Add admission controller for default storage class. #30900
Conversation
The admission controller adds a default class to PVCs that do not require any specific class. This way, users (=PVC authors) do not need to care about storage classes, administrator can configure a default one and all these PVCs that do not care about class will get the default one.
jsafrane
added
sig/storage
jsafrane
changed the title
jsafrane
added
the
do-not-merge
k8s-github-robot
added
the
size/L
|
Marking as do-not-merge, I actually did not test if it works, will do that tomorrow. Volunteers are welcome. |
|
@erictune @derekwaynecarr I have no hands-on experience with admission controllers, so I have no idea if this follows established conventions |
| const classAnnotation = "volume.beta.kubernetes.io/storage-class" | ||
|
|
||
| // This indicates that a particular StorageClass nominates itself as the system default. | ||
| const isDefaultAnnotation = "storage-class.beta.kubernetes.io/isDefaultClass" |
There was a problem hiding this comment.
should be something like storageclass.beta.kubernetes.io/is-default-class - my bad, sorry
|
If we do this we should probably link it into the set of admissions used by default. |
|
and will need at least basic e2e |
| ) | ||
|
|
||
| const ( | ||
| PluginName = "SimplePersistentVolumeClaimDefault" |
There was a problem hiding this comment.
I would prefer the plug-in have a name that associates it with managing default storage class. As a result, can we have "StorageClass" somewhere in the name and the plugin pkg?
There was a problem hiding this comment.
IMO it does not really manage StorageClasses, it maniplulates PVCs only, ergo the persistentvolumeclaim package.
Renamed to SimpleDefaultStorageClassForPVC. There may be different defaulting policies later, this one is called Simple.
|
Added a number of comments, poke when more review is needed. |
|
Suggest not allowing user to change the storage class once PVC is created. On Thu, Aug 18, 2016 at 2:07 PM, Derek Carr notifications@github.com
|
Ack, however, the class is just an annotation now. I will add a validator to check for this when we have a real PVC.Spec.Class attribute. |
jsafrane
force-pushed
the
pvc-admission
branch
from
0fb0c07 to
e768d07
Compare
|
Addressed feedback. TODO:
|
jsafrane
changed the title
jsafrane
removed
the
do-not-merge
|
Tested manually, works as expected. |
|
@derekwaynecarr, are there any e2e tests for admission controllers? And what if someone installs a cluster without the admission controller that is being tested? I noticed only some |
jsafrane
force-pushed
the
pvc-admission
branch
from
e768d07 to
395e9ea
Compare
| ) | ||
|
|
||
| const ( | ||
| PluginName = "SimpleDefaultStorageClassForPVC" |
There was a problem hiding this comment.
I know I am arguing with Derek, but I don't think this is just about PVC. It just happens that PVC is the only thing attached to storage class today. If there were some other object that needed a storage class, and the cluster admin wanted to use this simple mode of defaulting, it would be weird to have different defaults for the other (hypothetical) thing.
I think it's a minor point but this name is over-precise. I won't block on it, but i think it was better before :)
There was a problem hiding this comment.
So, assuming that this plugin will put default storage class into several hypothetical objects,
- it should be named just
DefaultStorageClass(even withoutSimple) - it should reside in
storageclassdirectory, not inpersistentvolumeclaim.
I'll add an extra commit for this, just in case we'd like to revert back.
|
We need to discuss multi-zone and how we distribute PVs across zones when end users are not aware of storageClasses. |
| if len(defaultClasses) == 0 { | ||
| return nil, nil | ||
| } | ||
| if len(defaultClasses) > 1 { |
There was a problem hiding this comment.
could we have many default classes and perhaps this admission controller round-robins between them?
There was a problem hiding this comment.
Talk to Erin :)
On Fri, Aug 19, 2016 at 9:38 AM, Mark Turansky notifications@github.com
wrote:
In plugin/pkg/admission/persistentvolumeclaim/default/admission.go
#30900 (comment)
:
- defaultClasses := []*extensions.StorageClass{}
- for _, c := range store.List() {
class, ok := c.(*extensions.StorageClass)if !ok {return nil, errors.NewInternalError(fmt.Errorf("error converting stored object to StorageClass: %v", c))}if class.Annotations[isDefaultAnnotation] == "true" {defaultClasses = append(defaultClasses, class)glog.V(4).Infof("getDefaultClass added: %s", class.Name)}- }
- if len(defaultClasses) == 0 {
return nil, nil- }
- if len(defaultClasses) > 1 {
could we have many default classes and perhaps this admission controller
round-robins between them?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/kubernetes/kubernetes/pull/30900/files/395e9eac70fc10735c7f5bf246331244343f6b46#r75512939,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFVgVHOhHDJiHjkq-7fzEZ5MxF4uFxyFks5qhdvrgaJpZM4JntWR
.
|
We have conflicting requirements. If a user asks for a PVC and we default a) assert num_default_classes === 1 I initially argued for (b). Erin Boyd talked me down. I can see arguments If you need to create a per-zone gold, maybe you should also create a On Fri, Aug 19, 2016 at 9:35 AM, Mark Turansky notifications@github.com
|
|
Having our OpenShift Online multi-zone requirements in mind, I would have argued for (b) with you :) As it is, a single default class won't work for multi-zone, AFAICT. is there something I am missing? |
|
Use Case: Google Container Engine / OpenShift Online both have clusters spanning 10 zones. Admins want to rely on Kube to spread pods across 10 zones, but EBS/GCEPDs are created within single zones. The scheduler makes sure a pod ends up in the right zone according to its storage.
How do we resolve this and spread PVs across all zones equally? |
|
ok, i missed the bit of code that choses a zone from all the available zones if none is configured in a storageClass :) My concerns were misplaced. |
jsafrane
force-pushed
the
pvc-admission
branch
from
395e9ea to
c57b3f5
Compare
|
Renamed to |
jsafrane
force-pushed
the
pvc-admission
branch
from
c57b3f5 to
5f6efef
Compare
|
GCE e2e build/test passed for commit 5f6efef. |
| } | ||
|
|
||
| // This is a stand-in until we have a real field. This string should be a const somewhere. | ||
| const classAnnotation = "volume.beta.kubernetes.io/storage-class" |
There was a problem hiding this comment.
isn't this already a const in another package?
|
I am satisfied. There are a couple nits from other folks. I'm going to LGTM this and if we lose the race with the bot, we can followup. +lgtm Reviewed 23 of 23 files at r4. plugin/pkg/admission/storageclass/default/admission.go, line 109 [r1] (raw file):
|
thockin
added
the
lgtm
|
@jsafrane - can you send a follow-on PR to document this admission controller here: https://github.com/kubernetes/kubernetes.github.io/blob/master/docs/admin/admission-controllers.md Thanks! |
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e build/test passed for commit 5f6efef. |
|
Automatic merge from submit-queue |
|
@derekwaynecar: filled kubernetes/website#1064 |
The admission controller adds a default class to PVCs that do not require any
specific class. This way, users (=PVC authors) do not need to care about
storage classes, administrator can configure a default one and all these PVCs
that do not care about class will get the default one.
The marker of default class is annotation "volume.beta.kubernetes.io/storage-class", which must be set to "true" to work. All other values (or missing annotation) makes the class non-default.
Based on @thockin's code, added tests and made it not to reject a PVC when no class is marked as default.
.
@kubernetes/sig-storage
This change is