You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-storage/3751-volume-attributes-class/README.md
+16-4Lines changed: 16 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -460,7 +460,7 @@ There are a few conditions that will trigger add/remove pvc finalizers in the Vo
460
460
The **vac_finalizer_controller**:
461
461
* Check VolumeAttributesClass is being deleted and PVC update failed
462
462
5. PVC has a VolumeAttributesClass and this PVC is deleted
463
-
* The **vac_finalizer_controller** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs/PVs and confirm that this PVC/PV is the last one that is consuming the VolumeAttributesClass in the vac_finalizer_controller cache
463
+
* The **vac_finalizer_controller** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs/PVs and confirm that this PVC/PV is the last one that is consuming the VolumeAttributesClass in the informer(a cache of VolumeAttributesClass) **only**
464
464
6. Delete a VolumeAttributesClass while there is **kubernetes.io/vac-protection** finalizer associated with this VolumeAttributesClass
465
465
* Deletion will not return an error but it will add a deletionTimestamp and wait for the finalizer being removed, then remove the VolumeAttributesClass
466
466
7. Delete a VolumeAttributesClass without any finalizers
@@ -474,11 +474,23 @@ For unbound PVs referencing a VAC:
474
474
* Check if this VolumeAttributesClass already has a protection finalizer
475
475
* Add the finalizer to the VolumeAttributesClass if there is none
476
476
2. PV has a VolumeAttributesClass and this PV is deleted
477
-
* The **vac_finalizer_controller** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs/PVs and confirm that this PVC/PV is the last one that is consuming the VolumeAttributesClass in the vac_finalizer_controller cache
477
+
* The **vac_finalizer_controller** will remove finalizer in the VolumeAttributesClass only if after listing all the PVCs/PVs and confirm that this PVC/PV is the last one that is consuming the VolumeAttributesClass in the informer(a cache of VolumeAttributesClass) **only**
478
478
479
-
Only the **vac_finalizer_controller** will remove finalizers on VolumeAttributesClass. If the **vac_finalizer_controller** fails at the step of removing finalizer even there is no PVC/PV using the VolumeAttributesClass anymore, the **vac_finalizer_controller** should retry the deletion as a separate go routine.
479
+
Only the **vac_finalizer_controller** will remove finalizers on VolumeAttributesClass. If the **vac_finalizer_controller** fails at the step of removing finalizer even there is no PVC/PV using the VolumeAttributesClass anymore, the **vac_finalizer_controller** should retry the deletion as a separate go routine.
480
480
481
-
Since finalizer is more of a best effort instead of accuracy to prevent users making mistakes, the cluster admin can still force add/delete finalizers to the VAC when needed.
481
+
The vac_finalizer_controller will use only informers and therefore it may remove the finalizer too early. One scenario is:
482
+
483
+
1. There is a VolumeAttributesClass that is not used by any PVC. This VolumeAttributesClass is synced to all informers (external-provisioner, external-resizer, KCM)
484
+
2. At the same time:
485
+
* User creates a PVC that uses this VolumeAttributesClass
486
+
* Another user deletes the VolumeAttributesClass
487
+
3. VolumeAttributesClass deletion event with DeletionTimestamp reaches vac_finalizer_controller. Because the PVC creation event has not yet reached KCM informers, the controller lets the VolumeAttributesClass to be deleted by removing the finalizer. PVC creation event reaches the external-provisioner, before VolumeAttributesClass update. The external-provisioner will try to provision a new volume using the VolumeAttributesClass that will get deleted soon.
488
+
* If the external-provisioner gets the VolumeAttributesClass before deletion in the informer, the provisioning will succeed
489
+
* Otherwise the external-prosivioner will fail the provisioning
490
+
491
+
Solving this scenario properly requires to Get/List requests to the API server, which will cause performance issue in larger cluster similar to the existing PVC protection controller - [related issue](https://github.com/kubernetes/kubernetes/issues/109282).
492
+
493
+
Since finalizer is more of a best effort instead of accuracy to prevent users making mistakes. The cluster admin can still force add/delete finalizers to the VAC when needed.
0 commit comments