You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-[We will move following <ahref="https://github.com/kubernetes-sigs/kube-storage-version-migrator/blob/60dee538334c2366994c2323c0db5db8ab4d2838/pkg/apis/migration/v1alpha1/types.go">APIs</a> in-tree:](#we-will-move-following-apis-in-tree)
19
18
-[Changes while we move above APIs in-tree:](#changes-while-we-move-above-apis-in-tree)
20
-
-[<ahref="https://github.com/kubernetes-sigs/kube-storage-version-migrator/tree/60dee538334c2366994c2323c0db5db8ab4d2838/pkg/controller">Controller</a> to move](#controller-to-move)
@@ -94,22 +91,16 @@ This KEP aims to make it easy for users to perform storage migrations without ha
94
91
- Any modification regarding `StorageVersion` API for HA API servers
95
92
- Adding logic that relies on the hashed storage versions exposed via the discovery API
96
93
97
-
### UNCLEAR Goals and/or Non-Goals
98
-
99
-
- Automatic storage version migration for CRDs
100
-
- Make it easy for Kubernetes developers to drop old API schemas by guaranteeing that storage migration is run automatically on SV hash changes (should this also be on a timer or API server identity?)
101
-
- Automated Storage Version Migration via the hash exposed by the `StorageVersion` API
102
-
103
94
## Proposal
104
95
105
-
- Move the existing SVM controller logic in-tree into KCM
106
-
- Move the existing SVM REST APIs in-tree (possibly under a new API group to avoid conflicts with the old API being run concurrently)
107
-
-For Alpha, we will not trigger automatic storage version migration, and it will be deferred to the user.
96
+
- Move the existing SVM controller logic in-tree into KCM from its [original source](https://github.com/kubernetes-sigs/kube-storage-version-migrator).
97
+
- Move the existing SVM REST APIs in-tree (possibly under a new API group to avoid conflicts with the old API being run concurrently).
98
+
-Automatic storage version migration will be deferred to the user.
108
99
109
100
### User Stories (Optional)
110
101
111
-
#### Story 1**[UNCLEAR]**
112
-
As an end user of Kubernetes, we get automatic storage version migration whenever the storage version changes due to an api server upgrade/downgrade.
102
+
#### Story 1
103
+
As an end user of Kubernetes, I can trigger storage version migration for my resources.
113
104
114
105
#### Story 2
115
106
As an end user using encryption at rest, whenever the key change is detected we can run the storage migration to use the new key for encryption.
@@ -240,24 +231,48 @@ To avoid any conflicts with the Storage Version Migrators running out of tree, w
240
231
The final APIs that will be moved in-tree are:
241
232
- `v1alpha1` of `storageversionmigrations.storagemigration.k8s.io`
242
233
243
-
### [Controller](https://github.com/kubernetes-sigs/kube-storage-version-migrator/tree/60dee538334c2366994c2323c0db5db8ab4d2838/pkg/controller) to move
Currently, the StorageVersionMigratorcomprises two controllers: the `Trigger` controller and the `Migrator` controller. TheTrigger controller performs resource discovery, identifying supported resources with the preferred server version every `10 minutes`. Subsequently, the Trigger controller creates the `StorageVersionMigration` resource to initiate the migration process. TheMigrator controller then picks up this resource and executes the actual migration.
234
+
##Former, out-of-tree implementation
235
+
- [Controller](https://github.com/kubernetes-sigs/kube-storage-version-migrator/tree/60dee538334c2366994c2323c0db5db8ab4d2838/pkg/controller) to move
When transitioning the StorageVersionMigrator in-tree, we will exclusively move the Migrator controller as a component of KCM. The creation of the Migration resource will be deferred to the user, instead of being triggered automatically.
238
+
Currently, the StorageVersionMigrator comprises of two controllers: the `Trigger`
239
+
controller and the `Migrator` controller. TheTrigger controller performs resource
240
+
discovery, identifying supported resources with the preferred server version every
241
+
`10 minutes`. Subsequently, the Trigger controller creates the `StorageVersionMigration`
242
+
resource to initiate the migration process. TheMigrator controller then picks up this
243
+
resource and executes the actual migration.
248
244
249
-
### Approach
250
-
#### GarbageCollectionCache
251
-
Kube ControllerManager's garbage collection cache contains the name and namespace for all resources, providing a suitable dataset for the migration process. This approach is detailed [here](https://docs.google.com/document/d/1lHDbrMCmNG1KXEpw6gMhDL8qWAWgeSlfW6gbCvD80uw/edit?usp=sharing). _We will use this approach for the Alpha release_.
245
+
When transitioning the StorageVersionMigrator in-tree, we will exclusively move the
246
+
Migrator controller as a component of KCM. The creation of the Migration resource
247
+
will be deferred to the user, instead of being triggered automatically.
252
248
253
-
### Rejected Alternative
254
-
#### Streaming List
255
-
Currently, the Migrator controller uses the `chunked List` method to retrieve the list of resources from the API server and subsequently perform storage migrations as needed. However, chunked lists are [resource-intensive]((https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/3157-watch-list/README.md#motivation)) and can lead to a significant overload on the API server, potentially resulting in it being terminated due to out-of-memory (OOM) issues. To address this concern, we have proposed the adoption of an Alpha feature introduced in Kubernetes _v1.27_, known as [`Streaming List`](https://kubernetes.io/docs/reference/using-api/api-concepts/#streaming-lists).
249
+
### NewKCM-based controller
256
250
257
-
When the Migrator controller is integrated in-tree, it will leverage the `Streaming List` approach to obtain and monitor resources while executing storage version migrations, as opposed to using the resource-intensive `chunked list` method. In cases where, for any reason, the client cannot establish a streaming watch connection with the API server, it will fall back to the standard `chunked list` method, retaining the older LIST/WATCH semantics.
258
-
259
-
- _Open Question_:
260
-
- Does `Streaming List` support inconsistent lists? Currently, with chunked lists, we receive inconsistent lists. We need to determine if we can achieve the same with Streaming List. Depending on the outcome, we may consider removing the [ContinueToken](https://github.com/kubernetes-sigs/kube-storage-version-migrator/blob/60dee538334c2366994c2323c0db5db8ab4d2838/pkg/apis/migration/v1alpha1/types.go#L63) from the API.
251
+
#### GarbageCollectionCache
252
+
Kube ControllerManager's garbage collection cache contains the name and namespace
253
+
for all resources, providing a suitable dataset for the migration process.
254
+
255
+
At the beginning of a migration, to make sure the garbage collector's cache is
256
+
up-to-date with the cluster state, the SVM controller performs a list that is
257
+
guaranteed to return at most one item (using limits/non-existent namespace names).
258
+
The RV of the returned list is then stored and used to compare with the RV from
259
+
the GC cache for the given resource. The controller waits until the GC cache RV
260
+
is newer that the RV stored for the specific migration.
261
+
262
+
The controller then issues patch requests for each of the objects in the GC cache
263
+
for the given resource, that is only if the resource version of this object is not greater
264
+
than the resource version for the migration that was observed earlier. These patch
265
+
requests should contain minimum information:
266
+
- API version and kind
267
+
- resource name and namespace
268
+
- UID from the GC cache
269
+
- to make sure we don't accidentally create an empty instance if the resource was
270
+
deleted in the meantime
271
+
- resource version from the GC cache
272
+
- this would provoke conflict errors if the object was modified in the meantime,
273
+
meaning we no longer need to attempt the write because someone else already did that
274
+
- must also be set in case the object was removed to prevent "immutable field"
275
+
errors when setting UID as discussed above
261
276
262
277
### RBAC for SVM
263
278
- Storage Version Migrator Controller
@@ -269,11 +284,10 @@ When the Migrator controller is integrated in-tree, it will leverage the `Stream
269
284
rules:
270
285
- apiGroups: ["*"]
271
286
resources: ["*"]
272
-
verbs:
273
-
- get
274
-
- list
275
-
- watch
276
-
- update
287
+
verbs: ["patch", "get", "list", "watch"]
288
+
- apiGroups: ["storagemigration.k8s.io"]
289
+
resources: ["storageversionmigrations/status"]
290
+
verbs: ["update"]
277
291
278
292
apiVersion: rbac.authorization.k8s.io/v1
279
293
kind: ClusterRoleBinding
@@ -399,7 +413,7 @@ total:
399
413
The feature is enabled using the feature gate `StorageVersionMigrator`. During an upgrade, this gate must be set to true. During a downgrade, this gate must be set to false, and any remaining _StorageVersionMigration_ resources should be manually removed.
400
414
401
415
### VersionSkewStrategy
402
-
The feature will be enabled by the feature gate `StorageVersionMigrator` on both the _api-server_ and the _kube-controller-manager_. This gate must be set for both components during installation. Otherwise, since the kube-controller-manager is allowed to be one version lower than the api-server, it won't be able to process any StorageVersionMigration resources created by the API server.
416
+
The feature will be enabled by the feature gate `StorageVersionMigrator` on the _kube-controller-manager_.
403
417
404
418
## ProductionReadinessReviewQuestionnaire
405
419
@@ -542,7 +556,27 @@ NA
542
556
543
557
## Alternatives
544
558
545
-
NA
559
+
### StreamingList (considered, rejected)
560
+
The original Migrator controller used the _chunked List_ method to retrieve the
561
+
list of resources from the API server and subsequently performed storage migrations
562
+
as needed. However, chunked lists are [resource-intensive]((https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/3157-watch-list/README.md#motivation))
563
+
and can lead to a significant overload on the API server, potentially resulting in
564
+
it being terminated due to out-of-memory (OOM) issues. To address this concern, we
565
+
have proposed the adoption of an Alpha feature introduced in Kubernetes _v1.27_,
566
+
known as [`Streaming List`](https://kubernetes.io/docs/reference/using-api/api-concepts/#streaming-lists).
567
+
568
+
When the Migrator controller would get integrated in-tree, it would leverage the `Streaming List`
569
+
approach to obtain and monitor resources while executing storage version migrations,
570
+
as opposed to using the resource-intensive `chunked list` method. In cases where,
571
+
for any reason, the client cannot establish a streaming watch connection with the
572
+
API server, it will fall back to the standard `chunked list` method, retaining the
573
+
older LIST/WATCH semantics.
574
+
575
+
- _Open Questionfor this approach_:
576
+
- Does`Streaming List` support inconsistent lists? Currently, with chunked lists,
577
+
we receive inconsistent lists. We need to determine if we can achieve the same
578
+
with StreamingList. Depending on the outcome, we may consider removing the
579
+
[ContinueToken](https://github.com/kubernetes-sigs/kube-storage-version-migrator/blob/60dee538334c2366994c2323c0db5db8ab4d2838/pkg/apis/migration/v1alpha1/types.go#L63) from the API.
0 commit comments