reviewed Mar 25, 2022
View reviewed changes
pkg/features/kube_features.go
@@ -943,7 +944,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
JobMutableNodeSchedulingDirectives: {Default: true, PreRelease: featuregate.Beta},
IdentifyPodOS: {Default: false, PreRelease: featuregate.Alpha},
PodAndContainerStatsFromCRI: {Default: false, PreRelease: featuregate.Alpha},
HonorPVReclaimPolicy: {Default: false, PreRelease: featuregate.Alpha},
HonorPVReclaimPolicy: {Default: false, PreRelease: featuregate.Beta},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jsafrane This is not enabled by default? I thought only an API object is subject to this new change that Beta means disabled by default.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is from the email announcing Beta API off by default: https://groups.google.com/a/kubernetes.io/g/dev/c/tkzbBcS0JI8
Beta feature gates remain on by default and beta fields on stable APIs remain on by default.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you're right, it should be enabled by default. @deepakkinni, can you please fix it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I'll work on it.

@deepakkinni deepakkinni mentioned this pull request Mar 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xing-yang xing-yang xing-yang left review comments

@jsafrane jsafrane jsafrane left review comments

@msau42 msau42 Awaiting requested review from msau42

@thockin thockin Awaiting requested review from thockin

Assignees

@xing-yang xing-yang

@jsafrane jsafrane

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.24
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@deepakkinni @k8s-ci-robot @jsafrane @xing-yang