Add pvc support #12458
Add pvc support #12458
Conversation
knative-prow-robot
added
area/API
knative-prow-robot
added
the
do-not-merge/work-in-progress
Codecov Report
@@ Coverage Diff @@
## main #12458 +/- ##
==========================================
- Coverage 87.46% 87.42% -0.04%
==========================================
Files 195 195
Lines 9686 9720 +34
==========================================
+ Hits 8472 8498 +26
- Misses 930 937 +7
- Partials 284 285 +1
Continue to review full report at Codecov.
|
pkg/apis/serving/helpers/contexts.go
Outdated
| limitations under the License. | ||
| */ | ||
|
|
||
| package helpers |
There was a problem hiding this comment.
need this otherwise we end up with a cycle deps issue.
knative-prow-robot
removed
the
do-not-merge/work-in-progress
config/core/configmaps/features.yaml
Outdated
| # Controls whether persistent volumes support is enabled or not. | ||
| # 1. Enabled: enabling persistent volumes support | ||
| # 2. Disabled: disabling persistent volumes support | ||
| kubernetes.podspec-persistent-volumes-claims: "disabled" |
There was a problem hiding this comment.
| kubernetes.podspec-persistent-volumes-claims: "disabled" | |
| kubernetes.podspec-persistent-volume-claims: "disabled" |
think this is singular in the spec
There was a problem hiding this comment.
.. though then it wouldn't match podspec-persistent-volumes-write so maybe your way is better even if inconsistent. hm :(.
There was a problem hiding this comment.
Yeah I thought too about the naming inconsistency. I dont have a better option.
There was a problem hiding this comment.
I switched to:
kubernetes.podspec-persistent-volume-claim
kubernetes.podspec-persistent-volume-write
pkg/apis/serving/helpers/contexts.go
Outdated
| @@ -0,0 +1,42 @@ | |||
| /* | |||
| Copyright 2021 The Knative Authors | |||
There was a problem hiding this comment.
Guess this is 2022 now!
| Copyright 2021 The Knative Authors | |
| Copyright 2022 The Knative Authors |
pkg/apis/serving/k8s_validation.go
Outdated
| minGroupID, maxGroupID = 0, math.MaxInt32 | ||
| minUserID, maxUserID = 0, math.MaxInt32 | ||
| minGroupID, maxGroupID = 0, math.MaxInt32 | ||
| PodSpecPersistenceVolumesWriteAnnotation = "features.knative.dev/podspec-persistence-volumes-write" |
There was a problem hiding this comment.
I think this was "persistent" above
| PodSpecPersistenceVolumesWriteAnnotation = "features.knative.dev/podspec-persistence-volumes-write" | |
| PodSpecPersistentVolumesWriteAnnotation = "features.knative.dev/podspec-persistent-volumes-write" |
There was a problem hiding this comment.
Correct, will change.
pkg/apis/serving/k8s_validation.go
Outdated
| @@ -109,6 +112,32 @@ func ValidateVolumes(ctx context.Context, vs []corev1.Volume, mountedVolumes set | |||
| return volumes, errs | |||
| } | |||
|
|
|||
| func shouldAllowPersistenVolumeClaims(ctx context.Context, volume corev1.VolumeSource, features *config.Features) *apis.FieldError { | |||
There was a problem hiding this comment.
| func shouldAllowPersistenVolumeClaims(ctx context.Context, volume corev1.VolumeSource, features *config.Features) *apis.FieldError { | |
| func shouldAllowPersistentVolumeClaims(ctx context.Context, volume corev1.VolumeSource, features *config.Features) *apis.FieldError { |
pkg/apis/serving/k8s_validation.go
Outdated
| @@ -109,6 +112,32 @@ func ValidateVolumes(ctx context.Context, vs []corev1.Volume, mountedVolumes set | |||
| return volumes, errs | |||
| } | |||
|
|
|||
| func shouldAllowPersistenVolumeClaims(ctx context.Context, volume corev1.VolumeSource, features *config.Features) *apis.FieldError { | |||
| var errs *apis.FieldError | |||
| if volume.PersistentVolumeClaim != nil { | |||
There was a problem hiding this comment.
could turn this in to a guard clause and exit immediately if nil, then the rest can be outdented
pkg/apis/serving/k8s_validation.go
Outdated
| var isWriteAllowed bool | ||
| if features.PodSpecPersistentVolumesWrite == config.Enabled { | ||
| isWriteAllowed = true | ||
| } |
There was a problem hiding this comment.
| var isWriteAllowed bool | |
| if features.PodSpecPersistentVolumesWrite == config.Enabled { | |
| isWriteAllowed = true | |
| } | |
| isWriteAllowed := features.PodSpecPersistentVolumesWrite == config.Enabled |
| @@ -36,7 +37,7 @@ func (c *Configuration) Validate(ctx context.Context) (errs *apis.FieldError) { | |||
| errs = errs.ViaField("metadata") | |||
|
|
|||
| ctx = apis.WithinParent(ctx, c.ObjectMeta) | |||
| errs = errs.Also(c.Spec.Validate(apis.WithinSpec(ctx)).ViaField("spec")) | |||
| errs = errs.Also(c.Spec.Validate(helpers.WithAnnotations(apis.WithinSpec(ctx), c.Annotations)).ViaField("spec")) | |||
There was a problem hiding this comment.
wonder if we could use apis.ParentMeta to avoid the extra helper pkg here
There was a problem hiding this comment.
Let me try it, should work I think.
| }}, | ||
| cfgOpts: []configOption{withPodSpecPersistentVolumesClaimsEnabled(), withPodSpecPersistentVolumesWriteAllowed()}, | ||
| want: &apis.FieldError{ | ||
| Message: `Persistent volumes write support is off, but found Persistent Volume claim myclaim that is not read-only`, |
There was a problem hiding this comment.
fwiw I'm not sure I understand the point of having an annotation for this. IIUC the only case where a user should be able to set it to true is if the feature is "allowed", but if the feature is allowed why don't we just directly let them set the ReadOnly field to false without an annotation? Why would someone add ReadOnly: false and add the annotation as disabled (or, equivalently, not add it)?
There was a problem hiding this comment.
My rationale is that from an admin perspective when deploying many apps you might want to have explicit control on what apps have write access and have an easy way to mark/list them so and restrict them per case. This is due to the implications that volume write access has for the serverless model. Of course you can always implement this externally to Knative via custom tooling, annotations etc so I agree using ReadOnly could be enough in that case. I can remove it. wdyt?
There was a problem hiding this comment.
I removed the annotation if we find it useful can be added later on.
pkg/apis/serving/helpers/contexts.go
Outdated
| import "context" | ||
|
|
||
| type ( | ||
| revCtxKey struct{} |
There was a problem hiding this comment.
wouldn't it be better to call it annoCtxKey ? Not sure how this helper is related to revisions only.
pkg/apis/serving/helpers/contexts.go
Outdated
| ) | ||
|
|
||
| type revCtx struct { | ||
| anns map[string]string |
There was a problem hiding this comment.
would prefer annotations (or annos) but as its a private I leave it up to you
There was a problem hiding this comment.
I removed that part as suggested by @julz .
skonto
force-pushed
the
add_support_pvc
branch
from
21091ce to
4e96597
Compare
|
@julz I removed the annotation and have now simpler name for the feature attributes, no plural. |
pkg/apis/serving/k8s_validation.go
Outdated
| errs = errs.Also(&apis.FieldError{Message: fmt.Sprintf("Persistent volumes claims support is disabled, "+ | ||
| "but found Persistent Volume Claim %s", volume.PersistentVolumeClaim.ClaimName)}) |
There was a problem hiding this comment.
Another nit pick, sorry ...
| errs = errs.Also(&apis.FieldError{Message: fmt.Sprintf("Persistent volumes claims support is disabled, "+ | |
| "but found Persistent Volume Claim %s", volume.PersistentVolumeClaim.ClaimName)}) | |
| errs = errs.Also(&apis.FieldError{Message: fmt.Sprintf("Persistent volume claim support is disabled, "+ | |
| "but found persistent volume claim %s", volume.PersistentVolumeClaim.ClaimName)}) |
(the capitalization should be consistent, I would prefer to user lower case for 'persistent volume claim' and camel-case for PersistenceVolumeClaim)
There was a problem hiding this comment.
Btw Persistent Volume Claim refers to the K8s api attribute. Persistent volumes claims support refers to the feature of supporting this type of volumes. Anyway I can change. Btw there is no PersistenceVolumeClaim.
There was a problem hiding this comment.
@rhuss Here you suggested the opposite no? I changed it due to that comment. I guess this is an update to that comment?
Yep, for me, it's important to be consistent (it doesn't make sense to reference the K8s API attribute (which btw IMO is PersistentVolumeClaim and the feature in the error message (actually the feature is disabled, not the API attribute).
Also (as @julz mentioned) persistent volumes claims sounds incorrect with the double plural (regardless of the arguments above)
|
|
/retest |
knative-prow-robot
added
the
needs-rebase
skonto
force-pushed
the
add_support_pvc
branch
from
238248f to
772a48c
Compare
knative-prow-robot
removed
the
needs-rebase
pkg/apis/serving/k8s_validation.go
Outdated
| @@ -109,6 +110,24 @@ func ValidateVolumes(ctx context.Context, vs []corev1.Volume, mountedVolumes set | |||
| return volumes, errs | |||
| } | |||
|
|
|||
| func shouldAllowPersistentVolumeClaims(volume corev1.VolumeSource, features *config.Features) *apis.FieldError { | |||
There was a problem hiding this comment.
bit of a nit, but given I think this should probably be validatePersistentVolumeClaims since it's not a boolean check / returns apis.FieldError
pkg/apis/serving/k8s_validation.go
Outdated
| if len(specified) == 0 { | ||
| fieldPaths := []string{"secret", "configMap", "projected"} | ||
| cfg := config.FromContextOrDefaults(ctx) | ||
| if cfg.Features.PodSpecVolumesEmptyDir == config.Enabled { | ||
| fieldPaths = append(fieldPaths, "emptyDir") | ||
| } | ||
| if cfg.Features.PodSpecPersistentVolumeClaim == config.Enabled { | ||
| fieldPaths = append(fieldPaths, "persistenVolumeClaim") |
There was a problem hiding this comment.
| fieldPaths = append(fieldPaths, "persistenVolumeClaim") | |
| fieldPaths = append(fieldPaths, "persistentVolumeClaim") |
There was a problem hiding this comment.
Persistent typo:) My bad will fix.
| @@ -142,12 +161,20 @@ func validateVolume(ctx context.Context, volume corev1.Volume) *apis.FieldError | |||
| specified = append(specified, "emptyDir") | |||
| errs = errs.Also(validateEmptyDirFields(vs.EmptyDir).ViaField("emptyDir")) | |||
| } | |||
|
|
|||
| if vs.PersistentVolumeClaim != nil { | |||
| specified = append(specified, "persistentVolumeClaim") | |||
There was a problem hiding this comment.
I'm wondering if we should call shouldAllowPersistentVolumeClaims->validatePersistentVolumeClaims here (rather than in ValidateVolumes) to be consistent with the other volume types above
There was a problem hiding this comment.
Yeah makes sense will switch to that.
There was a problem hiding this comment.
@julz this part is about validating the volume itself wrt to K8s reqs among others. On the other hand, validatePersistentVolumeClaims is related to whether we should allow the specific type of volume wrt to the related Serving feature. That is why I used the name shouldAllowPersistentVolumeClaims similarly to what we have for emptydir.
However in general we could move this code part
serving/pkg/apis/serving/k8s_validation.go
Lines 90 to 106 in 165d516
in
validateVolume. It does not make sense to do it only for pvcs because the same concept applies for emptydir. Personally I find this ok as is and the name validatePersistentVolumeClaims a bit misleading in terms of what we are validating (k8s specs va something else). Should I move the whole part?
There was a problem hiding this comment.
moved emptyDir & pvc related checks to the volumeValidate func
|
|
/retest |
|
@julz ready. :) |
|
@julz gentle ping. |
|
@julz I addressed the last pending issue, pls review. |
|
/retest |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: julz, skonto The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
knative-prow-robot
added
the
approved
* add pvc support * fix header * fix fmt * simplify implementation * fixes * fix msg * improve test names * nits * more fixes
* add pvc support * fix header * fix fmt * simplify implementation * fixes * fix msg * improve test names * nits * more fixes
* Add pvc support (knative#12458) * add pvc support * fix header * fix fmt * simplify implementation * fixes * fix msg * improve test names * nits * more fixes * Add pvc e2e test (knative#12547) * add pvc e2e test * fmt * fix comment * fix pvc ns * add fsGroup * add flag * fix typo * fixes * fix style * skip pvc setup in upgrade tests * Rename test image to volumes from emptydir (#1052) * fix volumes path & dockerfile * run pvc test * enable alpha Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
* Add pvc support (knative#12458) * add pvc support * fix header * fix fmt * simplify implementation * fixes * fix msg * improve test names * nits * more fixes * Add pvc e2e test (knative#12547) * add pvc e2e test * fmt * fix comment * fix pvc ns * add fsGroup * add flag * fix typo * fixes * fix style * skip pvc setup in upgrade tests * Rename test image to volumes from emptydir (#1052) * fix volumes path & dockerfile * run pvc test * enable alpha Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Part of the work in #12438
Release note