Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always Start pvc-protection-controller and pv-protection-controller #61324

Conversation

pospispa
Copy link
Contributor

What this PR does / why we need it:
After K8s 1.10 is upgraded to K8s 1.11 finalizer [kubernetes.io/pvc-protection] is added to PVCs
because StorageObjectInUseProtection feature will be GA in K8s 1.11.
However, when K8s 1.11 is downgraded to K8s 1.10 and the StorageObjectInUseProtection feature is disabled the finalizers remain in the PVCs and as pvc-protection-controller is not started in K8s 1.10 finalizers are not removed automatically from deleted PVCs and that's why deleted PVC are not removed from the system but remain in Terminating phase.
The same applies to pv-protection-controller and [kubernetes.io/pvc-protection] finalizer in PVs.

That's why pvc-protection-controller is always started because the pvc-protection-controller removes finalizers from PVCs automatically when a PVC is not in active use by a pod.
Also the pv-protection-controller is always started to remove finalizers from PVs automatically when a PV is not Bound to a PVC.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes N/A
This issue #60764 is for downgrade from K8s 1.10 to K8s 1.9.
This PR fixes the same problem but for downgrade from K8s 1.11 to K8s 1.10.

Special notes for your reviewer:

Release note:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 18, 2018
@k8s-github-robot k8s-github-robot added the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Mar 18, 2018
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 18, 2018
@k8s-ci-robot k8s-ci-robot requested review from enj, msau42 and spiffxp March 18, 2018 17:33
@pospispa pospispa force-pushed the 60764-K8s-1.10-StorageObjectInUseProtection-downgrade-issue branch from d4bd21b to e3229aa Compare March 18, 2018 17:38
@pospispa
Copy link
Contributor Author

@liggitt @jsafrane @NickrenREN PTAL
@saad-ali I believe you have rights to re-assign the labels as needed. Please, do so.
/sig storage
/kind bug

@k8s-ci-robot k8s-ci-robot added sig/storage Categorizes an issue or PR as relevant to SIG Storage. kind/bug Categorizes issue or PR as related to a bug. labels Mar 18, 2018
@pospispa
Copy link
Contributor Author

/test pull-kubernetes-e2e-gce

@dims
Copy link
Member

dims commented Mar 19, 2018

/milestone v1.10

based on comment in #60764

@liggitt
Copy link
Member

liggitt commented Mar 19, 2018

Until announced, 1.10 PRs should be opened against master. 1.10 branch is still fast-forwarding.

@liggitt
Copy link
Member

liggitt commented Mar 19, 2018

I'm not sure this is necessary if the feature gate default is the same as it will be in 1.11

@pospispa pospispa force-pushed the 60764-K8s-1.10-StorageObjectInUseProtection-downgrade-issue branch from e3229aa to 1c9fe2c Compare March 19, 2018 09:09
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 19, 2018
@k8s-ci-robot
Copy link
Contributor

Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please follow instructions at https://git.k8s.io/community/CLA.md#the-contributor-license-agreement to sign the CLA.

It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.


Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-ci-robot k8s-ci-robot added cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. and removed cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 19, 2018
@pospispa
Copy link
Contributor Author

Until announced, 1.10 PRs should be opened against master. 1.10 branch is still fast-forwarding.

Rebased to master.

I'm not sure this is necessary if the feature gate default is the same as it will be in 1.11

@liggitt OK, I agree that when the feature gate is the same this is not necessary. However, when the StorageObjectInUseProtection feature is enabled the finalizers are added to PVs/PVCs. In case admin disables the feature the finalizers will have to be removed manually from PVs/PVCs, but this PR introduces automatic removal of PV/PVC finalizers in case the StorageObjectInUseProtection feature is disabled.

@pospispa pospispa changed the base branch from release-1.10 to master March 19, 2018 12:34
@pospispa
Copy link
Contributor Author

/retest

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Mar 19, 2018
@jdumars jdumars removed this from the v1.10 milestone Mar 19, 2018
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Apr 20, 2018
@pospispa
Copy link
Contributor Author

@deads2k I believe I've addressed all your comments. Would you approve the PR? Should I squash the commits?

@pospispa
Copy link
Contributor Author

We should also cherrypick this into 1.10

I don't know that I agree. Removing feature gate detection that we did all our testing with doesn't seem like a good idea.

@deads2k Let me, please, re-phrase which issue is this PR trying to fix:
StorageObjectInUseProtection feature is enabled by default in K8s 1.10+. Assume K8s cluster is used with this feature enabled, i.e. finalizers are added to all PVs and PVCs. In case the K8s cluster admin disables the StorageObjectInUseProtection feature and a user deletes a PVC that is not in active use by a pod then the PVC is not removed from the system because of the finalizer. Therefore, the user will have to remove the finalizer manually in order to have the PVC removed from the system. Note: deleted PVs won't be removed from the system also because of finalizers.

This PR is adding into K8s 1.11+ automatic removal of finalizers nevertheless the StorageObjectInUseProtection feature is enabled or disabled.

So do we need automatic removal of finalizers also in K8s 1.10?

Note: the automatic removal of finalizers was added into K8s 1.9.6 in PR #61370

}

// NewPVCProtectionController returns a new *{VCProtectionController.
func NewPVCProtectionController(pvcInformer coreinformers.PersistentVolumeClaimInformer, podInformer coreinformers.PodInformer, cl clientset.Interface) *Controller {
e := &Controller{
client: cl,
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "pvcprotection"),
storageObjectInUseProtectionEnabled: utilfeature.DefaultFeatureGate.Enabled(features.StorageObjectInUseProtection),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't take the feature gate dependency here, pass it in. Feature gates at the very edges, config everywhere else. Globals are evil.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@deads2k please, does it now look good from you point of view?

ctx.InformerFactory.Core().V1().PersistentVolumeClaims(),
ctx.InformerFactory.Core().V1().Pods(),
ctx.ClientBuilder.ClientOrDie("pvc-protection-controller"),
utilfeature.DefaultFeatureGate.Enabled(features.StorageObjectInUseProtection),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this is ok for now. Eventually we'll want to push it back into the context/config, but this a fair point to start.

@deads2k
Copy link
Contributor

deads2k commented Apr 20, 2018

/approve

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 20, 2018
@deads2k
Copy link
Contributor

deads2k commented Apr 20, 2018

/approve

please squash before merge.

@pospispa pospispa force-pushed the 60764-K8s-1.10-StorageObjectInUseProtection-downgrade-issue branch from 7e0d723 to 81c2747 Compare April 20, 2018 17:06
@pospispa
Copy link
Contributor Author

@deads2k thank you for the approval. I've squashed the commits.

@pospispa
Copy link
Contributor Author

/retest

After K8s 1.10 is upgraded to K8s 1.11 finalizer [kubernetes.io/pvc-protection] is added to PVCs
because StorageObjectInUseProtection feature will be GA in K8s 1.11.
However, when K8s 1.11 is downgraded to K8s 1.10 and the StorageObjectInUseProtection feature is disabled
the finalizers remain in the PVCs and as pvc-protection-controller is not started in K8s 1.10 finalizers
are not removed automatically from deleted PVCs and that's why deleted PVC are not removed from the system
but remain in Terminating phase.
The same applies to pv-protection-controller and [kubernetes.io/pvc-protection] finalizer in PVs.

That's why pvc-protection-controller is always started because the pvc-protection-controller removes finalizers
from PVCs automatically when a PVC is not in active use by a pod.
Also the pv-protection-controller is always started to remove finalizers from PVs automatically when a PV is not
Bound to a PVC.

Related issue: kubernetes#60764
@pospispa pospispa force-pushed the 60764-K8s-1.10-StorageObjectInUseProtection-downgrade-issue branch from 81c2747 to d3ddf7e Compare April 20, 2018 17:55
@pospispa
Copy link
Contributor Author

/retest

@deads2k
Copy link
Contributor

deads2k commented Apr 20, 2018

@deads2k thank you for the approval. I've squashed the commits.

I'll leave lgtm with original review @msau42

@msau42
Copy link
Member

msau42 commented Apr 20, 2018

/lgtm

Yes, I think we'll have to cherry pick this into 1.10, otherwise we'll have a gap in behavior between 1.9 and 1.11.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 20, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: deads2k, msau42, pospispa

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@k8s-github-robot
Copy link

/test all [submit-queue is verifying that this PR is safe to merge]

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Apr 20, 2018

@pospispa: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-integration d3ddf7e link /test pull-kubernetes-integration

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 61324, 62880, 62765). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit 663c6ed into kubernetes:master Apr 21, 2018
pospispa added a commit to pospispa/kubernetes that referenced this pull request Apr 21, 2018
StorageObjectInUseProtection feature is enabled by default in K8s 1.10+. Assume K8s cluster is used with this feature enabled, i.e. finalizers are added to all PVs and PVCs. In case the K8s cluster admin disables the StorageObjectInUseProtection feature and a user deletes a PVC that is not in active use by a pod then the PVC is not removed from the system because of the finalizer. Therefore, the user will have to remove the finalizer manually in order to have the PVC removed from the system. Note: deleted PVs won't be removed from the system also because of finalizers.

That's why pvc-protection-controller is always started because the pvc-protection-controller removes finalizers from PVCs automatically when a PVC is not in active use by a pod. Also the pv-protection-controller is always started to remove finalizers from PVs automatically when a PV is not Bound to a PVC.

Related issue:
kubernetes#60764

Related PRs:
kubernetes#61370
kubernetes#61324
k8s-github-robot pushed a commit that referenced this pull request Apr 27, 2018
…ction-feature-to-GA-2nd-attempt

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Bring StorageObjectInUseProtection feature to GA

**What this PR does / why we need it**:
It brings `StorageObjectInUseProtection` feature to GA.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes N/A

**Special notes for your reviewer**:
Related features: kubernetes/enhancements#498 and kubernetes/enhancements#499
Related PR: #61324

**Release note**:

```release-note
StorageObjectInUseProtection feature is GA.
```
k8s-github-robot pushed a commit that referenced this pull request Jun 4, 2018
…ction-downgrade-issue-cherry-pick-into-K8s-1.10

Automatic merge from submit-queue.

cherry-pick into K8s 1.10: Always Start pvc-protection-controller and pv-protection-controller

**What this PR does / why we need it**:
StorageObjectInUseProtection feature is enabled by default in K8s 1.10+. Assume K8s cluster is used with this feature enabled, i.e. finalizers are added to all PVs and PVCs. In case the K8s cluster admin disables the StorageObjectInUseProtection feature and a user deletes a PVC that is not in active use by a pod then the PVC is not removed from the system because of the finalizer. Therefore, the user will have to remove the finalizer manually in order to have the PVC removed from the system. Note: deleted PVs won't be removed from the system also because of finalizers.

This problem was fixed in [K8s 1.9.6](https://github.com/kubernetes/kubernetes/releases/tag/v1.9.6) in PR #61370
This problem is also fixed in K8s 1.11+ in PR #61324
However, this problem is not fixed in K8s 1.10, that's why I've cherry-picked the PR #61324 and proposing to merge it into K8s 1.10.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes 
N/A

Related issue: #60764

**Special notes for your reviewer**:

**Release note**:

```release-note
In case StorageObjectInUse feature is disabled and Persistent Volume (PV) or Persistent Volume Claim (PVC) contains a finalizer and the PV or PVC is deleted it is not automatically removed from the system. Now, it is automatically removed.
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. milestone/removed release-note-none Denotes a PR that doesn't merit a release note. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants