-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: UML diagram for volume creation and deletion #532
Conversation
While this information is available in various design documents, users of the external-provisioner benefit from getting a summary directly in the documentation of external-provisioner. This is a good opportunity to call our expected behavior of the CSI driver.
/cc |
@@ -103,6 +103,34 @@ See the [storage capacity section](#capacity-support) below for details. | |||
|
|||
* All glog / klog arguments are supported, such as `-v <log level>` or `-alsologtostderr`. | |||
|
|||
### Design |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really useful for developers of external-provisioner/pv controller, but I like to keep the README focused on users. Can we move this to a docs/ subpage and reference it from the readme?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay.
Sure, that sounds good. There isn't actually a finalizer to protect the PV object from being deleted while the disk still exists. |
No, the current sequential flow is correct. First the PV controller sets I checked by deleting the PVC while the CSI driver was down: the PVC continues to have the finalizer until the CSI driver comes back up and deletes the PVC. What's the rationale for not removing the finalizer as soon as the PVC is gone and the phase is |
This is not my understanding of how the pv protection controller works. It only waits for PV to be in released state: And PV controller sets PV to released state before doing the delete operation: |
The code block which removes the finalizer is only called when That's consistent with my observation that the finalizer is kept in place until someone deletes the PV or rather, because of the finalizer, sets the deletion time stamp. That logic is three years old, from kubernetes/kubernetes#58743 (search for |
Ah ok thanks for pointing that out, that explains it. I think it is preferable to wait for the volume to actually be deleted, that prevents the volume from leaking unless the user went in and deleted the PV object themselves. |
The same can be achieved when removing the finalizer after setting A finalizer that automatically gets removed when the object gets deleted still makes no sense to me. |
If the finalizer gets removed before external-provisioner deletes the PV, then a user could delete the PV object before external-provisioner gets to it, causing the volume to leak. |
Hmm that kind of makes the purpose of the finalizer a little moot then. But that's a separate discussion :-) |
/approve Just one last nit from me to move the design section out of the top level README |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: msau42, pohly The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
It is not entirely clear why the PV controller keeps the finalizer set until after the PV is deleted (kubernetes-csi#532 (comment)). Instead of saying "determines that PV has no volume" it's better to keep this a bit more open-ended.
The top-level README.md is more focused on end-users and those probably don't need an in-depth understanding of each step.
@msau42 I've created a separate doc/design.md and also changed the wording of the last step in the diagram:
That's more accurate because the PV controller doesn't really check whether the volume still exists. |
Sorry I accidentally modified your comment instead of replying to it. I tried to restore it back to the original.. Anyway, to be most accurate, should we say it's the storage protection controller that removes the finalizer? |
I'm talking about |
I agree, the last step is "PV protection controller checks the volume one last time and removes the pv protection finalizer". I used the term "PV controller" already earlier, without double-checking in the source code which part that really is. Did I get those steps right? I'm not sure anymore. Probably it would be good to define each term and link it to the source code. |
This doesn't need to go into the next release. We can enhance it after New Years. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
/remove-lifecycle stale |
sorry, I missed this. IMO it seems to be accurate and most @msau42's comments were addressed. |
What type of PR is this?
/kind documentation
What this PR does / why we need it:
While this information is available in various design documents, users
of the external-provisioner benefit from getting a summary directly in
the documentation of external-provisioner. This is a good opportunity
to call our expected behavior of the CSI driver.
Special notes for your reviewer:
Does this PR introduce a user-facing change?: