Changed admission controller to allow volume expansion for all volume plugins #66780
Conversation
… plugins There are two motivations for this change: (1) CSI plugins are soon going to support volume expansion. For such plugins, admission controller doesn't know whether the plugins are capabale of supporting volume expansion or not. (2) Currently, admission controller rejects PVC updates for in-tree plugins that don't support volume expansion (e.g., NFS, iSCSI). This change allows external controllers to expand volumes similar to how external provisioners operate.
k8s-ci-robot
added
the
release-note
k8s-ci-robot
added
the
sig/storage
k8s-ci-robot
added
the
size/L
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
cncf-cla: no
|
/ok-to-test |
k8s-ci-robot
added
cncf-cla: yes
|
you made need to run hack/update-bazel.sh |
|
@wongma7 @kangarlou it should be possible to reject the volume resize request in |
|
@gnufied That's actually how I implemented the code first; however, that complicated the unit tests for |
|
/retest |
|
@gnufied @wongma7 The tests seem to be passing now. I'll squash the commits if everyone is ok with the current implementation. I agree having the same logic to check valid plugins in two controllers isn't ideal, but short of a major refactoring, I don't see a better solution. Implementing this logic inside One outstanding question is whether we should use a single generic event (e.g., |
There was a problem hiding this comment.
I do no see why we can't just stop volume/pod from being added to resizemap inside AddPVCUpdate. Initializing volume plugin manager in tests is not very difficult. For example - https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kubelet_test.go#L322
Also - preferably - we should not implement VolumeHost interface again for pvc populator.
| kubeClient: kubeClient, | ||
| } | ||
| return populator | ||
| if err := populator.volumePluginMgr.InitPlugins(plugins, nil, populator); err != nil { |
There was a problem hiding this comment.
Is there any advantage over initializing plugin manager here again rather than just passing the one that already has been initialzied in expand_controller ?
There was a problem hiding this comment.
@gnufied govet doesn't like passing volumePluginMgr as an argument (see the first commit in my PR) because it results in passing a lock by value:
2018/07/30 19:02:56 Code for OpenAPI definitions generated
# k8s.io/kubernetes/pkg/controller/volume/expand
pkg/controller/volume/expand/expand_controller.go:145: call of NewPVCPopulator copies lock value: k8s.io/kubernetes/pkg/volume.VolumePluginMgr contains sync.Mutex
pkg/controller/volume/expand/pvc_populator.go:64: NewPVCPopulator passes lock by value: k8s.io/kubernetes/pkg/volume.VolumePluginMgr contains sync.Mutex
pkg/controller/volume/expand/pvc_populator.go:71: literal copies lock value from volumePluginMgr: k8s.io/kubernetes/pkg/volume.VolumePluginMgr contains sync.Mutex
make[1]: *** [vet] Error 1
PVC populator implementing the VolumeHost interface is precisely to handle this situation. As I said, I'm not a fan of code duplication, but this is a side-effect of the original implementation where we have two controllers more or less doing the same job.
There was a problem hiding this comment.
Can this not be worked around by passing the volume plugin manager as a pointer rather than by value?
| @@ -30,4 +30,5 @@ const ( | |||
| ProvisioningCleanupFailed = "ProvisioningCleanupFailed" | |||
| ProvisioningSucceeded = "ProvisioningSucceeded" | |||
| WaitForFirstConsumer = "WaitForFirstConsumer" | |||
| ExternalExpanding = "ExternalExpanding" | |||
There was a problem hiding this comment.
I think ExternalExpanding is bit vague. Can we rename this to something like VolumeResizePending or VolumeExpansionPending ? Once a external controller picks up the PVC it can go ahead and finish the process.
There was a problem hiding this comment.
ExternalProvisioning is the same, I prefer ExternalExpanding for consistency. VolumeResizePending wouldn't tell you kubernetes is just waiting for an external actor to do something, so the user wouldn't know who to blame
There was a problem hiding this comment.
Yeah I see your point. It can go either way. I am not sure if ExternalProvisioning name makes sense either. Kubernetes can not know for sure that a volume is being externally provisioned or resized. All it knows is - it can't do this itself.
There was a problem hiding this comment.
I also went for consistency. This is how events stack up for externally provisioned volumes after my changes:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ExternalProvisioning 44s persistentvolume-controller waiting for a volume to be created, either by external provisioner "netapp.io/trident" or manually created by system administrator
Normal ProvisioningSuccess 36s netapp.io/trident Kubernetes frontend provisioned a volume and a PV for the PVC.
Normal ExternalExpanding 14s volume_expand Ignoring the PVC: didn't find a plugin capable of expanding the volume; waiting for an external controller to process this PVC.
Mounted By: <none>
|
@gnufied Good idea regarding passing |
| glog.V(3).Infof("Ignoring the PVC %q (uid: %q) : %v.", | ||
| strings.JoinQualifiedName(pvc.GetNamespace(), pvc.GetName()), | ||
| pvc.UID, err) | ||
| continue |
There was a problem hiding this comment.
Can we make a util function or something out of this?
There was a problem hiding this comment.
Done. Please see the third commit.
|
/retest |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
@kangarlou can you please squash your commits? |
k8s-ci-robot
removed
the
lgtm
|
@gnufied squashed and rebased. Thanks! |
|
/retest |
|
/assign @derekwaynecarr |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/retest |
|
/approve /assign @deads2k @derekwaynecarr |
|
/retest |
|
The admission chain change removes the protection for plugins which don't have this ability. I'd like to see that in the release note. Otherwise, assuming reasonable status reporting in the controller, this ought to be ok. /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, gnufied, jsafrane, kangarlou The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Thanks @deads2k. Yes, the PR moves the checks for unsupported plugins from admission controller to the two controllers that handle volume resize. These controllers log proper error messages and set the right events on PVCs. |
|
/retest |
|
Automatic merge from submit-queue (batch tested with PRs 66780, 67330). If you want to cherry-pick this change to another branch, please follow the instructions here. |
|
@kangarlou: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
What this PR does / why we need it:
There are two motivations for this change:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #
Special notes for your reviewer:
This PR mimics the behavior of the PV controller when PVs are provisioned externally by logging and setting a new event for PVs that are being expanded externally. As SIG Storage is planning new types of operations on PVs, it may make more sense to a have a single event for all actions taken by external controllers.
Release note:
/sig storage
/assign @gnufied @jsafrane @wongma7