Provision vsphere volume as per zone

[skarthiksrinivas]

What type of PR is this?
/kind bug

What this PR does / why we need it:
Currently vsphere cloud provider (VCP) insists on provisioning a volume only on a globally shared datastore. Hence, in a zoned environment, even in presence of a shared datastore within a specific zone, the volume provisioning can fail if that datastore is not shared across all the zones hosting kubernetes nodes. This change fixes this issue by considering the zone information provided in allowedTopologies for selection of the datastore. If allowedTopologies is not provided, the current behaviour is retained as-is.
This PR addresses one part of issue #67703. The other part to attach zone labels to the created volumes is here - #72687
Which issue(s) this PR fixes:
Fixes #

Does this PR introduce a user-facing change?:
Yes

This change ensures that volumes get provisioned based on the zone information provided in allowedTopologies.

Storage class spec:
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: fastpolicy1
provisioner: kubernetes.io/vsphere-volume
parameters:
    diskformat: zeroedthick
    storagePolicyName: vSAN Default Storage Policy
allowedTopologies:
- matchLabelExpressions:
  - key: failure-domain.beta.kubernetes.io/zone
    values:
    - zone1

PV creation Logs:
I0109 11:17:52.321372       1 vsphere.go:1147] Starting to create a vSphere volume with volumeOptions: &{CapacityKB:1048576 Tags:map[kubernetes.io/created-for/pvc/namespace:default kubernetes.io/created-for/pvc/name:pvcsc-1-policy kubernetes.io/created-for/pv/name:pvc-34650c12-1400-11e9-aef4-005056804cc9] Name:kubernetes-dynamic-pvc-34650c12-1400-11e9-aef4-005056804cc9 DiskFormat:zeroedthick Datastore: VSANStorageProfileData: StoragePolicyName:vSAN Default Storage Policy StoragePolicyID: SCSIControllerType: Zone:[zone1]}
...
I0109 11:17:59.430113       1 vsphere.go:1334] The canonical volume path for the newly created vSphere volume is "[vsanDatastore] 98db185c-6683-d8c7-bc55-0200435ec5da/kubernetes-dynamic-pvc-34650c12-1400-11e9-aef4-005056804cc9.vmdk"

Ran regression tests (no zone) and they passed.

[k8s-ci-robot]

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If you signed the CLA as a corporation, please sign in with your organization's credentials at https://identity.linuxfoundation.org/projects/cncf to be authorized.
• If you have done the above and are still having issues with the CLA being reported as unsigned, please email the CNCF helpdesk: helpdesk@rt.linuxfoundation.org

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

Hi @skarthiksrinivas. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[skarthiksrinivas]

/cc @abrarshivani @SandeepPissay @divyenpatel

[frapposelli]

/ok-to-test

[frapposelli]

/sig vmware

[gnufied]

So if I understand this correctly, this feature does not uses NodeAffinity field of PVs and hence does not uses topology aware provisioning?

[skarthiksrinivas]

Yes. Your understanding is correct. The scope of this fix is limited to honouring the allowedTopologies zones during volume provisioning.

[gnufied]

So if I don't specify allowedTopology in my default storageClass and my nodes are spread across zones then it will basically result in PVCs which can not be used by pods. Previously - we blocked/errored out on volume provisioning altogether if datastore being used is not shared with all VMs (#72497). How does this interact with that bug?

[skarthiksrinivas]

The issue in #72497 is that volume provisioning will fail if there is no shared datastore available across all kubernetes node VMs. Now, with this change, by specifying allowedTopologies in SC, the volume provisioning can happen as long as there is a shared datastore available for the nodes within the zone.
There is no change in behaviour when allowedTopology is not specified. It will continue to work in the same way today, i.e by looking for shared datastore across all nodes and succeed or fail as the case is.

[gnufied]

Should use defer pattern?

[skarthiksrinivas]

Makes sense. Done.

[gnufied]

lets use defer if possible.

[skarthiksrinivas]

Done.

[gnufied]

Still not fixed.

[skarthiksrinivas]

My bad. Fixed the code to use defer pattern for all access to zoneInfoLock.

[skarthiksrinivas]

Addressed comments.

[k8s-ci-robot]

@skarthiksrinivas: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
pull-kubernetes-e2e-kops-aws	a7f8f66e9dbcc397251ad7c40f963c9735c628c1	link	/test pull-kubernetes-e2e-kops-aws

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[skarthiksrinivas]

/retest

[SandeepPissay]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: frapposelli, SandeepPissay, skarthiksrinivas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• pkg/cloudprovider/providers/vsphere/OWNERS [SandeepPissay,frapposelli]
• pkg/volume/vsphere_volume/OWNERS [SandeepPissay]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vladimirvivien]

@SandeepPissay will this be cherry picked to earlier k8s version ?

[frapposelli]

@vladimirvivien I believe this will not be backported.

/lgtm

[rhockenbury]

Does anyone know if there are plans to implement theWaitForFirstConsumer option for the volume binding mode for vsphere?

[frapposelli]

/lgtm

[frapposelli]

🎉

[tedyu]

Shouldn't this be ahead of the if block starting at line 1260 ?

[skarthiksrinivas]

Yes. That's correct. Thanks for pointing out. The current sequence makes this check a no-op. Fixed it. Have created a PR for this - #74263

[tedyu]

What's the effect of this call (I don't see assignment) ?

[skarthiksrinivas]

The last parameter in the this method call is an OUT parameter which will be set and that's how hostSystemMo gets assigned. However, this method returns error which is not processed in this step. I have fixed that now in the PR mentioned above.

[skarthiksrinivas]

Does anyone know if there are plans to implement theWaitForFirstConsumer option for the volume binding mode for vsphere?

Yes. We do have that task in the pipeline.