Skip to content

Commit 3261163

Browse files
committed
[Bucket API] add section on Object Lifecycle
1 parent 6fcb52b commit 3261163

File tree

1 file changed

+42
-0
lines changed
  • keps/sig-storage/1979-object-storage-support

1 file changed

+42
-0
lines changed

keps/sig-storage/1979-object-storage-support/README.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
- [Security](#security)
2727
- [User Story](#user-story)
2828
- [Bucket Provisioning with Service Account based Authn (for pods)](#bucket-provisioning-with-service-account-based-authn-for-pods)
29+
- [Object Lifecycle](#object-lifecycle)
2930
- [COSI API Reference](#cosi-api-reference)
3031
- [Bucket](#bucket)
3132
- [BucketRequest](#bucketrequest)
@@ -569,6 +570,47 @@ The above volume definition will prompt kubernetes to retrieve the secret and pl
569570

570571
Workloads are expected to read the definition in this file to access a bucket. The API of `bucket.json` follows the same versioning and lifecycle as the rest of the COSI APIs.
571572

573+
# Object Lifecycle
574+
575+
The following resources are created by an admin
576+
577+
- BucketClass
578+
- BucketAccessClass
579+
580+
The following resources are created by a user. They are created with a reference to their corresponding class objects:
581+
582+
- BucketRequest -> BucketClass
583+
- BucketAccessRequest -> BucketAccessClass, BucketRequest
584+
585+
Note that a BucketAccessRequest also must point to a BucketRequest.
586+
587+
The COSI controller responds by creating the following objects
588+
589+
- BucketRequest <-> Bucket (1:1)
590+
- BucketAccessRequest <-> BucketAccess (1:1)
591+
592+
In addition, the BucketAccess will point to the Bucket pointed to by the specified BucketRequest
593+
594+
- BucketAccess -> Bucket
595+
596+
Notes:
597+
598+
- The resulting BucketAccess will point to the same Bucket pointed to by the Bucket Request.
599+
- The BucketClass and BucketAccessClass objects are copied into Bucket and BucketAccess respectively.
600+
- There are **NO** cycles in the relationship graph of the above mentioned API objects.
601+
- Mutations are not supported in the API.
602+
603+
When a user deletes the BucketRequest, then depending on the DeletionPolicy, the following happens:
604+
605+
- If deletionPolicy is Delete, then Bucket deletion is also triggered.
606+
- If deletionPolicy is Retain, then Bucket is left as is, but the BucketRequest is deleted.
607+
608+
Only when all accessors (BucketAccess) of the Bucket are deleted, is the Bucket itself cleaned up. An orphaned Bucket can be "recovered" by manually creating a new BucketRequest object that points to the orphaned Bucket. This manual style of associating BucketRequests to Buckets will only succeed if the Bucket is not already bound to a different BucketRequest.
609+
610+
When a user deletes a BucketAccessRequest, the corresponding BucketAccess is also deleted. In addition, the secret pointed to by the BucketAccess is also deleted. If a pod has that secret mountedwhen delete is called, then the secret will not be deleted, but will instead have its deletionTimestamp set. In this way, access to a Bucket is preserved until the application pod dies.
611+
612+
When an admin deletes any of the Class objects, it does not affect existing Buckets and BucketAccesses as they store a copy of the fields in the corresponding class objects. If a Bucket or BucketAccess is manually deleted by an admin, then the cluster is considered to be in an invalid state. Manual recovery is possible if data is not already lost.
613+
572614
# COSI API Reference
573615

574616
## Bucket

0 commit comments

Comments
 (0)