New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSI - API Changes for Pod Inline Volume Support #67452
CSI - API Changes for Pod Inline Volume Support #67452
Conversation
title says WIP - is it still WIP? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small things
pkg/apis/core/types.go
Outdated
// Optional: The value to pass to ControllerPublishVolumeRequest. | ||
// Defaults to false (read/write). | ||
// +optional | ||
ReadOnly bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All optional fields should be pointers or nil-able types (maps, slices)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK thanks, will change.
pkg/apis/core/types.go
Outdated
// +optional | ||
FSType string | ||
|
||
// Attributes of the volume to publish. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you expand this? What is done with them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will update the comment.
pkg/apis/core/types.go
Outdated
// Filesystem type to mount. | ||
// Must be a filesystem type supported by the host operating system. | ||
// Ex. "ext4", "xfs", "ntfs". | ||
// +optional |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Default is auto-detect. If not formatted the FS will be chosen by the node." ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Default is auto-detect. If not formatted the FS will be chosen by the node."
I see this quoted, Where is this from ?
Also, for CSI, fstype is passed as-is delegating its interpretation to the CSI driver.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I meant you need to document what the default is when a user doesn't specify, and that the default shouldn't be defined as a particular FS but as "the system will choose for you".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will fix
type CSIVolumeSource struct { | ||
// Driver is the name of the driver to use for this volume. | ||
// Required. | ||
Driver string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need to add quota (ok as followup) on this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quota
is not currently part of CSI but can certainly be a follow up item.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replies to Tim comments.
type CSIVolumeSource struct { | ||
// Driver is the name of the driver to use for this volume. | ||
// Required. | ||
Driver string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quota
is not currently part of CSI but can certainly be a follow up item.
pkg/apis/core/types.go
Outdated
// Optional: The value to pass to ControllerPublishVolumeRequest. | ||
// Defaults to false (read/write). | ||
// +optional | ||
ReadOnly bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK thanks, will change.
pkg/apis/core/types.go
Outdated
// Filesystem type to mount. | ||
// Must be a filesystem type supported by the host operating system. | ||
// Ex. "ext4", "xfs", "ntfs". | ||
// +optional |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Default is auto-detect. If not formatted the FS will be chosen by the node."
I see this quoted, Where is this from ?
Also, for CSI, fstype is passed as-is delegating its interpretation to the CSI driver.
I'm trying to keep track of PRs that need re-review. This one has unresolved comments. |
FYI @vladimirvivien #67803 has merged. Feel free to rebase. That PR did not include the generateVolumeHandle API. We can do that in a follow up PR (and slip it to next release, if needed). |
@thockin I addressed the comments and update the code. |
pkg/apis/core/types.go
Outdated
// This field is optional, and may be empty if no secret is required. If the | ||
// secret object contains more than one secret, all secrets are passed. | ||
// +optional | ||
ControllerPublishSecretRef *SecretReference |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@liggitt Ok with inline CSI volumes being able to specify namespace and name of a secret?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd expect references inside a namespaced object to only be in that namespace (like all other secret references). Same comment applies for NodeStageSecretRef and NodePublishSecretRef)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
other inline volume sources (like ScaleIOVolumeSource, StorageOSVolumeSource, CephFSVolumeSource, etc) use *LocalObjectReference
for this, where the namespace is implicitly the namespace of the pod
@@ -1570,6 +1573,59 @@ type CSIPersistentVolumeSource struct { | |||
NodePublishSecretRef *SecretReference | |||
} | |||
|
|||
// Represents a source location of a volume to mount, managed by an external CSI driver | |||
type CSIVolumeSource struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vladimirvivien is the code implementing this API going to be in a separate PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@saad-ali yes, will publish a separate PR link for impl. Apologies for additional work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok I see it: #68232
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey guys. So, I think this is a pattern we need to do less of. Getting an API in with no implementation is always going to be riskier than putting them together. Getting a review on API before implementing is fine, but I think we want to merge them together.
pkg/apis/policy/types.go
Outdated
@@ -232,6 +232,10 @@ type PodSecurityPolicySpec struct { | |||
// Empty or nil indicates that only the DefaultProcMountType may be used. | |||
// +optional | |||
AllowedProcMountTypes []api.ProcMountType | |||
// AllowedCSIDrivers is a whitelist of allowed CSI drivers. This slice will be checked |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this clarify that it's only limiting inline csi drivers (and not pv.csi drivers)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be a way to whitelist any CSI driver, not just inline.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If that's the case, then I think we may need two separate fields, one for inline and one for PV. For example, we want to allow gce PD CSI driver as a PV, but disallow it as inline because a lot of functionality won't work inline.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whether it will work or not is not the point of PSP. you can specify driver names that don't even exist in a CSI PV today, and it fails at the point of calling the driver, correct?
PSP is about explicitly whitelisting which drivers a user is allowed to reference
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@msau42 to reduce complexity, the meaning of the PSP is simply a list of allowed CSI drivers here. Capabilities such as inline/attached etc is exposed in the CSIInfo
object. We can refine its interpretation in upcoming release.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is PSP validated at admission time and/or runtime? I thought that today we cannot have PV validation in PSP because of cross-object validation and the PV may not exist yet
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Admission time. PSP only applies to pods, so this would only restrict inline CSI volume sources
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is an alpha feature, it needs a feature gate, and the api fields need to be dropped when the feature gate is not enabled.
allErrs = append(allErrs, validateCSIVolumeSource(source.CSI, fldPath.Child("csi"))...) | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If feature is disabled, should validation reject the object? Accepting it without validation seems like a bad idea.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@saad-ali not quite following you.
If feature is enabled, only then the object is validated because when the feature is not enabled, the object (VolumeSource.CSI
) is cleared as nil (see https://github.com/kubernetes/kubernetes/blob/19be94c88bec6b3cd5983e3f7a468b1e7b30c8bb/pkg/api/pod/util.go#L342)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that is correct, but as described in #67452 (comment), also checking in validation ensured that if the PrepareForCreate/PrepareForUpdate check is removed or skipped, validation prevents alpha data from being persisted when the feature is not enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just in case the field drop doesn't work, it would be good to return an error in validation if CSI is also set and the feature is off.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/test pull-kubernetes-e2e-gke |
/test pull-kubernetes-e2e-gce-device-plugin-gpu |
/test pull-kubernetes-e2e-gke |
/test pull-kubernetes-e2e-gke |
3 similar comments
/test pull-kubernetes-e2e-gke |
/test pull-kubernetes-e2e-gke |
/test pull-kubernetes-e2e-gke |
/test pull-kubernetes-e2e-gke |
/test pull-kubernetes-integration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
// Namespace of the pod with in-line volume. It is used to resolve | ||
// references to Secrets in VolumeSource. | ||
// Required. | ||
Namespace string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry if I missed the conversation around this. But just to verify, specifying the namespace here is considered safe because VolumeAttachment
should only be created by kube-controller-manager
right? CC @liggitt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just to verify, specifying the namespace here is considered safe because VolumeAttachment should only be created by kube-controller-manager right? CC @liggitt
Yes, InlineVolumeSource is only used in VolumeAttachmentSource inside VolumeAttachment, which is a cluster-scoped object. Normal namespace-constrained users don't have write permission to VolumeAttachment objects.
It contains a denormalized copy of the VolumeSource field from a pod, along with the recorded namespace of the pod (since all the resource references inside the v1.VolumeSource implicitly refer to the namespace of the pod, but that information is not available when the volume source is copied up the a cluster-level object).
/test pull-kubernetes-integration |
/test pull-kubernetes-e2e-gke |
1 similar comment
/test pull-kubernetes-e2e-gke |
/test pull-kubernetes-e2e-gke |
@@ -1570,6 +1573,59 @@ type CSIPersistentVolumeSource struct { | |||
NodePublishSecretRef *SecretReference | |||
} | |||
|
|||
// Represents a source location of a volume to mount, managed by an external CSI driver | |||
type CSIVolumeSource struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey guys. So, I think this is a pattern we need to do less of. Getting an API in with no implementation is always going to be riskier than putting them together. Getting a review on API before implementing is fine, but I think we want to merge them together.
@@ -39,6 +40,13 @@ import ( | |||
utilfeature "k8s.io/apiserver/pkg/util/feature" | |||
) | |||
|
|||
const ( | |||
csiDriverNameRexpFmt = `^[a-zA-Z0-9][-a-zA-Z0-9_.]{0,61}[a-zA-Z-0-9]$` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This requires at least 2 letters - is that the correct spec? Or is it something like
^[a-zA-Z0-9]([-a-zA-Z0-9_.]{0,61}[a-zA-Z-0-9])?$
@@ -164,8 +164,37 @@ func validateAttacher(attacher string, fldPath *field.Path) field.ErrorList { | |||
// validateSource tests if the source is valid for VolumeAttachment. | |||
func validateVolumeAttachmentSource(source *storage.VolumeAttachmentSource, fldPath *field.Path) field.ErrorList { | |||
allErrs := field.ErrorList{} | |||
if source.PersistentVolumeName == nil || len(*source.PersistentVolumeName) == 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Strictly speaking there's no way to convert a field from required to optional and be rollback-safe. This is kind of a problem. Any creative ideas here?
@vladimirvivien: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/close |
@spiffxp: Closing this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it:
This PR introduces the changes needed in the API to support inline volume for pods using CSI drivers. Detail can be found in feature kubernetes/enhancements#596
/sig storage