Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

postpone pv deletion if it is bound to a pvc #1608

Merged
merged 1 commit into from
Feb 8, 2018

Conversation

NickrenREN
Copy link
Contributor

@NickrenREN NickrenREN commented Jan 16, 2018

add finalizer to postpone pv deletion if it is bound to a pvc
xref: kubernetes/enhancements#499

/sig storage

/assign @pospispa

@k8s-ci-robot k8s-ci-robot added sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jan 16, 2018
@NickrenREN NickrenREN changed the title postpone pv deletion if it is bound by a pvc postpone pv deletion if it is bound to a pvc Jan 16, 2018

## Motivation

User can delete a Persistent Volume (PV) that is being used by a PVC. It may result in data loss.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: actually, only an admin can delete a PV. So this feature is for admins and doesn't affect ordinary users.

Copy link
Contributor Author

@NickrenREN NickrenREN Jan 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, thanks


### API Server, PV Admission Controller, PV Create:

A new plugin for PV admission controller will be created. The plugin will automatically add finalizer information into newly created PV's metadata, just like `PVC protection` does.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: IMO, a link to PVC Protection design or documentation may be useful.

Copy link
Contributor Author

@NickrenREN NickrenREN Jan 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, thanks, updated


### Add this logic to the existing PV controller instead of creating a new admission and protection controller
When we bind PV to PVC, we add finalizer for PV and remove finalizer when PV is no longer bound to a PVC.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add a part or the whole logic to the existing PVC Protection admission plugin and PVC Protection controller?

Copy link
Contributor Author

@NickrenREN NickrenREN Jan 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry for the unclear expression, this is not propose to add the logic to the existing PVC protection admission plugin and PVC Protection controller.
I am considering if we can add PV protection logic to the existing PV controller under the package pkg/controller/volume/persistentvolume.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your expression is clear. I understand that you're considering to extend PV Controller.
My question may have been better.
Anyway, in my opinion we should consider these options:

  1. extend PV controller.
  2. extend PVC Protection admission plugin and PVC Protection controller.

Copy link
Contributor Author

@NickrenREN NickrenREN Jan 16, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I talked with @jsafrane offline. He thinks if there is a big chunk of code that two controllers would share , we need to merge them.

  1. I do not think the existing PV controller shares much code with PV protection controller, so we do not need to bind them together;
  2. Since you want to move PVC protection to beta and i plan to add PV protection as alpha in 1.10, and also, they two will not share much code, so maybe we can implement them as two separate controller at first, if necessary, merge them later .
    WDYT.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking about the joining PV and PVC protection admission plugins together and the PV and PVC protection controllers together from a perspective of monolithic approach versus small programs communicating with each other approach.

AFAIK, Kubernetes is moving towards small core plus many controllers and plugins around approach. That's why joining PV and PVC protection admission plugins together and joining PV and PVC protection controllers together will go against this approach. So I'm against joining PV and PVC protection plugins/controllers together.

In case you find functions in PVC protection controller that are useful also for PV protection controller you can reuse them in PV protection controller anyway.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the end, I'd like to have one "library" or common code that anyone could use to protect X from deleting when Y with some attributes exists. One would use (not copy!) the library to protect PVCs when pod with pod.volumes[x].persistentVolumeClaim.name == PVC.name filling only the right informers and callbacks with checks. It can be after alpha, when we can see how this library code would look like.

@NickrenREN NickrenREN force-pushed the pv-protection branch 2 times, most recently from 47e9013 to 8864599 Compare January 16, 2018 12:56
@pospispa
Copy link

I have very limited knowledge of PV controller so I'm not able to review the proposed changes for PV controller. The rest looks good to me.

@NickrenREN
Copy link
Contributor Author

Thanks @pospispa , and @jsafrane any comments ?

@msau42
Copy link
Member

msau42 commented Jan 18, 2018

@kubernetes/sig-storage-proposals

@k8s-ci-robot k8s-ci-robot added the kind/design Categorizes issue or PR as related to design. label Jan 18, 2018
@jsafrane
Copy link
Member

One thing to consider is the admission plugin. We don't want extra admission plugin for each class of objects we want protect - they need to be explicitly mentioned on API server command line and it's hard to maintain.

I propose there is only one admission plugin, say StorageProtection (or ObjectProtection?) that handles both PV and PVC (depending on alpha feature gates).

In addition, I'd like to have only one feature gate. I hope the PV protection won't be much different from PVC protection and it could go directly to beta. What do you think?

Copy link
Member

@jsafrane jsafrane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good for alpha, for GA we need to consider merging the common parts into one package.


### API Server, PV Admission Controller, PV Create:

A new plugin for PV admission controller will be created. The plugin will automatically add finalizer information into newly created PV's metadata, just like [PVC protection](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/storage/postpone-pvc-deletion-if-used-in-a-pod.md) does.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please share the same admission plugin as PVC protection and rename it to something more general. It's tedious to maintain API server command line with list of all protection plugins that should run.


### Add this logic to the existing PV controller instead of creating a new admission and protection controller
When we bind PV to PVC, we add finalizer for PV and remove finalizer when PV is no longer bound to a PVC.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the end, I'd like to have one "library" or common code that anyone could use to protect X from deleting when Y with some attributes exists. One would use (not copy!) the library to protect PVCs when pod with pod.volumes[x].persistentVolumeClaim.name == PVC.name filling only the right informers and callbacks with checks. It can be after alpha, when we can see how this library code would look like.

@NickrenREN
Copy link
Contributor Author

It looks good for alpha, for GA we need to consider merging the common parts into one package.

yeah, we can implement PV protection at first, and then let's see if we need to merge them later

I propose there is only one admission plugin, say StorageProtection (or ObjectProtection?) that handles
both PV and PVC (depending on alpha feature gates).

Sounds good. What about StorageClass protection? should we add it too ?

In addition, I'd like to have only one feature gate. I hope the PV protection won't be much different from PVC protection and it could go directly to beta. What do you think?

I do not have a strong opinion on what version PV protection should be. But if PV protection goes directly to beta, feature gate is not needed since it is implemented for alpha features.
BTW: I am coding for the feature implementation, but not very sure if i can have enough time to write e2e tests for this feature this quarter, is it ok to let it go to beta ? or maybe alpha first ?

@jsafrane
Copy link
Member

What about StorageClass protection? should we add it too ?

I'd skip it for now. We might bring a table what needs to be protected to sig-storage.

But if PV protection goes directly to beta, feature gate is not needed since it is implemented for alpha features

Not really, admin can disable beta features if they're buggy or annoying.

@NickrenREN
Copy link
Contributor Author

I'd skip it for now. We might bring a table what needs to be protected to sig-storage.

Ok, agree, cool

Not really, admin can disable beta features if they're buggy or annoying.

oh, great to know it, thanks. so we can let it go to beta directly without e2e tests ?

@jsafrane
Copy link
Member

Regarding tests... As feature owner you're responsible that there are enough e2e tests to cover the feature. You don't need to write them, find someone else who writes them. There is a large community waiting for their first Kubernetes commit :-).

@NickrenREN
Copy link
Contributor Author

Ok, i will try to add e2e tests myself. If i really do not have enough time, will find someone to help me.
Thanks @jsafrane.

@liggitt
Copy link
Member

liggitt commented Jan 19, 2018

We don't want extra admission plugin for each class of objects we want protect - they need to be explicitly mentioned on API server command line and it's hard to maintain.

soon you will not need to maintain an explicit list of admission plugins on the command line. we're moving to a model where there is a default set of admission plugins, and you can enable things not in that default set if you want, or disable things in that set if you don't want them (kubernetes/kubernetes#58123)

k8s-github-robot pushed a commit to kubernetes/kubernetes that referenced this pull request Feb 2, 2018
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Postpone PV deletion with finalizer when it is being used

Postpone PV deletion if it is bound to a PVC

xref: kubernetes/community#1608


**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #33355

**Special notes for your reviewer**:

**Release note**:
```release-note
Postpone PV deletion when it is being bound to a PVC
```

WIP, assign to myself first

/assign @NickrenREN
@jsafrane
Copy link
Member

jsafrane commented Feb 2, 2018

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 2, 2018
@jsafrane
Copy link
Member

jsafrane commented Feb 2, 2018

/assign @saad-ali @childsb
for approval

@childsb
Copy link
Contributor

childsb commented Feb 2, 2018

This LGTM, but i'll leave it for @saad-ali to give any final comment/feedback.

k8s-github-robot pushed a commit to kubernetes/kubernetes that referenced this pull request Feb 3, 2018
Automatic merge from submit-queue (batch tested with PRs 55439, 58564, 59028, 59169, 59259). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

kubectl: Add Terminating state to PVs

kubectl shows PV `Terminating` status, just like Pod and [PVC](#55873)

**What this PR does / why we need it**:
We will postpone PV deletion if it is bound to a PVC, see #58743, so we may keep PV waiting for deletion for a longer time than before so users should know what is going on.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref: kubernetes/community#1608

**Special notes for your reviewer**:

**Release note**:
```release-note
NONE
```
/sig cli
/sig storage
/assign @jsafrane 

I tested this PR on my local host.
```
nickren@nickren-14:~/test/test$ kubectl delete -f pv.yaml 
persistentvolume "task-pv-volume" deleted
nickren@nickren-14:~/test/test$ kubectl get pv
NAME             CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS        CLAIM                   STORAGECLASS   REASON    AGE
task-pv-volume   1Gi        RWO            Delete           Terminating   default/task-pv-claim   standard                 27s
nickren@nickren-14:~/test/test$ kubectl describe pv task-pv-volume
Name:            task-pv-volume
Labels:          type=local
Annotations:     pv.kubernetes.io/bound-by-controller=yes
Finalizers:      [kubernetes.io/pv-protection]
StorageClass:    standard
Status:          Terminating (since Thu, 01 Feb 2018 13:18:51 +0800)
Claim:           default/task-pv-claim
Reclaim Policy:  Delete
Access Modes:    RWO
Capacity:        1Gi
Message:         
Source:
    Type:          HostPath (bare host directory volume)
    Path:          /tmp/data
    HostPathType:  
Events:            <none>
```
@childsb
Copy link
Contributor

childsb commented Feb 8, 2018

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: childsb, jsafrane, NickrenREN

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these OWNERS Files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 8, 2018
@k8s-ci-robot k8s-ci-robot merged commit 987460f into kubernetes:master Feb 8, 2018
k8s-github-robot pushed a commit to kubernetes/kubernetes that referenced this pull request Feb 14, 2018
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add e2e test for PV protection

Add e2e test for PV protection

**What this PR does / why we need it**:

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
xref: kubernetes/community#1608

**Special notes for your reviewer**:
hold until #58743 gets merged

**Release note**:
```release-note
NONE
```

/sig storage
/hold

/assign @jsafrane
@NickrenREN NickrenREN deleted the pv-protection branch February 15, 2018 11:49
MadhavJivrajani pushed a commit to MadhavJivrajani/community that referenced this pull request Nov 30, 2021
postpone pv deletion if it is bound to a pvc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/design Categorizes issue or PR as related to design. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants