New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for volume populators #2482
Conversation
Skipping CI for Draft Pull Request. |
135d700
to
d5cd1db
Compare
978f486
to
2f72555
Compare
2f72555
to
e372782
Compare
e372782
to
825fedd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! Couple higher level comments for your consideration
// * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. | ||
// (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. | ||
// +optional | ||
DataSourceRef *corev1.TypedLocalObjectReference `json:"dataSourceRef,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not saying this is wrong, but it feels weird to me that the datavolume spec.source
will be unset when using this API. My assumption was that DataVolumeSource
would have a Populator
field.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I also like the idea of having a Populator
field but in practice I found it to be redundant. I have another semi-finished implementation where I add the new source so changing it wouldn't really be a problem, but I found some drawbacks:
- Since we are embedding the PVC spec into our Storage API, it makes sense to also embed the
DataSourceRef
field (it's already supported in the PVC API). We should then allow users to populate it, which would leave the source field useless. - By having a
Populator
source, we could allow users to specify the populator there in the same way as they'd do it on theDataSourceRef
field, and then copy it to the PVC spec. However, this would require additional validation in case both theDataSourceRef
andsource.Populator
fields are set without really providing any advantage. - The biggest drawback for me: We would basically allow to do the same thing in two different ways without any justification or real advantages, which in my opinion is an ugly practice. Having two ways to do the same thing would also require some slightly ugly logic in the datavolume-controller.
I still see some advantages: Having a Populator
source is easier to understand for users, and in practice, they'd probably be using that field instead of DataSourceRef
. Eventually, when we adopt populators as the main population method in CDI, we could just use that single Populator
source for all cases, which in my opinion is prettier than DataSourceRef
. Let me know what you think.
de82bb7
to
c5a97dd
Compare
/test pull-containerized-data-importer-fossa |
89fc0c6
to
a474c4e
Compare
/hold /approve cancel let's talk about how cross-namespace datasource support [1] affects this feature. Main problem I see is that when the DataVolume controller creates the PVC, the user context is lost and ReferenceGrants will be checked against DataVolume service account. [1] https://kubernetes.io/blog/2023/01/02/cross-namespace-data-sources-alpha/ |
per discussion in 01/16/2023 kubevirt-sig-storage meeting - we should explicitly forbid cross-namespace datasources until we figure out how to do authorization with user context in webhook. However, that cannot be implemented at the moment because it requires 1.26 k8s api (currently at 1.23). Updating to 1.26 may not be trivial and I don't think this PR should be gated on that though, since namespace datasource is alpha in 1.26. /hold cancel |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mhenriks The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@arnongilboa or @akalenyu want to make a final pass? |
a474c4e
to
ac60edf
Compare
…Source' API This commit introduces several changes into the datavolume external-population controller to improve its behavior when using the DataSource field. It also introduces minor fixes on the generic populator logic. Signed-off-by: Alvaro Romero <alromero@redhat.com>
Signed-off-by: Alvaro Romero <alromero@redhat.com>
ac60edf
to
b7c4809
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/test pull-containerized-data-importer-e2e-nfs |
/hold cancel |
What this PR does / why we need it:
This Pull Request enables the use of volume populators in CDI, so datavolume-owned PVCs can be populated using custom logic.
Populators can be now specified in the DV spec using the new
DataSourceRef
field, so, when a DataVolume is created with a populatedDataSourceRef
, the datavolume-controller creates the corresponding PVC accordingly, skipping all the population-related steps and controllers.You can check volume-populators-redesigned and volume-populators-beta for more information about external population of volumes.
Release note: