Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infrastructure volume not deleted if I delete the PV on AWS, Azure, GCP, OpenStack #57496

Closed
vlerenc opened this issue Dec 21, 2017 · 6 comments
Closed

Infrastructure volume not deleted if I delete the PV on AWS, Azure, GCP, OpenStack #57496

vlerenc opened this issue Dec 21, 2017 · 6 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. sig/storage Categorizes an issue or PR as relevant to SIG Storage.

Comments

@vlerenc
Copy link

vlerenc commented Dec 21, 2017

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

What happened: When I delete a PV, the backing infrastructure volume is not deleted (and the PVC turns to lost). Only if I delete the PVC that led to the PV and the backing infrastructure volume in the first place, all three entities, i.e. the PVC and PV in Kubernetes and the backing infrastructure volume are deleted.

What you expected to happen: If I delete a PV (which I did accidentally, which is why I never noticed this behaviour before), I expect it to delete the backing infrastructure volume, otherwise it becomes orphan, remains in the infrastructure and generates costs.

How to reproduce it (as minimally and precisely as possible):

kubectl create -f pvc.yaml
kubectl get pv
kubectl delete pv PV_NAME

I used the following super simple pvc.yaml:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: foobar
spec:
  storageClassName: default
  resources:
    requests:
      storage: 17Gi
  accessModes:
  - ReadWriteOnce

Console output:

$ k create -f pvc.yaml
persistentvolumeclaim "foobar" created

$ ka get pvc
NAMESPACE   NAME      STATUS    VOLUME                                     CAPACITY   ACCESSMODES   STORAGECLASS   AGE
default     foobar    Bound     pvc-03145d94-e5fc-11e7-994a-0a580af406f9   17Gi       RWO           default        3m

$ k get pv
NAME                                       CAPACITY   ACCESSMODES   RECLAIMPOLICY   STATUS    CLAIM            STORAGECLASS   REASON    AGE
pvc-03145d94-e5fc-11e7-994a-0a580af406f9   17Gi       RWO           Delete          Bound     default/foobar   default                  3m

$ k delete pv pvc-03145d94-e5fc-11e7-994a-0a580af406f9
persistentvolume "pvc-03145d94-e5fc-11e7-994a-0a580af406f9" deleted

$ k get pv
No resources found.

$ k get pvc
NAME      STATUS    VOLUME                                     CAPACITY   ACCESSMODES   STORAGECLASS   AGE
foobar    Lost      pvc-03145d94-e5fc-11e7-994a-0a580af406f9   0                        default        6m

Anything else we need to know?:
I had self-created vanilla Kubernetes clusters on AWS, Azure, GCP and OpenStack. It happened on all four infrastructures. Deleting the PVC always deleted itself, the PV and the backing infrastructure volume. Deleting the PV directly nowhere deleted the backing infrastructure volume.

Environment:

  • Kubernetes version (use kubectl version):
    • AWS, OpenStack: 1.8.4
    • Azure: 1.8.5
    • GCP: 1.8.2
  • Cloud provider or hardware configuration: See above.
  • OS (e.g. from /etc/os-release): CoreOS Container Linux
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Dec 21, 2017
@k8s-github-robot k8s-github-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Dec 21, 2017
@vlerenc
Copy link
Author

vlerenc commented Dec 21, 2017

/sig storage

@k8s-ci-robot k8s-ci-robot added the sig/storage Categorizes an issue or PR as relevant to SIG Storage. label Dec 21, 2017
@k8s-github-robot k8s-github-robot removed the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Dec 21, 2017
@mlmhl
Copy link
Contributor

mlmhl commented Dec 27, 2017

Hi @vlerenc , it is a intentional behavior to keep the backing infrastructure volume exist. Deleting the backing infrastructure volume is a dangerous operation because it may lead to data loss. Only when you create a PVC with dynamic volume provisioning mechanism and the ReclaimPolicy set to Delete, the backing infrastructure volume will be deleted after the PVC is deleted.

As you can see from your pvc.yaml, you use a storage class named default, and I guess its ReclaimPolicy must be Delete(which is the default value), so the PV and backing infrastructure volume are deleted after you delete the PVC.

You cane get a detailed description of dynamic volume provisioning from these docs:
StorageClass
PV reclaiming.
dynamic volume provisioning

@vlerenc
Copy link
Author

vlerenc commented Dec 27, 2017

Who am I to argue, but I find that surprising/misleading. If I delete a PV, I expect the backing volume to be gone. I am sure there are better ways to let the user control the behaviour. Also, e.g. Bosh keeps such disks for a few (configurable) days around and a GC deletes them after a grace period. The way PVs are implemented in Kubernetes right now, people don't even notice they have disks a.) with potentially sensitive data that they have forgotten about and b.) generating unintended costs.

I think discussions like #23032 prove the point, that the current behaviour is counter-intuitive.

Also, the above was only a shortcut. What I actually did at first was to delete the PVC, while its PV was mounted by a pod. Obviously, the backing volume couldn't be deleted, but the deletion of the PVC passed without an error. That surprised me. When I deleted the pod and then the PV I noticed nothing happened. By then Kubernetes had forgotten about the backing volume. Then I repeated the experiment, but this time I deleted the PV right away. This all makes no sense to me, especially if the idea is to bind the PV to the PVC. It is far to easy to end up in a situation with orphan volumes, at least for my liking.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 27, 2018
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 26, 2018
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. sig/storage Categorizes an issue or PR as relevant to SIG Storage.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@vlerenc @mlmhl @k8s-github-robot @k8s-ci-robot @fejta-bot