Allow more control of the name of the directory created by the Access Point under Dynamic Provisioning#568
Allow more control of the name of the directory created by the Access Point under Dynamic Provisioning#568jonathanrainer wants to merge 19 commits into
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Welcome @jonathanrainer! |
|
Hi @jonathanrainer. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
|
/ok-to-test will have to incorporate namespace in the naming somehow to avoid conflicts |
k8s-ci-robot
added
ok-to-test
|
Have pushed a new version that instead of enforcing the use of the PVC Name gives the users the ability to decide how they want to structure the access point directory. It's a bit more generic and has more potential for error admittedly but I think it allows more control. If you think this isn't a good idea we can revert and I can add the Namespace in somewhere else but I think this strikes a nice balance. |
|
/retest |
1 similar comment
|
/retest |
|
Appreciate the work here @jonathanrainer! I have some opinions if you'd care for them:
This accomplishes what #543 asked for but is even more generic such that users could also set Again, to be clear this changes the current behavior of In summary,
Thoughts? |
|
I think all that sounds reasonable I can have a go at something like that tomorrow and see what I come up with. The only problem I can forsee is how you communicate the variables vs. the fixed part of the string, I guess you could use Go's templating syntax but if you're using Helm to install this it would be a bit odd getting it to generate more templating code but perhaps that's unavoidable. I'm more than open to the idea but I'd appreciate some pointers/ideas on the syntax. |
|
Also thinking about it maybe the best idea is to remove "basePath" if and swap it for something like "pathTemplate"? I think that's much clearer as to what that parameter does, that way we can support both and then deprecate basePath if we want to or go the whole hog and deprecate it in one fell swoop if people want to take the major version bump. |
Ya, I'm still thinking about this part for sure. Go templating feels too heavy here and conflicts with Helm seem guaranteed. Something like https://pkg.go.dev/fmt feels much closer but still thinking.
"Template" doesn't feel right to me, but totally understand if repurposing |
|
@iAnomaly Had a first pass at it, the templating syntax I ended up at was |
jonathanrainer
changed the title
Looking really good IMO @jonathanrainer! Now that I think of it, since we're creating a whole new parameter |
|
I think I was going for parity with existing behaviour so people can migrate more easily. It's easy to change though and I'm happy to. @wongma7 what do you think? This is a pretty big change for the parameters, don't want to push too far down this route if you think it's a bad idea |
|
If we want backwards compatibility we could keep |
|
I like wolffberg's idea, it is easy to reason about. My highest priority is backwards compatibility, I think it is too soon for a major version update and an upgrade story that entails recreating storageclasses is hard to reason about and could be troublesome. Another option is to maintain both basePath and rootDirectoryPath and make them mutually exclusive. I don't like this because it is confusing and I want to avoid doing validation of storageclass in general (because validation cannot occur at storageclass creation time, it can only happen later at pv provision time, it is unpleasant UX). But I mention it for completeness Also, I slightly prefer reusing go templating syntax over coming up with something new. helm should let us escape expressions. Another option is to copy https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner pathPattern parameter templating syntax. I don't know how they arrived at that syntax. But there's probably a nonzero overlap of users who would benefit from consistency since https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner does technically work with EFS too. |
jonathanrainer
force-pushed
the
master
branch
from
9a6610f to
5b2e2cc
Compare
jonathanrainer
force-pushed
the
master
branch
from
5b2e2cc to
78b89db
Compare
k8s-ci-robot
added
size/XS
k8s-ci-robot
added
the
size/L
|
/check-cla |
|
Ok, sorry about the mess with this one, I forgot that fiddling with I've re-written this to keep Let me know what you think and we can work from there. |
|
Thanks for continuing to work through this @jonathanrainer. My only question is how does the current implementation support a desired constructed path of just But it looks like subPathPattern doesn't currently support a |
Removing the 0-length check allows us to support not setting a basePath but having an empty pattern, as distinct from not setting subPathPattern, which means "/" can be used as a valid accessPoint path.
|
@iAnomaly Thanks for the feedback! You're right that is certainly a use-case I overlooked, I've now updated the code so it's possible to have a 0-length pattern and added a test to show that it gives you the correct constructed directory (i.e. /) once it's been through the process. |
| klog.Infof("Using PV name for access point directory.") | ||
| } | ||
|
|
||
| rootDir := path.Join("/", basePath, rootDirName) |
There was a problem hiding this comment.
since it's possible now for names to collide whereas before we could assume that the path would be unique since volName would be the pvc+uuid (and volName is a PV name which is cluster-scoped)*, I'm wondering whether we need to handle it. Especially if deleteAccessPointRootDir is set to false then we could have a situation where say I have iteration 1 of pod+pvc-a writing data to directory pvc-a and then iteration 2 of pod+pvc-a (not necessarily in the same namespace as iteration 1) unexpectedly reading/writing to the same directory pvc-a.
It puts quite a burden on administrators to set up the storageclasses 'correctly' so that boundaries are respected. If I just lazily create a storageclass with subpath /{PVC.name} then users from namespace A or B could both access that which is probably not what I intend.
Just want to start a discussion for now, I anticipate we might get blocked releasing this on security grounds in its current form.
There was a problem hiding this comment.
That's reasonable, and I'm certainly not an expert in this stuff which is why I rely on other people who are! In which case, since the EBS driver already does this do they not have the same problem? And what do you think is the best way to deal with a situation like this?
- Can we query the EFS to check if any access points overlap? How similar do we need to check that they are? i.e. It might be completely legitimate to have 2 access points pointing at the same directory if they had different GUID/UID properties for example
- Were this to be violated what's an acceptable response, should the driver just return an error, as it does if you misconfigure the subPathPattern?
There was a problem hiding this comment.
I think the path should still contain the UUID to prevent collisions e.g. /cluster/namespace/pvc-1d8451fe-ee96-421a-b55f-c90a346e1215
Also, I just found this paragraph on the EFS docs that might require a check or two.
You enable this feature by setting the access point Path attribute when creating an access point. The Path attribute is the full path of the root directory of the file system for all file system requests made through this access point. The full path can't exceed 100 characters in length. It can include up to four subdirectories.
This ensures we can control when we want directories created under dynamic provisioning to be unique and when we don't (poweruser mode). This also adds some successful tests, next commit will add the failure cases to make sure all bases are covered.
Added a fix around the handling for misconfiguration of the ensureUniqueDirectory whereby if it's misconfigured it will fall through to its default value.
k8s-ci-robot
added
size/XL
Add tests for checking fstype. When driver receives a request with unsupported fstype a volume should not be created and meaningful messages logged.
This is the actual fix needed. Adding fstype check with proper error, while clearly defining what values are supported.
k8s-ci-robot
added
size/XXL
|
@jonathanrainer: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
This PR being linked to master is making it difficult to manage. I'm going to close this PR now and re-open it properly so re-bases etc. will not cause me to spend in-ordinate amounts of time fixing it. |
7 participants
Is this a bug fix or adding new feature?
This adds a new feature, mostly in response to discussions on Issue #543
What is this PR about? / Why do we need it?
At the moment if you use dynamic provisioning the name of the folder created on the EFS is the name of the generated PV however in some use cases this isn't desirable and leads to a lot of confusion. Under this scheme the name of the directory can be controlled by users using a new parameter
rootDirectoryPathand deprecating the oldbasePath. This allows users a higher level of control over the directories that are created as they can specify any combination of fixed strings and a set of predefined variables based on what the CSI Spec supports.What testing is done?
I have added to the unit tests for the module and I believe this is sufficient because all that is being changed is the directory being added to the AccessPointOpts struct. There might want to be some E2E testing about what happens if that directory already exists but I'm happy to take pointers on that as this is my first PR to the repo.