From 8c06da25fc295a9349a4574fea7144744cf52e4a Mon Sep 17 00:00:00 2001 From: Masaki Kimura Date: Fri, 10 Jun 2022 00:36:14 +0000 Subject: [PATCH] Add description on Conflict on installing `VolumePopulator` CR for `VolumeSnapshotLink` across CSI drivers --- .../README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/keps/sig-storage/3294-provision-volumes-from-cross-namespace-snapshots/README.md b/keps/sig-storage/3294-provision-volumes-from-cross-namespace-snapshots/README.md index 8eda87893f81..3cff4a7884d8 100644 --- a/keps/sig-storage/3294-provision-volumes-from-cross-namespace-snapshots/README.md +++ b/keps/sig-storage/3294-provision-volumes-from-cross-namespace-snapshots/README.md @@ -91,6 +91,7 @@ tags, and then generate with `hack/update-toc.sh`. - [Risks and Mitigations](#risks-and-mitigations) - [Secret Handling](#secret-handling) - [Security](#security) + - [Conflict on installing VolumePopulator CR for VolumeSnapshotLink across CSI drivers](#conflict-on-installing--cr-for--across-csi-drivers) - [Design Details](#design-details) - [Example flow of how this proposal works](#example-flow-of-how-this-proposal-works) - [API](#api) @@ -239,7 +240,7 @@ Define an API to specify a cross-namespace `VolumeSnapshot` as a `DataSourceRef` - To specify a non-standard API as a `DataSourceRef` of a PVC, [AnyVolumeDataSource feature](https://kubernetes.io/blog/2021/08/30/volume-populators-redesigned/) is used, - To specify a cross-namespace `VolumeSnapshot`, a new `VolumeSnapshotLink` CRD is introduced (Please also see [API](#api)), -- To restrict only allowed `VolumeSnapshot` to be consumed from other namespaces, [`ReferenceGrant` CRD (formerly `ReferenceGrant`)](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io%2fv1alpha2.ReferenceGrant) is used, +- To restrict only allowed `VolumeSnapshot` to be consumed from other namespaces, [`ReferenceGrant` CRD (formerly `ReferencePolicy`)](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io%2fv1alpha2.ReferenceGrant) is used, - To actually populate a PV from a `VolumeSnapshot` referenced from `VolumeSnapshotLink` CRD, a populator for each CSI driver is used, - As a reference populator implementation, [CSI external provisioner](https://github.com/kubernetes-csi/external-provisioner) is extended to handle the `VolumeSnapshotLink` CRD (Please also see [Populator implementation](#populator-implementation)). @@ -310,6 +311,15 @@ In addition, there will be cases that `ReferenceGrant` may be created/deleted/re If all the processes succeed without any error, it succeeds even the `ReferenceGrant` is deleted in the middle of the processes. If any errors happened in the processes and the controller retries, it may detect that there is no `ReferenceGrant` . Then, it won't use the `VolumeSnapshot` until the `ReferenceGrant` that allows the access is re-created. +#### Conflict on installing `VolumePopulator` CR for `VolumeSnapshotLink` across CSI drivers + +This feature requires installing VolumePopulator` CR for `VolumeSnapshotLink` and is enabled per CSI driver basis. +Therefore, on enabling this feature for each CSI driver, it is expected that `VolumePopulator` CR for `VolumeSnapshotLink` is created before each CSI driver installation. +As a result, there may be a conflict in creating it for each driver, if there are any differences in their definitions, like alpha API and beta API. + +To avoid this issue, it should be avoided to manage VolumePopulator` CR for `VolumeSnapshotLink` in each CSI driver's repository. +It should be managed in another single repository and the same CR should be used per cluster basis. + ## Design Details