Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix chown on distributed flex volumes (like gluster) #68680

Merged
merged 1 commit into from
Sep 26, 2018
Merged

Fix chown on distributed flex volumes (like gluster) #68680

merged 1 commit into from
Sep 26, 2018

Conversation

benoitf
Copy link
Contributor

@benoitf benoitf commented Sep 14, 2018
edited

What this PR does / why we need it:
FlexVolume mount operation is performing by default the change of volume ownership when fsGroup is provided.

volume.SetVolumeOwnership(f, fsGroup)

The problem is that when performing that on distributed volumes like a gluster volume, when mounting the volume into a pod, there is big chown operation running on all files on this volume.
For example, as we may always get the same volume for the same user, k8s is trying to perform a lot of chown operations . If there are few files on the volume it’s immediate but with like 5K files, etc it takes a huge time

With the provided patch, the driver capability fsGroup:false would skip that.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #68137

Release note:

Provides FSGroup capability on FlexVolume driver. It allows to disable the VolumeOwnership operation when volume is mounted

/sig-storage

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 14, 2018
@k8s-ci-robot k8s-ci-robot added sig/storage Categorizes an issue or PR as relevant to SIG Storage. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 14, 2018
chakri-nelluri
chakri-nelluri reviewed Sep 14, 2018
View reviewed changes
pkg/volume/flexvolume/driver-call.go Outdated
@@ -222,12 +222,14 @@ type DriverStatus struct {
type DriverCapabilities struct {
Attach bool `json:"attach"`
SELinuxRelabel bool `json:"selinuxRelabel"`
SupportsFSGroup bool `json:"supportsFSGroup"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets call this just FSGroup, similar to SELinuxRelabel & Attach.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chakri-nelluri fixed

@gnufied
Copy link
Member

gnufied commented Sep 14, 2018

/ok-to-test

@k8s-ci-robot k8s-ci-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Sep 14, 2018
chakri-nelluri
chakri-nelluri reviewed Sep 14, 2018
View reviewed changes
Copy link
Contributor

@chakri-nelluri chakri-nelluri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor comment.

@k8s-ci-robot k8s-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 14, 2018
@benoitf
Copy link
Contributor Author

benoitf commented Sep 14, 2018

/retest

@gnufied
Copy link
Member

gnufied commented Sep 14, 2018

Can you please add a release note to the PR?

@benoitf
Copy link
Contributor Author

benoitf commented Sep 14, 2018

Yes. Could you run again tests. I fixed comment

chakri-nelluri
chakri-nelluri reviewed Sep 14, 2018
View reviewed changes
pkg/volume/flexvolume/driver-call.go Outdated
@@ -222,12 +222,14 @@ type DriverStatus struct {
type DriverCapabilities struct {
Attach bool `json:"attach"`
SELinuxRelabel bool `json:"selinuxRelabel"`
FSGroup bool `json:"fSGroup"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*Nit - Please make it "fsGroup"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chakri-nelluri ok thanks, fixed

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Sep 14, 2018
@benoitf
Copy link
Contributor Author

benoitf commented Sep 14, 2018

@gnufied release notes added

@neolit123
Copy link
Member

/kind bug

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Sep 15, 2018
@gnufied
Copy link
Member

gnufied commented Sep 17, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 17, 2018
@gnufied
Copy link
Member

gnufied commented Sep 17, 2018

putting this one hold. So as @chakri-nelluri can have a final look before it merges.

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 17, 2018
@childsb childsb modified the milestone: v1.12 Sep 17, 2018
@chakri-nelluri
Copy link
Contributor

/lgtm

@chakri-nelluri
Copy link
Contributor

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 17, 2018
@childsb
Copy link
Contributor

childsb commented Sep 21, 2018

LGTM, but holding this for 1.13

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 25, 2018
@benoitf
Copy link
Contributor Author

benoitf commented Sep 25, 2018

FYI I rebased code due to conflicts after some other PRs have been merged

@gnufied
Copy link
Member

gnufied commented Sep 25, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 25, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: benoitf, chakri-nelluri, gnufied

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@benoitf
Copy link
Contributor Author

benoitf commented Sep 25, 2018

/retest

@k8s-ci-robot k8s-ci-robot merged commit c8f0af2 into kubernetes:master Sep 26, 2018
@benoitf benoitf mentioned this pull request Sep 26, 2018
Merged
@benoitf benoitf deleted the fix-chown branch September 26, 2018 07:29
@JohnStrunk JohnStrunk mentioned this pull request Sep 26, 2018
Closed
benoitf added a commit to benoitf/gluster-subvol that referenced this pull request Sep 27, 2018
@benoitf
Allow to skip fsGroup chown on kubernetes
deffad7 
With this patch it's possible to disable fsGroup
kubernetes/kubernetes#68680
it is also merged on OKD openshift/origin#21070 3.11.x

Fix gluster#23
@benoitf benoitf mentioned this pull request Sep 27, 2018
Merged
@l0rd l0rd mentioned this pull request Oct 3, 2018
Closed
@JohnStrunk JohnStrunk mentioned this pull request Jan 22, 2019
Closed
@ajackfox ajackfox mentioned this pull request Nov 14, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chakri-nelluri chakri-nelluri chakri-nelluri approved these changes

@jingxu97 jingxu97 Awaiting requested review from jingxu97

@saad-ali saad-ali Awaiting requested review from saad-ali

Assignees

@gnufied gnufied

@chakri-nelluri chakri-nelluri

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

kubernetes FLEX volumes should allow GID / selinux relabel calls from FLEX shell script
6 participants
@benoitf @gnufied @neolit123 @chakri-nelluri @childsb @k8s-ci-robot