design-proposal: Adjust virtiofs feature gates #313
Conversation
kubevirt-bot
added
dco-signoff: yes
|
/cc @germag |
|
/cc @EdDev |
|
/cc @stu-gott |
| ## Motivation | ||
|
|
||
| Currently, the usage of feature gates are mixed with the feature control. The feature gate `ExperimentalVirtiofsSupport` | ||
| controls whether virtiofsd runs as root or not. Moreover, there is no way to disable it completely and this feature is |
There was a problem hiding this comment.
Virtiofsd runs inside a separate container in the virt-launcher pod. I've added the detail in the document.
| - Drop the usage of `ExperimentalVirtiofsSupport` feature gate, marking it as deprecated. | ||
| - Add feature gate `EnableVirtioFsConfigVolumes`, which will enable the sharing of ConfigMaps, Secrets, DownwardAPI and ServiceAccount. | ||
| - Add feature gate `EnableVirtioFsPVC`, which will enable the sharing of PVCs. |
There was a problem hiding this comment.
I think these are implementation details, not goals.
A goal could be something like: Control, per cluster, the ability to use virtiofs with PVC.
But in my phrasing, it is a configuration knob not a FG one, so it is probably not a fit.
There was a problem hiding this comment.
You are right. I've rephrased the section.
| As a VM owner, I want to share Secrets, ConfigMaps, ServiceAccounts and/or DownwardAPI in a dynamic way. | ||
|
|
||
| As a VM owner, I want to share PVCs with one or multiple VMs and be able to read and/or write them. |
There was a problem hiding this comment.
I think there is a need for a full story, end to end.
E.g. what the user wants to do and what he needs to change/update/do in order to accomplish his need.
What are the scenarios he wants to be aware of or not be aware of (e.g. distinguish between all these options).
There was a problem hiding this comment.
I've extended the user stories a bit.
| Two feature gates will be introduced as a means to granular support virtiofs functionalities: | ||
| - `EnableVirtioFsConfigVolumes` to allow sharing ConfigMaps, Secrets, DownwardAPI and ServiceAccount. | ||
| - `EnableVirtioFsPVC` to allow sharing PVCs. | ||
| The feature gates may start its path to GA once a VM will be able to live migrate while sharing data with virtiofs. |
There was a problem hiding this comment.
This means there will be no control on the options once GA is reached (because the FG will get removed).
If this is the intention, please be explicit about it.
As I see it, the FG are just means to phase the work done and to allow functionality that is not yet stable.
Once it is stable, we drop them.
There was a problem hiding this comment.
Yes. The intention is to drop those FGs on GA. Included some text to explicitly reflect it.
| migration support will distinguish between different use cases: sharing ConfigMaps, Secrets, DownwardAPI and | ||
| ServiceAccounts and sharing PVCs. This distinction will be useful for a staggered and granular support. |
There was a problem hiding this comment.
I have hard time understanding why there is a need to split one FG into two.
Can you somehow express what is the problem with the current single FG?
| # Open Questions | ||
|
|
||
| - Currently, it is possible to run rootful virtiofs containers. | ||
| - Should we support this use case at all?, since the possibility of running a rootful container will be dropped. |
There was a problem hiding this comment.
Are talking about a sidecar in the virt-launcher?
If so, my impression was that we do not support rootful pods, but we left a knob in a form of a FG (?) to still allow users to operate in a legacy rootful manner.
But then, I do not understand what will trigger continuing a feature that depends on such a rootful pod instead of just discontinue it or find an alternative.
There was a problem hiding this comment.
Virtiofsd runs in a separate container in the launcher pod. The feature will be able to share ConfigMaps, secrets, etc. and PVCs without requiring a rootful container. Before including the required changes, the main pain point is to share PVCs, see: https://kubevirt.io/user-guide/storage/disks_and_volumes/#non-privileged-and-privileged-sharing-modes. However, as stated, the intention is to overtake those limitations, but some extra work is required. Until then, we do wonder if we should support rootful virtiofs containers to bring the user the possibility to overtake the limitations before required changes are onboarded.
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@jcanocan the proposal looks good to me and is much more clear about the feature distinction. /lgtm |
Sure, I will create a placeholder in the user-guide so that I do not forget about it. Thanks for the suggestion. |
|
@jcanocan I think this proposal is missing how we deal with kubevirt upgrade when the old feature gate is on. |
|
/lgtm cancel |
| ## Update/Rollback Compatibility | ||
| This is a breaking change, users using virtiofs in any way won’t be able to further use virtiofs without enabling the | ||
| proper feature gate/s. |
There was a problem hiding this comment.
This is no go. There is no need to break anyone, we just deprecate the feature gate we use now but it if present it will mean that both new feature gates are on. Users will be advised to move to new features gates as the old one will be ignored in n+m release
There was a problem hiding this comment.
Nice idea! Adjusted! Thanks for the suggestion.
There was a problem hiding this comment.
Adjusted to allow the usage of ExperimentalVirtiofsSupport until 1.5. Later, it will be removed.
jcanocan
force-pushed
the
virtiofs-fg
branch
2 times, most recently
from
1ddf18d
to
9e5a78a
Compare
|
|
||
| ## Motivation | ||
| Currently, the usage of feature gates are mixed with the feature control. The feature gate `ExperimentalVirtiofsSupport` | ||
| controls whether virtiofsd runs as rootful container inside the launcher pod or not. Moreover, there is no way to |
There was a problem hiding this comment.
The Moreover, there is no way to disable it completely and this feature is not in GA. is little bit more cryptic than it could be. I believe what you are trying to say is: "The feature gate ExperimentalVirtiofsSupport
controls whether virtiofs can be used and it automatically runs as rootful container inside the launcher pod when needed. There is no way to only run virtiofs for usecases which doesn't require rootful virtiofsd or the the other way around."
| disable it completely and this feature is not in GA. | ||
|
|
||
| In order to GA virtiofs, VMs should be able to live migrate while sharing data with virtiofs. The virtiofsd’s live | ||
| migration support will distinguish between different use cases: sharing ConfigMaps, Secrets, DownwardAPI and |
There was a problem hiding this comment.
You already define term "ConfigVolume" so you can just use that.
There was a problem hiding this comment.
You right. I have left it in Section "KubeVirt Feature Gates", in which we explain what the EnableVirtioFsConfigVolumes FG to avoid defining a term with the term itself.
| migration support will distinguish between different use cases: sharing ConfigMaps, Secrets, DownwardAPI and | ||
| ServiceAccounts and sharing PVCs. | ||
|
|
||
| This distinction will be useful because in order to fully support sharing ConfigVolumes and PVCs while allowing |
There was a problem hiding this comment.
The first sentence actually doesn't justify the distinction. I would remove the "the distinction will` and move to the part where you explain that different set of changes are required for ConfigVolumes GA and PVC GA...
| and granular support giving users time to test the ConfigVolumes sharing support and allowing the involved developers to | ||
| get feedback before next steps to support sharing PVCs. | ||
|
|
||
| ## Goals |
There was a problem hiding this comment.
Should deprecation of the existing feature gate be a goal?
| ## Update/Rollback Compatibility | ||
| As stated before, `ExperimentalVirtiofsSupport` will be marked as deprecated. However, in order to do not disrupt current | ||
| systems relaying in the `ExperimentalVirtiofsSupport` feature gate, it will allow users to share ConfigMaps, Secrets, | ||
| DownwardAPI and ServiceAccount and PVCs until KubeVirt version 1.5. In versions equal or greater than 1.5, the feature gate |
There was a problem hiding this comment.
1.5 -> 1.6 as we are reaching FF of 1.4 and I don't believe this will make it.
|
|
||
| ## Update/Rollback Compatibility | ||
| As stated before, `ExperimentalVirtiofsSupport` will be marked as deprecated. However, in order to do not disrupt current | ||
| systems relaying in the `ExperimentalVirtiofsSupport` feature gate, it will allow users to share ConfigVolumes and PVCs |
There was a problem hiding this comment.
| systems relaying in the `ExperimentalVirtiofsSupport` feature gate, it will allow users to share ConfigVolumes and PVCs | |
| systems relying in the `ExperimentalVirtiofsSupport` feature gate, it will allow users to share ConfigVolumes and PVCs |
There was a problem hiding this comment.
Adjusted. Thanks for your review!
This design document explains how and why virtiofs feature gates should be adjusted. The main purpose is to avoid mixing feature control and configuration with feature enablement. Signed-off-by: Javier Cano Cano <jcanocan@redhat.com>
|
/lgtm |
|
@vladikr could you please take a look? Thanks in advance. |
|
Pull requests that are marked with After that period the bot marks them with the label /label needs-approver-review |
kubevirt-bot
added
the
needs-approver-review
|
/sig compute |
What this PR does / why we need it:
This design document explains how and why virtiofs feature gates should be adjusted. The main purpose is to avoid mixing feature control and configuration with feature enablement.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes # CNV-39324
Special notes for your reviewer:
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.
Release note: