Kubernetes ScaleIO Volume Update (3Q2017)

[vladimirvivien]

The updates for the SacleIO plubin listed below are targeted for a minor releases for 1.7.x which should start couple of weeks after 1.7 major release in July.

Volume Attribute Updates (targets ver 1.7 and 1.8, merged)

• [x] Enforce FSGroup ownership + test (7/11)
• [x] Support for ScaleIO multiple-instance map when a volume is mapped by PVC, Pod (driven by attribute ReadWriteMany) + test code (7/11)
• [x] Remove StorageClass default values for storagepool and protectionDomain(update doc accordingly)
• [x] Reject PVC with capacity of size 0
• [x] Make PV and PVC names match the name of the generated volume create during dynamic provisioning (7/17)
• [x] Push PR Volume Attribute Changes (7/17) - see PR https://github.com/kubernetes/kubernetes/pull/48999 (merged)
• [x] PR cherry-picked for 1.7 branch as well https://github.com/kubernetes/kubernetes/pull/49973 (merged)

Read sdc_guid_id from node labels (target 1.8 release)

See proposal - https://github.com/codedellemc/roadmap/issues/187

• [x] Use node labels to specify SDC GUID and avoid reliance on the drv_cfg binary (only use binary if node was not labeled) + test code (8/9)
• [x] if label not available, attempt to use drv_cfg (08/09)
• [x] Create PR for Instance ID discovery - PR https://github.com/kubernetes/kubernetes/pull/50780

Documentation Updates (target 1.8 Release)

• [x] Review doc for inconsistencies and uniformity with API changes
• [x] Document new requirement to provide storage pool, protection domain, and volume Size
• [x] Document node label scaleio.SdcGuid to specify ScaleIO node GUID
• [x] PR Created - https://github.com/kubernetes/examples/pull/91 (merged)

kubernetes.github.io website Documentation

• [x] Review and update doc
• [x] PR Created - https://github.com/kubernetes/kubernetes.github.io/pull/5269 (merged)

Add namespace reference for Secret objects (targets ver 1.8)

Add a new StorageClass parameter to specify the the namespace for secret allowing the ScaleIO StorageClass to reference Secret objects in any namespace.

• [x] New proposal - https://github.com/codedellemc/roadmap/issues/191
• [x] Add support for namespace reference for secret (see proposal)

NOTE This feature was abandoned because the RBAC features of Kubernetes provides better and managed safeguards for Kubernetes Secrets.

[cduchesne]

@vladimirvivien - a few quick notes.

1) We should ignore ReadWriteMany functionality as ScaleIO doesn't have the same characteristics as the other RWM-supporting storage drivers in Kubernetes. You can see the table here: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes. All the RWM-supporting drivers are shared filesystems (NFS-like).

2) There are some defaults we should probably remove from the driver (protection/pool names perhaps). We should also change the documentation that references things named "default"

3) There is a bug when using a StorageClass where our driver accepts a PVC with size 0 and simply fails trying to create a PV on the backend over and over again. We should potentially require size 8 as a minimum or default to 8 if less than 8?

[vladimirvivien]

@cduchesne thanks for the input. As we discussed, I will update the driver to turn on multi-instance by default and turn it off when PVC is set to RWO. I will schedule the other bugs to get fixed.

[vladimirvivien]

Opened PR - https://github.com/kubernetes/kubernetes/pull/48999 to tack volume attribute changes. That PR includes the changes indicated above.

[vladimirvivien]

Updated the roadmap above to break out tasks to indicate which will target k8s 1.7 (minor release) and 1.8 (major release).

[vladimirvivien]

Based on feedback from @cduchesne, consider adjusting default value for PVC.Spec.ReadOnly, when it is not provided in the StorageClass, based on PVC.Spec.AccessMode. If PVC.Spec.ReadOnly is not specified at all, then the following rule should be used to set ReadOnly

• If AccessMode = ReadOnlyMany => PVC.Spec.ReadOnly = true
• if AccessMode = ReadWriteOnce => PVC.Spec.ReadOnly = false

[vladimirvivien]

The changes titled Volume Attribute Updates were merged into branch 1.7 via a cherry-pick. This means that the fsGroup bug that was identified earlier will be fixed in 1.7 and 1.8 along with some other changes that were added to that PR.

[vladimirvivien]

Pausing the sdc_guid label feature for now. Please see notes above for reason.

[vladimirvivien]

The following was updated in the ScaleIO plugin code by another contributor to use an API provided method to call out external processes (which we use to call ScaleIO drv_cfg binary). Added here for completeness.

https://github.com/kubernetes/kubernetes/pull/51103

[vladimirvivien]

Please be aware of non-functional enhancements (see below) from the community to let ScaleIO volume plugin support running ScaleIO in containers.

PR with changes - https://github.com/kubernetes/kubernetes/pull/51103

[vladimirvivien]

Previously @cduchesne noticed that Dynamic provisioning was failing after I added the call to retrieve node labels from the volume API. After some research in code and talking to folks on Slack, I got a better understanding of the calling path and the API location that was calling the method VolumeHost.GetNodeLabels().

After some investigation I realized that the call path for initialization of Dynamic Provisioning (ask ScaleIO to create the volume) does not need the SDC GUID ID. So, by simply removing the call in the provisioner seems to have fixed this issue. Further tests are needed.

[vladimirvivien]

Opened PR https://github.com/kubernetes/kubernetes/pull/51722 for teardown fix

[vladimirvivien]

Created PR for documentation - https://github.com/kubernetes/examples/pull/91

[vladimirvivien]

Document PR merged - https://github.com/kubernetes/examples/pull/91