New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ReadWriteOncePod access mode for PVs and PVCs #102028
ReadWriteOncePod access mode for PVs and PVCs #102028
Conversation
@chrishenzie: This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR may require API review. If so, when the changes are ready, complete the pre-review checklist and request an API review. Status of requested reviews is tracked in the API Review project. |
675cb02
to
37274bc
Compare
It looks like the KEP didn't go through a sig-scheduling review. The question that comes to mind, regarding the k8s changes: why can't users who need this use pod anti-affinity along with |
@alculquicondor Can we retroactively do that? Any feedback is appreciated. Users may be able to configure pod anti-affinity rules to produce similar behavior, but I feel like that's working around a lack of feature in Kubernetes that should be implemented. The issue is there is a lack of an access mode that guarantees single writer access (on a single node) to a PersistentVolume. From my understanding, most users assume this is what ReadWriteOnce does, but by definition it doesn't. By adding a new access mode to handle this case, we provide opportunities for users to express with clearer intent how they want their PersistentVolumes to be consumed. |
With the new scheduling framework, it is fairly easy to add such functionality as a plugin. |
c0fad4d
to
99fc36e
Compare
/retest |
1 similar comment
/retest |
These options provide an extensible way of configuring how PVs are validated
These options provide an extensible way of configuring how PVCs are validated
So it is consistent with other methods performing the same check (one for internal and external types)
Will be used during validation of PVs and PVCs
This will only work if the "ReadWriteOncePod" feature gate is enabled. Additionally, this access mode will only work when used by itself. This is because when ReadWriteOncePod is used on a PV or PVC, it renders all other access modes useless since it is most restrictive.
99fc36e
to
b7d732d
Compare
@jsafrane for lgtm |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chrishenzie, jsafrane, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR introduces the
ReadWriteOncePod
access mode for PersistentVolumes and PersistentVolumeClaims. This access mode restricts volume access to a single pod on a single node. Please see KEP#2485 for more context.This access mode is enforced in two places:
First is during scheduling (see #103082). When a pod uses a PVC with ReadWriteOncePod, we check for any other consumers of this PVC in the same namespace. If any are found, consider the pod unschedulable and unresolvable since there can only be one consumer. The failing pod will have error:
Second is during volume mounting (inside of kubelet). When a volume is mounted (or a block device is mapped), we check the actual state of the world cache to check if the provided volume is already mounted to another pod. If it is, fail the mount operation to prevent access from another pod. The failing pod will have error:
Special notes for your reviewer:
I tried breaking this into individual chunks in each commit. Hopefully it will make for easier review.
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
/sig storage
/sig scheduling
/assign @msau42
/assign @jingxu97