Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce SINGLE_NODE_SINGLE_WRITER access mode in NodePublishVolume #381

Merged
merged 2 commits into from
Dec 16, 2022
Merged

Enforce SINGLE_NODE_SINGLE_WRITER access mode in NodePublishVolume #381

merged 2 commits into from
Dec 16, 2022

Conversation

chrishenzie
Copy link
Contributor

What type of PR is this?
/kind feature

What this PR does / why we need it:
This is a first draft of adding support for SINGLE_NODE_SINGLE_WRITER access mode enforcement in the hostpath driver.

See the second table in this section for more details:
https://github.com/container-storage-interface/spec/blob/v1.7.0/spec.md#nodepublishvolume

NOTE: This is hacky. Any suggestions for improvement are much appreciated.

Which issue(s) this PR fixes:
Fixes #380

Does this PR introduce a user-facing change?:

Enforces volumes the with SINGLE_NODE_SINGLE_WRITER access mode can only be mounted at one target path at a time

Testing:
This was tested using the k8s e2e.test binary to install the (custom) hostpath driver and run pods on the same host.

make WHAT=test/e2e/e2e.test

_output/local/bin/linux/amd64/e2e.test \
  --kubeconfig="${HOME}/.kube/config" \
  -ginkgo.focus='csi-hostpath.*should block a second pod from using an in-use ReadWriteOncePod volume on the same node'

/sig storage
/cc @msau42
/cc @jsafrane

@chrishenzie
refactor: create mounter in outer scope for node publish
047a69b 
Using shared mounter across NodePublishVolume method.
@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Nov 24, 2022
@k8s-ci-robot k8s-ci-robot requested a review from msau42 November 24, 2022 01:51
@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. sig/storage Categorizes an issue or PR as relevant to SIG Storage. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 24, 2022
jsafrane
jsafrane reviewed Dec 1, 2022
View reviewed changes
pkg/hostpath/nodeserver.go Outdated Show resolved Hide resolved
@chrishenzie
feat: enforce SINGLE_NODE_SINGLE_WRITER access mode in node publish
bad0711 
Return FAILED_PRECONDITION if a volume in NodePublish uses the
SINGLE_NODE_SINGLE_WRITER access mode and is already mounted elsewhere
on the node.

See the second table in this section for more details:
https://github.com/container-storage-interface/spec/blob/v1.7.0/spec.md#nodepublishvolume
@chrishenzie
Copy link
Contributor Author

/retest

Failed due to:

{"msg":"PASSED External Storage [Driver: hostpath.csi.k8s.io] [Testpattern: Generic Ephemeral-volume (default fs) (immediate-binding)] ephemeral should create read-only inline ephemeral volume","total":-1,"completed":1,"skipped":279,"failed":1,"failures":["External Storage [Driver: hostpath.csi.k8s.io] [Testpattern: Dynamic PV (default fs)] capacity provides storage capacity information"]}
{"msg":"FAILED External Storage [Driver: hostpath.csi.k8s.io] [Testpattern: Dynamic PV (default fs)] capacity provides storage capacity information","total":-1,"completed":0,"skipped":183,"failed":1,"failures":["External Storage [Driver: hostpath.csi.k8s.io] [Testpattern: Dynamic PV (default fs)] capacity provides storage capacity information"]}

[It] provides storage capacity information
  test/e2e/storage/testsuites/capacity.go:112
[1m[0m: Creating a StorageClass
Dec  7 02:13:55.775: FAIL: Timed out after 60.006s.
after creating storage class
no CSIStorageCapacity objects for storage class "capacity-5029-e2e-sc6xqbw"

@chrishenzie
Copy link
Contributor Author

Bumping this, is there any other feedback I can address?

@jsafrane
Copy link
Contributor

/lgtm
/approve
sorry about the delay, too much work to do

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 16, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chrishenzie, jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 16, 2022
@k8s-ci-robot k8s-ci-robot merged commit fb24e2b into kubernetes-csi:master Dec 16, 2022
@chrishenzie chrishenzie deleted the enforce-node-publish branch December 17, 2022 00:42
@chrishenzie
Copy link
Contributor Author

Np, thx for the review!

@chrishenzie chrishenzie mentioned this pull request Jan 5, 2023
Closed
@chrishenzie chrishenzie mentioned this pull request Jan 31, 2023
Merged
chrishenzie added a commit to chrishenzie/kubernetes that referenced this pull request Feb 14, 2023
@chrishenzie
chore: Update hostpath driver to v1.11.0
f855c90 
This version enforces the new SINGLE_NODE_SINGLE_WRITER CSI access mode
in NodePublishVolume.

See for more details:
kubernetes-csi/csi-driver-host-path#381
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsafrane jsafrane jsafrane left review comments

@msau42 msau42 Awaiting requested review from msau42

Assignees

@jsafrane jsafrane

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement support for SINGLE_NODE_SINGLE_WRITER enforcement in NodePublishVolume
3 participants
@chrishenzie @jsafrane @k8s-ci-robot