Update KEP-3751 VolumeAttributesClass Finazlier Management Design

Author: sunnylovestiramisu

keps/sig-storage/3751-volume-attributes-class/README.md

@@ -439,31 +439,28 @@ Operation metrics from [csiOperationsLatencyMetric](https://github.com/kubernete
 
 While a VolumeAttributesClass is referenced by any PVC, we will prevent the object from being deleted by adding a finalizer([reference](https://github.com/kubernetes/kubernetes/blob/master/plugin/pkg/admission/storage/storageobjectinuseprotection/admission.go)). 
 
-The VACObjectInUseProtection admission controller sets the finalizer on all VolumeAttributesClasses. VACProtectionController removes the finalizer when it's not referenced. This prevents users from deleting a VolumeAttributesClass that's used by a PVC.
+The **vac_finalizer_controller** sets/removes the finalizer on all VolumeAttributesClasses. This prevents users from deleting a VolumeAttributesClass that's used by a PVC. The vac_finalizer_controller will maintain a cache of a map of VolumeAttributesClass to the list of PVCs that are using the VolumeAttributesClass.
 
 There are a few conditions that will trigger add/remove pvc finalizers in the VolumeAttributesClass:
 
-
 1. PVC created with a VolumeAttributesClass
-
-    The **VACObjectInUseProtection admission controller**:
-    * Check if the VolumeAttributesClass exists. If not, the PVC will enter the INPROGRESS state because we do not want to impose ordering on object creation
+    The **vac_finalizer_controller**:
+    * If the VolumeAttributesClassName is nil or empty, the VolumeAttributesClass will not be added to the vac_finalizer_controller cache
+    * Check if the VolumeAttributesClass exists. If not, the VolumeAttributesClass will not be added to the vac_finalizer_controller cache
     * Check if this VolumeAttributesClass already has a protection finalizer
     * Add the finalizer to the VolumeAttributesClass if there is none 
 2. PVC created with a VolumeAttributesClass being deleted
-    The **VACObjectInUseProtection admission controller**:
+    The **vac_finalizer_controller**:
     * Check VolumeAttributesClass is being deleted and PVC creation failed
 3. PVC updated to a different VolumeAttributesClass
-    * The **VACProtectionController** will remove PVC finalizer in previous VolumeAttributesClass if after listing all the PVCs and confirmed that this PVC is the last one that is consuming the previous VolumeAttributesClass
-
-    The **VACObjectInUseProtection admission controller**:
+    * The **vac_finalizer_controller** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs/PVs and confirm that this PVC/PV is the last one that is consuming the VolumeAttributesClass in the vac_finalizer_controller cache
     * Check if the new VolumeAttributesClass already has a protection finalizer
     * Add the finalizer to the new VolumeAttributesClass if there is none 
 4. PVC updated to a different VolumeAttributesClass that is being deleted
-    The **VACObjectInUseProtection admission controller**:
+    The **vac_finalizer_controller**:
     * Check VolumeAttributesClass is being deleted and PVC update failed
 5. PVC has a VolumeAttributesClass and this PVC is deleted
-    * The **VACProtectionController** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs and confirm that this PVC is the last one that is consuming the VolumeAttributesClass
+    * The **vac_finalizer_controller** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs/PVs and confirm that this PVC/PV is the last one that is consuming the VolumeAttributesClass in the vac_finalizer_controller cache  
 6. Delete a VolumeAttributesClass while there is **kubernetes.io/vac-protection** finalizer associated with this VolumeAttributesClass
     * Deletion will not return an error but it will add a deletionTimestamp and wait for the finalizer being removed, then remove the VolumeAttributesClass
 7. Delete a VolumeAttributesClass without any finalizers
@@ -472,12 +469,16 @@ There are a few conditions that will trigger add/remove pvc finalizers in the Vo
 For unbound PVs referencing a VAC:
 
 1. Unbound PV created with a VolumeAttributesClass
-    The **VACObjectInUseProtection admission controller**:
-    * Check if the VolumeAttributesClass exists. If not, the PV will enter the INPROGRESS state because we do not want to impose ordering on object creation
+    The **vac_finalizer_controller**:
+    * If the VolumeAttributesClassName is nil or empty, the VolumeAttributesClass will not be added to the vac_finalizer_controller cache
     * Check if this VolumeAttributesClass already has a protection finalizer
     * Add the finalizer to the VolumeAttributesClass if there is none
 2. PV has a VolumeAttributesClass and this PV is deleted
-    * The **VACProtectionController** will remove finalizer in the VolumeAttributesClass only if after listing all the PVs and confirm that this PV is the last one that is consuming the VolumeAttributesClass
+    * The **vac_finalizer_controller** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs/PVs and confirm that this PVC/PV is the last one that is consuming the VolumeAttributesClass in the vac_finalizer_controller cache  
+
+Only the **vac_finalizer_controller** will remove finalizers on VolumeAttributesClass. If the **vac_finalizer_controller** fails at the step of removing finalizer even there is no PVC/PV using the VolumeAttributesClass anymore, the **vac_finalizer_controller** should retry the deletion as a separate go routine. 
+
+Since finalizer is more of a best effort instead of accuracy to prevent users making mistakes, the cluster admin can still force add/delete finalizers to the VAC when needed.
 
 #### Create VolumeAttributesClass