Problem in sharing volume k8scc-transfer-pv

[conanoc]

k8scc-transfer-pv has access mode ReadWriteMany and shared by all peers and chaincode containers. It would make trouble when several peers execute chaincodes at the same time or they execute different chaincodes at the same time. Besides this issue, my k8s cluster does not support ReadWriteMany type PV.

Could it be replaced by temporary volumes? Chaincode container could use emptyDir for its volume and the launcher copy necessary data to the container when the container is available.

[djboris9]

Hi @conanoc

Despite the k8scc-transfer-pv is shared by all peers and chaincode containers, there is no concurrent access on the same files. When a chaincode should be run, the peer/k8scc creates a temporary directory on the k8scc-transfer-pv and copies the artifacts into it. The chaincode container will only get his individual temporary path readonly mounted, which ensures that it isn't modifying own or reading foreign chaincode data. When the chaincode ends, k8scc will remove the temporay path from the k8scc-transfer-pv.

We thought about extracting and injecting the files from/into the chaincode container. Mainly in order to simplify the garbage collection process and to remove this PVC dependency. But we didn't came to a reliable solution.

• Injecting: It would require an initContainer, that receives the data and as soon as the transfer is finished, it will finish so the chaincode container can start. Or we would need to implement a hack in the chaincode contaner to wait for the transfer before starting the chaincode
• Extracting: After the chaincode build, we would need to introduce a mechanism to wait for the transfer of files or starting a helper Pod afterwards to extract the data

Generally it would introduce a lot of complexity that could make the setup less reliable. We decided to go with a ReadWriteMany volume that is partitioned using directories in order to provide a concurrent access free solution.

If you got a better solution for this, we are open to discuss it. May I ask on what environment you are running it or what volume types and modes are available to you?

[conanoc]

Only ReadWriteOnce type volumes are available in my cluster and a persistent volume can be mounted by one container at a time.

I doubt if the build should run in a separate container. We could build the chaincode in the peer and it will eliminate extracting. Still, we need injecting. InitContainer may not be useful because it cannot do its job itself, so I'm for the second option. There are some examples related to injection here: https://github.com/IBM/blockchain-network-on-kubernetes/blob/master/configFiles/generateArtifactsJob.yaml#L24