[TEP-0135] Revert PVC creation

Part of [#6740] and unblocks [#6635]. `PVCs` are created if a user specifies `VolumeClaimTemplate` as the source of a `pipelinerun workspace`. Prior to this change, such `pvcs` are created via `affinity assistant statefulset` when `affinity assistant` is enabled (in both `workspaces` or `pipelineruns` coschedule mode). To delete such pvcs when the owning `pipelinerun` is completed, we must explicitly delete those pvcs in the reconciler since the owner of such pvcs is the `affinity assistant statefulset` instead of the `pipelinerun`. The problem of such deletion mechanism is that such `pvcs` are left in `terminating` state when the owning `pipelinerun` is `completed` but not `deleted`. This is because the pvcs are protected by `kubernetes.io/pvc-protection` `finalizer`, which does not allow the `pvcs` to be deleted until the `pipelinerun` consuming the `pvc` is deleted. Leaving pvcs in `terminating` state is confusing to cluster operators. Instead of changing the pvc deletion behavior in such backward incompatible way, it is better to make it configurable so that it is backward compatible, as prototyped in [#6635]. This commit reverts the pvc creation behavior `per-workspace` coschedule mode, which changes the owner of the `pvcs` back to the `pipelinerun` instead of the `affinity assistant statefulset`. After the commit, the pvcs created by specifying `VolumeClaimTemplate` are left in `bounded` state instead of `terminating`. This commit is the prerequisite of [#6635]. This commit does NOT reverts the pvc creation behavior `per-pipelinerun` coschedule mode as we will enforce the deletion of pvcs when the owning `pipelinerun` is completed. This is a better practice and there is no backward compatability concern since `per-pipelinerun` coschedule mode is a new feature. [#6740]: #6740 [#6635]: #6635
tektoncd · Jun 30, 2023 · 6340ce2 · 6340ce2
1 parent d2cb90d
commit 6340ce2
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 76 deletions.
diff --git a/pkg/reconciler/pipelinerun/affinity_assistant.go b/pkg/reconciler/pipelinerun/affinity_assistant.go
@@ -41,7 +41,7 @@ import (
 
 const (
  // ReasonCouldntCreateOrUpdateAffinityAssistantStatefulSetPerWorkspace indicates that a PipelineRun uses workspaces with PersistentVolumeClaim
- // as a volume source and expect an Assistant StatefulSet, but couldn't create a StatefulSet.
+ // as a volume source and expect an Assistant StatefulSet in AffinityAssistantPerWorkspace behavior, but couldn't create a StatefulSet.
  ReasonCouldntCreateOrUpdateAffinityAssistantStatefulSetPerWorkspace = "ReasonCouldntCreateOrUpdateAffinityAssistantStatefulSetPerWorkspace"
 
  featureFlagDisableAffinityAssistantKey = "disable-affinity-assistant"
@@ -88,7 +88,7 @@ func (c *Reconciler) createOrUpdateAffinityAssistantsPerAABehavior(ctx context.C
  }
  for claimTemplate, workspaceName := range claimTemplatesToWorkspace {
  aaName := getAffinityAssistantName(workspaceName, pr.Name)
- err := c.createOrUpdateAffinityAssistant(ctx, aaName, pr, []corev1.PersistentVolumeClaim{*claimTemplate}, nil, unschedulableNodes)
+ err := c.createOrUpdateAffinityAssistant(ctx, aaName, pr, nil, []corev1.PersistentVolumeClaimVolumeSource{{ClaimName: claimTemplate.Name}}, unschedulableNodes)
  errs = append(errs, err...)
  }
  case aa.AffinityAssistantPerPipelineRun, aa.AffinityAssistantPerPipelineRunWithIsolation:
@@ -179,14 +179,6 @@ func (c *Reconciler) cleanupAffinityAssistants(ctx context.Context, pr *v1.Pipel
  if err := c.KubeClientSet.AppsV1().StatefulSets(pr.Namespace).Delete(ctx, affinityAssistantStsName, metav1.DeleteOptions{}); err != nil && !apierrors.IsNotFound(err) {
  errs = append(errs, fmt.Errorf("failed to delete StatefulSet %s: %w", affinityAssistantStsName, err))
  }
-
- // cleanup PVCs created by Affinity Assistants
- if w.VolumeClaimTemplate != nil {
- pvcName := getPersistentVolumeClaimNameWithAffinityAssistant(w.Name, pr.Name, w, *kmeta.NewControllerRef(pr))
- if err := c.KubeClientSet.CoreV1().PersistentVolumeClaims(pr.Namespace).Delete(ctx, pvcName, metav1.DeleteOptions{}); err != nil && !apierrors.IsNotFound(err) {
- errs = append(errs, fmt.Errorf("failed to delete PersistentVolumeClaim %s: %w", pvcName, err))
- }
- }
  }
  }
  return errorutils.NewAggregate(errs)
@@ -195,6 +187,9 @@ func (c *Reconciler) cleanupAffinityAssistants(ctx context.Context, pr *v1.Pipel
 // getPersistentVolumeClaimNameWithAffinityAssistant returns the PersistentVolumeClaim name that is
 // created by the Affinity Assistant StatefulSet VolumeClaimTemplate when Affinity Assistant is enabled.
 // The PVCs created by StatefulSet VolumeClaimTemplates follow the format `<pvcName>-<affinityAssistantName>-0`
+// TODO(#6740)(WIP): use this function when adding end-to-end support for AffinityAssistantPerPipelineRun mode
+//
+//nolint:unused
 func getPersistentVolumeClaimNameWithAffinityAssistant(pipelineWorkspaceName, prName string, wb v1.WorkspaceBinding, owner metav1.OwnerReference) string {
  pvcName := volumeclaim.GetPVCNameWithoutAffinityAssistant(wb.VolumeClaimTemplate.Name, wb, owner)
  affinityAssistantName := getAffinityAssistantName(pipelineWorkspaceName, prName)

diff --git a/pkg/reconciler/pipelinerun/affinity_assistant_test.go b/pkg/reconciler/pipelinerun/affinity_assistant_test.go
@@ -41,7 +41,6 @@ import (
  fakek8s "k8s.io/client-go/kubernetes/fake"
  "k8s.io/client-go/kubernetes/typed/core/v1/fake"
  testing2 "k8s.io/client-go/testing"
- "knative.dev/pkg/kmeta"
  logtesting "knative.dev/pkg/logging/testing"
  "knative.dev/pkg/system"
  _ "knative.dev/pkg/system/testing" // Setup system.Namespace()
@@ -208,17 +207,31 @@ func TestCreateAndDeleteOfAffinityAssistantPerWorkspace(t *testing.T) {
  name: "VolumeClaimTemplate Workspace type",
  pr: testPRWithVolumeClaimTemplate,
  expectStatefulSetSpec: []*appsv1.StatefulSetSpec{{
- VolumeClaimTemplates: []corev1.PersistentVolumeClaim{{
- ObjectMeta: metav1.ObjectMeta{Name: "pvc-b9eea16dce"},
- }},
+ Template: corev1.PodTemplateSpec{
+ Spec: corev1.PodSpec{
+ Volumes: []corev1.Volume{{
+ Name: "workspace-0",
+ VolumeSource: corev1.VolumeSource{
+ PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ClaimName: "pvc-b9eea16dce"},
+ },
+ }},
+ },
+ },
  }},
  }, {
  name: "VolumeClaimTemplate and PersistentVolumeClaim Workspaces",
  pr: testPRWithVolumeClaimTemplateAndPVC,
  expectStatefulSetSpec: []*appsv1.StatefulSetSpec{{
- VolumeClaimTemplates: []corev1.PersistentVolumeClaim{{
- ObjectMeta: metav1.ObjectMeta{Name: "pvc-b9eea16dce"},
- }}}, {
+ Template: corev1.PodTemplateSpec{
+ Spec: corev1.PodSpec{
+ Volumes: []corev1.Volume{{
+ Name: "workspace-0",
+ VolumeSource: corev1.VolumeSource{
+ PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ClaimName: "pvc-b9eea16dce"},
+ },
+ }},
+ },
+ }}, {
  Template: corev1.PodTemplateSpec{
  Spec: corev1.PodSpec{
  Volumes: []corev1.Volume{{
@@ -642,17 +655,8 @@ func TestCleanupAffinityAssistants_Success(t *testing.T) {
  ReadyReplicas: 1,
  },
  }}
-
- expectedPVCName := getPersistentVolumeClaimNameWithAffinityAssistant(workspace.Name, pr.Name, workspace, *kmeta.NewControllerRef(pr))
- pvc := []*corev1.PersistentVolumeClaim{{
- ObjectMeta: metav1.ObjectMeta{
- Name: expectedPVCName,
- }},
- }
-
  data := Data{
  StatefulSets: aa,
- PVCs: pvc,
  }
  ctx, c, _ := seedTestData(data)
 
@@ -667,10 +671,6 @@ func TestCleanupAffinityAssistants_Success(t *testing.T) {
  if !apierrors.IsNotFound(err) {
  t.Errorf("expected a NotFound response of StatefulSet, got: %v", err)
  }
- _, err = c.KubeClientSet.CoreV1().PersistentVolumeClaims(pr.Namespace).Get(ctx, expectedPVCName, metav1.GetOptions{})
- if !apierrors.IsNotFound(err) {
- t.Errorf("expected a NotFound response of PersistentVolumeClaims, got: %v", err)
- }
 }
 
 func TestCleanupAffinityAssistants_Failure(t *testing.T) {
@@ -692,14 +692,9 @@ func TestCleanupAffinityAssistants_Failure(t *testing.T) {
  func(action testing2.Action) (handled bool, ret runtime.Object, err error) {
  return true, &corev1.NodeList{}, errors.New("error deleting statefulsets")
  })
- c.KubeClientSet.CoreV1().(*fake.FakeCoreV1).PrependReactor("delete", "persistentvolumeclaims",
- func(action testing2.Action) (handled bool, ret runtime.Object, err error) {
- return true, &corev1.Pod{}, errors.New("error deleting persistentvolumeclaims")
- })
 
  expectedErrs := errorutils.NewAggregate([]error{
  errors.New("failed to delete StatefulSet affinity-assistant-e3b0c44298: error deleting statefulsets"),
- errors.New("failed to delete PersistentVolumeClaim pvc-e3b0c44298-affinity-assistant-e3b0c44298-0: error deleting persistentvolumeclaims"),
  })
 
  errs := c.cleanupAffinityAssistants(ctx, pr)

diff --git a/pkg/reconciler/pipelinerun/pipelinerun.go b/pkg/reconciler/pipelinerun/pipelinerun.go
@@ -605,27 +605,35 @@ func (c *Reconciler) reconcile(ctx context.Context, pr *v1.PipelineRun, getPipel
  return controller.NewPermanentError(err)
  }
 
- // Make an attempt to create Affinity Assistant if it does not exist
- // if the Affinity Assistant already exists, handle the possibility of assigned node becoming unschedulable by deleting the pod
- if !c.isAffinityAssistantDisabled(ctx) {
- // create Affinity Assistant (StatefulSet) so that taskRun pods that share workspace PVC achieve Node Affinity
- // TODO(#6740)(WIP): We only support AffinityAssistantPerWorkspace at the point. Implement different AffinityAssitantBehaviors based on `coscheduling` feature flag when adding end-to-end support.
- if err = c.createOrUpdateAffinityAssistantsPerAABehavior(ctx, pr, affinityassistant.AffinityAssistantPerWorkspace); err != nil {
- logger.Errorf("Failed to create affinity assistant StatefulSet for PipelineRun %s: %v", pr.Name, err)
- pr.Status.MarkFailed(ReasonCouldntCreateOrUpdateAffinityAssistantStatefulSetPerWorkspace,
- "Failed to create StatefulSet for PipelineRun %s/%s correctly: %s",
- pr.Namespace, pr.Name, err)
- return controller.NewPermanentError(err)
+ aaBehavior, err := affinityassistant.GetAffinityAssistantBehavior(ctx)
+ if err != nil {
+ return controller.NewPermanentError(err)
+ }
+
+ switch aaBehavior {
+ case affinityassistant.AffinityAssistantPerWorkspace, affinityassistant.AffinityAssistantDisabled:
+ if pr.HasVolumeClaimTemplate() {
+ // create workspace PVC from template
+ if err = c.pvcHandler.CreatePVCsForWorkspacesWithoutAffinityAssistant(ctx, pr.Spec.Workspaces, *kmeta.NewControllerRef(pr), pr.Namespace); err != nil {
+ logger.Errorf("Failed to create PVC for PipelineRun %s: %v", pr.Name, err)
+ pr.Status.MarkFailed(volumeclaim.ReasonCouldntCreateWorkspacePVC,
+ "Failed to create PVC for PipelineRun %s/%s Workspaces correctly: %s",
+ pr.Namespace, pr.Name, err)
+ return controller.NewPermanentError(err)
+ }
  }
- } else if pr.HasVolumeClaimTemplate() {
- // create workspace PVC from template
- if err = c.pvcHandler.CreatePVCsForWorkspacesWithoutAffinityAssistant(ctx, pr.Spec.Workspaces, *kmeta.NewControllerRef(pr), pr.Namespace); err != nil {
- logger.Errorf("Failed to create PVC for PipelineRun %s: %v", pr.Name, err)
- pr.Status.MarkFailed(volumeclaim.ReasonCouldntCreateWorkspacePVC,
- "Failed to create PVC for PipelineRun %s/%s Workspaces correctly: %s",
- pr.Namespace, pr.Name, err)
- return controller.NewPermanentError(err)
+  if aaBehavior == affinityassistant.AffinityAssistantPerWorkspace {
+  if err = c.createOrUpdateAffinityAssistantsPerAABehavior(ctx, pr, affinityassistant.AffinityAssistantPerWorkspace); err != nil {
+  logger.Errorf("Failed to create affinity assistant StatefulSet for PipelineRun %s: %v", pr.Name, err)
+  pr.Status.MarkFailed(ReasonCouldntCreateOrUpdateAffinityAssistantStatefulSetPerWorkspace,
+  "Failed to create StatefulSet for PipelineRun %s/%s correctly: %s",
+  pr.Namespace, pr.Name, err)
+ return controller.NewPermanentError(err)
+ }
  }
+ case affinityassistant.AffinityAssistantPerPipelineRun, affinityassistant.AffinityAssistantPerPipelineRunWithIsolation:
+ // TODO(#6740)(WIP): implement end-to-end support for AffinityAssistantPerPipelineRun and AffinityAssistantPerPipelineRunWithIsolation modes
+ return controller.NewPermanentError(fmt.Errorf("affinity assistant behavior: %v is not implemented", aaBehavior))
  }
  }
 
@@ -1049,7 +1057,12 @@ func (c *Reconciler) getTaskrunWorkspaces(ctx context.Context, pr *v1.PipelineRu
  pipelinePVCWorkspaceName = pipelineWorkspace
  }
 
- workspace := c.taskWorkspaceByWorkspaceVolumeSource(ctx, pipelinePVCWorkspaceName, pr.Name, b, taskWorkspaceName, pipelineTaskSubPath, *kmeta.NewControllerRef(pr))
+ aaBehavior, err := affinityassistant.GetAffinityAssistantBehavior(ctx)
+ if err != nil {
+ return nil, "", err
+ }
+
+ workspace := c.taskWorkspaceByWorkspaceVolumeSource(ctx, pipelinePVCWorkspaceName, pr.Name, b, taskWorkspaceName, pipelineTaskSubPath, *kmeta.NewControllerRef(pr), aaBehavior)
  workspaces = append(workspaces, workspace)
  } else {
  workspaceIsOptional := false
@@ -1084,7 +1097,7 @@ func (c *Reconciler) getTaskrunWorkspaces(ctx context.Context, pr *v1.PipelineRu
 // taskWorkspaceByWorkspaceVolumeSource returns the WorkspaceBinding to be bound to each TaskRun in the Pipeline Task.
 // If the PipelineRun WorkspaceBinding is a volumeClaimTemplate, the returned WorkspaceBinding references a PersistentVolumeClaim created for the PipelineRun WorkspaceBinding based on the PipelineRun as OwnerReference.
 // Otherwise, the returned WorkspaceBinding references the same volume as the PipelineRun WorkspaceBinding, with the file path joined with pipelineTaskSubPath as the binding subpath.
-func (c *Reconciler) taskWorkspaceByWorkspaceVolumeSource(ctx context.Context, pipelineWorkspaceName string, prName string, wb v1.WorkspaceBinding, taskWorkspaceName string, pipelineTaskSubPath string, owner metav1.OwnerReference) v1.WorkspaceBinding {
+func (c *Reconciler) taskWorkspaceByWorkspaceVolumeSource(ctx context.Context, pipelineWorkspaceName string, prName string, wb v1.WorkspaceBinding, taskWorkspaceName string, pipelineTaskSubPath string, owner metav1.OwnerReference, aaBehavior affinityassistant.AffinityAssitantBehavior) v1.WorkspaceBinding {
  if wb.VolumeClaimTemplate == nil {
  binding := *wb.DeepCopy()
  binding.Name = taskWorkspaceName
@@ -1098,9 +1111,10 @@ func (c *Reconciler) taskWorkspaceByWorkspaceVolumeSource(ctx context.Context, p
  }
  binding.Name = taskWorkspaceName
 
- if !c.isAffinityAssistantDisabled(ctx) {
- binding.PersistentVolumeClaim.ClaimName = getPersistentVolumeClaimNameWithAffinityAssistant(pipelineWorkspaceName, prName, wb, owner)
- } else {
+ // TODO(#6740)(WIP): get binding for AffinityAssistantPerPipelineRun and AffinityAssistantPerPipelineRunWithIsolation mode
+ //nolint:exhaustive
+ switch aaBehavior {
+ case affinityassistant.AffinityAssistantDisabled, affinityassistant.AffinityAssistantPerWorkspace:
  binding.PersistentVolumeClaim.ClaimName = volumeclaim.GetPVCNameWithoutAffinityAssistant(wb.VolumeClaimTemplate.Name, wb, owner)
  }
 

diff --git a/pkg/reconciler/pipelinerun/pipelinerun_test.go b/pkg/reconciler/pipelinerun/pipelinerun_test.go
@@ -40,6 +40,7 @@ import (
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1alpha1"
  "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1"
  resolutionv1beta1 "github.com/tektoncd/pipeline/pkg/apis/resolution/v1beta1"
+ "github.com/tektoncd/pipeline/pkg/internal/affinityassistant"
  resolutionutil "github.com/tektoncd/pipeline/pkg/internal/resolution"
  "github.com/tektoncd/pipeline/pkg/reconciler/events/cloudevent"
  "github.com/tektoncd/pipeline/pkg/reconciler/events/k8sevent"
@@ -7673,7 +7674,7 @@ func Test_taskWorkspaceByWorkspaceVolumeSource(t *testing.T) {
  name, taskWorkspaceName, pipelineWorkspaceName, prName string
  wb v1.WorkspaceBinding
  expectedBinding v1.WorkspaceBinding
- disableAffinityAssistant bool
+ aaBehavior  affinityassistant.AffinityAssitantBehavior
  }{
  {
  name: "PVC Workspace with Affinity Assistant",
@@ -7687,9 +7688,10 @@ func Test_taskWorkspaceByWorkspaceVolumeSource(t *testing.T) {
  expectedBinding: v1.WorkspaceBinding{
  Name: "task-workspace",
  PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{
- ClaimName: "pvc-2c26b46b68-affinity-assistant-e011a5ef79-0",
+ ClaimName: "pvc-2c26b46b68",
  },
  },
+ aaBehavior: affinityassistant.AffinityAssistantPerWorkspace,
  },
  {
  name: "PVC Workspace without Affinity Assistant",
@@ -7705,7 +7707,7 @@ func Test_taskWorkspaceByWorkspaceVolumeSource(t *testing.T) {
  ClaimName: "pvc-2c26b46b68",
  },
  },
- disableAffinityAssistant: true,
+ aaBehavior: affinityassistant.AffinityAssistantDisabled,
  },
  {
  name: "non-PVC Workspace",
@@ -7718,27 +7720,15 @@ func Test_taskWorkspaceByWorkspaceVolumeSource(t *testing.T) {
  Name: "task-workspace",
  EmptyDir: &corev1.EmptyDirVolumeSource{},
  },
+ aaBehavior: affinityassistant.AffinityAssistantPerWorkspace,
  },
  }
 
  for _, tc := range tests {
  t.Run(tc.name, func(t *testing.T) {
  c := Reconciler{}
  ctx := context.Background()
- if tc.disableAffinityAssistant {
- featureFlags, err := config.NewFeatureFlagsFromMap(map[string]string{
- "disable-affinity-assistant": "true",
- })
- if err != nil {
- t.Fatalf("error creating feature flag disable-affinity-assistant from map: %v", err)
- }
- cfg := &config.Config{
- FeatureFlags: featureFlags,
- }
- ctx = config.ToContext(context.Background(), cfg)
- }
-
- binding := c.taskWorkspaceByWorkspaceVolumeSource(ctx, tc.pipelineWorkspaceName, tc.prName, tc.wb, tc.taskWorkspaceName, "", *kmeta.NewControllerRef(testPr))
+ binding := c.taskWorkspaceByWorkspaceVolumeSource(ctx, tc.pipelineWorkspaceName, tc.prName, tc.wb, tc.taskWorkspaceName, "", *kmeta.NewControllerRef(testPr), tc.aaBehavior)
  if d := cmp.Diff(tc.expectedBinding, binding); d != "" {
  t.Errorf("WorkspaceBinding diff: %s", diff.PrintWantGot(d))
  }