Kubevirt CSI StorageClass mapping API

[davidvossel]

The KubeVirt CSI driver allows passthrough of storageclasses within the mgmt/infra cluster (the cluster hosting the VMs) into the guest cluster.

Today, by default people automatically get a kubevirt csi driver storage class in their guest cluster that maps to the default storageclass of the infra cluster.

This PR aims to give users more flexibility over this functionality by allowing users to passthrough multiple infra storageclasses into their guest cluster as well as disabling kubevirt csi entirely.

Examples

Default behavior of passing through default infra storageclass into guest cluster. This works today and will continue to work after this new API is introduced.

apiVersion: hypershift.openshift.io/v1beta1
kind: HostedCluster
.
.
.
  platform:
    type: KubeVirt

Disable kubevirt csi entirely

apiVersion: hypershift.openshift.io/v1beta1
kind: HostedCluster
.
.
.
  platform:
    type: KubeVirt
    kubevirt:
        storageDriver:
            type: None

Mapping infra storageclasses into guest

apiVersion: hypershift.openshift.io/v1beta1
kind: HostedCluster
.
.
.
  platform:
    type: KubeVirt
    kubevirt:
        storageDriver:
            type: Manual
            manual:
                storageClassMapping:
                    - infraStorageClassName: ceph-rdb
                      guestStorageClassName: kubevirt-rdb
                    - infraStorageClassName: ceph-fs
                      guestStorageClassName: kubevirt-fs

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidvossel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [davidvossel]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[netlify]

✅ Deploy Preview for hypershift-docs ready!

Name	Link
🔨 Latest commit	2e46670
🔍 Latest deploy log	https://app.netlify.com/sites/hypershift-docs/deploys/646bb9848a0ed60008981cea
😎 Deploy Preview	https://deploy-preview-2528--hypershift-docs.netlify.app/reference/api
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[mhenriks]

Other than the json naming I think it's probably fine as is but some minor suggestions mostly about naming.

[mhenriks]

json disable not Disable

[mhenriks]

Why is this needed? Why not just delete all mappings?

[davidvossel]

I was hoping we could get away with some default behavior if no mappings are set. So, a zero length mapping slice would result in a default storageclass in the guest that maps to the default infra storageclass.

The disable bool would opt out of all kubevirt csi behavior.

[mhenriks]

I think it would be best for this map (or something in status) to mirror what mappings actually exist. Also, instead of just a bool maybe an enum like None Default Explicit. Default could be Default and it would map the default storage class automatically. Explicit would be just what's in the map

Related question when mapping over the default storage class, what will it be named?

[davidvossel]

Related question when mapping over the default storage class, what will it be named?

right now, the guest magically gets a storageclass called kubevirt-csi-infra-default by default

[davidvossel]

think it would be best for this map (or something in status) to mirror what mappings actually exist. Also, instead of just a bool maybe an enum like None Default Explicit. Default could be Default and it would map the default storage class automatically. Explicit would be just what's in the map

I think an enum is a good idea here and makes this less confusing. I'll work with that a bit

[mhenriks]

json storageClassMapping

[mhenriks]

Finally, StorageDriver instead of CSIDriver

[mhenriks]

I like KubevirtStorageClassMapping or StorageClassMapping better but again whatever

[mhenriks]

I like KubevirtStorageDriverSpec better but whatever.

[davidvossel]

me too

[awels]

Agreed with Michael, and any reason we are also putting this in the alpha CR? if you just put it in the beta, it gives people motivation to use the beta version.

[davidvossel]

Agreed with Michael, and any reason we are also putting this in the alpha CR? if you just put it in the beta, it gives people motivation to use the beta version.

alpha and beta are mirrors of one another right now.

[awels]

Agreed with Michael, and any reason we are also putting this in the alpha CR? if you just put it in the beta, it gives people motivation to use the beta version.

alpha and beta are mirrors of one another right now.

Okay, so what is the point of having a beta if it is the same as alpha. I understand what is happening, we did the same thing for the longest time in CDI as well. I am just suggesting that is okay for beta to diverge from alpha, and it gives people motivation to use the beta version.

[davidvossel]

@mhenriks @awels updated.

[mhenriks]

Maybe KubevirtStorageDriverConfig? Especially if there may eventually be other stuff in here.

[davidvossel]

yep, fixed.

[mhenriks]

Correct me if I'm wrong, but it appears that the value of storageClassEnforcement becomes the value of the INFRA_STORAGE_CLASS_ENFORCEMENT environment variable for the CSI driver via the driver-config config map?

So changing the type/mapping will update the configmap. But that will have no effect on the driver once it is running. Is that "good enough?" Should the driver be changed read this configmap key as a file instead?

[davidvossel]

Yep, you understand it correctly.

Right now we're locked in to this enforcement config once the driver starts, and we can't change it. We weren't really thinking about how these values could potentially mutate when the kubevirt-csi functionality was added. It's likely I was under the impression it wouldn't be practical to change the StorageClass mappings after the driver starts, so I didn't even consider mutability then.

[mhenriks]

For my info, do you mind sharing how immutability is actually enforced here? I don't anything at the code/schema level in this pr that makes it possible. But I'm sure I'm missing something

[davidvossel]

fixed... Yeah i think something changed in the way the crd schema is built recently. I added a CEL validation to enforce all this immutability stuff, and it seems to work.

[mhenriks]

/lgtm

[mhenriks]

I wonder if only this validation is necessary? But I guess the others probably don't hurt

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD a3ebcaf and 2 for PR HEAD 2e46670 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD f03113a and 1 for PR HEAD 2e46670 in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 8861506 and 0 for PR HEAD 2e46670 in total

[openshift-ci-robot]

/hold

Revision 2e46670 was retested 3 times: holding

[davidvossel]

/test e2e-aws

[openshift-ci]

@davidvossel: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-ibmcloud-iks	2e46670	link	false	/test e2e-ibmcloud-iks
ci/prow/e2e-ibmcloud-roks	2e46670	link	false	/test e2e-ibmcloud-roks

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[davidvossel]

/test e2e-aws
/hold cancel