Add support for volume populators #2482
Conversation
|
Skipping CI for Draft Pull Request. |
kubevirt-bot
added
do-not-merge/work-in-progress
alromeros
force-pushed
the
dv-populator-support
branch
from
135d700
to
d5cd1db
Compare
alromeros
changed the title
alromeros
force-pushed
the
dv-populator-support
branch
from
978f486
to
2f72555
Compare
alromeros
force-pushed
the
dv-populator-support
branch
from
2f72555
to
e372782
Compare
alromeros
force-pushed
the
dv-populator-support
branch
from
e372782
to
825fedd
Compare
alromeros
changed the title
kubevirt-bot
added
release-note
| // * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. | ||
| // (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. | ||
| // +optional | ||
| DataSourceRef *corev1.TypedLocalObjectReference `json:"dataSourceRef,omitempty"` |
There was a problem hiding this comment.
I'm not saying this is wrong, but it feels weird to me that the datavolume spec.source will be unset when using this API. My assumption was that DataVolumeSource would have a Populator field.
There was a problem hiding this comment.
I also like the idea of having a Populator field but in practice I found it to be redundant. I have another semi-finished implementation where I add the new source so changing it wouldn't really be a problem, but I found some drawbacks:
- Since we are embedding the PVC spec into our Storage API, it makes sense to also embed the
DataSourceReffield (it's already supported in the PVC API). We should then allow users to populate it, which would leave the source field useless. - By having a
Populatorsource, we could allow users to specify the populator there in the same way as they'd do it on theDataSourceReffield, and then copy it to the PVC spec. However, this would require additional validation in case both theDataSourceRefandsource.Populatorfields are set without really providing any advantage. - The biggest drawback for me: We would basically allow to do the same thing in two different ways without any justification or real advantages, which in my opinion is an ugly practice. Having two ways to do the same thing would also require some slightly ugly logic in the datavolume-controller.
I still see some advantages: Having a Populator source is easier to understand for users, and in practice, they'd probably be using that field instead of DataSourceRef. Eventually, when we adopt populators as the main population method in CDI, we could just use that single Populator source for all cases, which in my opinion is prettier than DataSourceRef. Let me know what you think.
alromeros
force-pushed
the
dv-populator-support
branch
2 times, most recently
from
de82bb7
to
c5a97dd
Compare
kubevirt-bot
removed
the
needs-rebase
|
/test pull-containerized-data-importer-fossa |
kubevirt-bot
added
the
needs-rebase
alromeros
force-pushed
the
dv-populator-support
branch
2 times, most recently
from
89fc0c6
to
a474c4e
Compare
|
/hold /approve cancel let's talk about how cross-namespace datasource support [1] affects this feature. Main problem I see is that when the DataVolume controller creates the PVC, the user context is lost and ReferenceGrants will be checked against DataVolume service account. [1] https://kubernetes.io/blog/2023/01/02/cross-namespace-data-sources-alpha/ |
kubevirt-bot
added
do-not-merge/hold
|
per discussion in 01/16/2023 kubevirt-sig-storage meeting - we should explicitly forbid cross-namespace datasources until we figure out how to do authorization with user context in webhook. However, that cannot be implemented at the moment because it requires 1.26 k8s api (currently at 1.23). Updating to 1.26 may not be trivial and I don't think this PR should be gated on that though, since namespace datasource is alpha in 1.26. /hold cancel |
alromeros
requested review from
akalenyu,
mhenriks and
arnongilboa
and removed request for
mhenriks and
akalenyu
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mhenriks The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
@arnongilboa or @akalenyu want to make a final pass? |
alromeros
force-pushed
the
dv-populator-support
branch
from
a474c4e
to
ac60edf
Compare
…Source' API This commit introduces several changes into the datavolume external-population controller to improve its behavior when using the DataSource field. It also introduces minor fixes on the generic populator logic. Signed-off-by: Alvaro Romero <alromero@redhat.com>
Signed-off-by: Alvaro Romero <alromero@redhat.com>
alromeros
force-pushed
the
dv-populator-support
branch
from
ac60edf
to
b7c4809
Compare
|
/test pull-containerized-data-importer-e2e-nfs |
|
/hold cancel |
kubevirt-bot
removed
the
do-not-merge/hold
What this PR does / why we need it:
This Pull Request enables the use of volume populators in CDI, so datavolume-owned PVCs can be populated using custom logic.
Populators can be now specified in the DV spec using the new
DataSourceReffield, so, when a DataVolume is created with a populatedDataSourceRef, the datavolume-controller creates the corresponding PVC accordingly, skipping all the population-related steps and controllers.You can check volume-populators-redesigned and volume-populators-beta for more information about external population of volumes.
Release note: