You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-storage/2589-csi-migration-portworx/README.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -269,6 +269,16 @@ No
269
269
The CSI operations like mounting a volume will fail.
270
270
271
271
###### What are other known failure modes?
272
+
- Volume mount failing for in-tree PVs when Portworx security feature is enabled.
273
+
- Detection: The pods using in-tree PVs will not be in running state, and the error would mention that the authorization token is missing.
274
+
- Mitigations: Customers will have to add certain annotations to in-tree PVs mentioning the CSI secret name/namespace which the kubelet or CSI sidecar containers can use(using `csi-translation-lib`) to pass secret contents to Portworx CSI driver for operations on in-tree PVs.
275
+
Please note that adding these annotations for such PVs will be automatically done by Portworx platform upon upgrade, and it will also be documented in the Portworx documentation.
276
+
- Diagnostics: The pod using the in-tree PV will not be in running state, and the error would mention that the authorization token is missing.
277
+
- Testing: Manual testing has been done with in-tree Portworx volumes migrating to CSI.
278
+
279
+
###### What steps should be taken if SLOs are not being met to determine the problem?
280
+
281
+
We need to check kubelet logs to determine any failures in Kubernetes while mounting volumes. Additionally, we can also check Portworx logs if there is any error originating from Portworx side.
0 commit comments