Proposal for taking mount option to GA #771
Conversation
Also add support for specifying mount options in storage classes.
k8s-ci-robot
added
the
cncf-cla: yes
|
/sig storage |
| and added as a field to PVs. | ||
|
|
||
| If admin has configured mount option for a storage type that does not support mount options, | ||
| then `mountOptions` parameter will be simply ignored for such volume types. Also, if configured |
There was a problem hiding this comment.
we have always returned a "provisioning failed" error when the storageclass has an invalid/unrecognized param
There was a problem hiding this comment.
That seems correct, updating the proposal to reflect this.
|
|
||
| ## Preventing users from specifying mount options in inline volume specs of Pod | ||
|
|
||
| While mount options enable more flexibility in how volumes are mounted, it can result | ||
| in user specifying options that are not supported or are known to be problematic when | ||
| using inline volume specs. | ||
|
|
||
| After much deliberation it was decided that - `mount-options` as an API parameter will not be supported | ||
| After much deliberation it was decided that - `mountOptions` as an API parameter will not be supported |
There was a problem hiding this comment.
will the volume source API structs used within a PV be cloned to add this new field?
There was a problem hiding this comment.
No, the mountOptions is not a field of volume source APIs. It is a field of PV itself as proposed above
|
Imagine I want to mount /tmp as an EmptyDir of medium: Memory. But in kubernetes I observe: The proposal mentions PersistentVolumes and StorageClasses but how could one pass proper options to the EmptyDir? |
|
err. it looks impossible atm https://github.com/kubernetes/kubernetes/blob/74f19437742abcff81510dc347f2cc70ec190e99/pkg/volume/empty_dir/empty_dir.go#L258 |
| provisioner: kubernetes.io/glusterfs | ||
| parameters: | ||
| type: gp2 | ||
| mountOptions: "auto_mount" |
There was a problem hiding this comment.
To continue on discussion from sig meeting today. @saad-ali I think having this in parameters frees us from having to perform validation of storageclass itself and such decision can be deferred to individual provisioner.
There was a problem hiding this comment.
I think mountOptions should be a first class field in the StorageClass because it is controlling a first class field in the PV object (not specific to a single volume plugin). As far as validation is concerned, for in-tree plugins you can call SupportsMountOption(...) on the provisioner. The tricky bit will be how to pass this through for out-of-tree volume provisioners, but that problem needs to be solved for reclaimPolicy (kubernetes/kubernetes#47987) as well.
There was a problem hiding this comment.
agree it should be 1st class for that reason.
I think the reason gnufied is hesitant to do create-time validation is we actually can't call SupportsMountOption due to, iirc, the cost of importing all the volume plugin code into the validation code. But that was resolved, even if it was a bit ugly..
It's true if we do create-time validation of storageClass.mountOptions for in-tree plugins there will be some asymmetry between in- & out-. But I don't think solving that is worth it. While admins deploying out-of-tree provisioners may appreciate the upfront warning that they've configured their storageClass with an unsupported mountOptions field, realistically they care more about mistakes in the parameters field which won't show up until run-time anyway... So I think they'll settle for run-time validation of storageClass.mountOptions.
Plus, this problem shouldn't exist for reclaimPolicy because every plugin already supports Retain, they can't opt-out of that like they can mount options.
There was a problem hiding this comment.
I am fine making it first class field on StorageClass. The minor catch is - we can't really do creation time validation of storageClass for verifying if it supports mount options without hardcoding name of volume plugins that will support it (like literally hardcoding plugin name strings).
But I think that is relatively minor issue, because in my quick survey all volume types that support dynamic provisioning also support mount options (i.e at plugin level in current master) and hence there is no practical benefit of validation the SC for mount options during creation. So, what we can do is:
- Make mountOption first class field for StorageClass.
- Don't do any validation of mount option when storageClass is created.
- Perform provisioning time
SupportsMountOptionvalidation and check if mount option is supported. This is really just a safety net. As I said above, all volume types that support dynamic provisioning also support mount options - so for most part this check will always be successful. Also, even if we didn't check during provisioning the PV creation will be anyways rejected if volume type doesn't support mount options.
There was a problem hiding this comment.
- Make mountOption first class field for StorageClass.
- Don't do any validation of mount option when storageClass is created.
- Perform provisioning time SupportsMountOption validation and check if mount option is supported. This is really just a safety net. As I said above, all volume types that support dynamic provisioning also support mount options - so for most part this check will always be successful. Also, even if we didn't check during provisioning the PV creation will be anyways rejected if volume type doesn't support mount options.
SGTM!
saad-ali
added
the
sig/storage
| ``` | ||
|
|
||
|
|
||
| Beta support for mount options introduced via `mount-options` annotation will be supported for near future |
There was a problem hiding this comment.
|
|
||
| ## Preventing users from specifying mount options in inline volume specs of Pod | ||
|
|
||
| While mount options enable more flexibility in how volumes are mounted, it can result | ||
| in user specifying options that are not supported or are known to be problematic when | ||
| using inline volume specs. | ||
|
|
||
| After much deliberation it was decided that - `mount-options` as an API parameter will not be supported | ||
| After much deliberation it was decided that - `mountOptions` as an API parameter will not be supported | ||
| for inline volume specs. |
There was a problem hiding this comment.
So, if I understand correctly, this won't be possible to specify on pod.spec.volumes, right? I mean, as in a pod, that you can specify a volume and fsType, like in the example here: https://kubernetes.io/docs/concepts/storage/volumes/#awselasticblockstore
Can you please elaborate on the much deliberation?
Don't get me wrong, I'm not saying I'm against it, I just want to understand a little more. It seems weird that you can have the fsType there but not mountOptions. But I understand that pvs and pvc are preferred now, also.
So, if you have some time, can I ask what was taken into account on this deliberation, the trade offs of different approaches considered, etc.? Something high level is fine. I understand it's a busy time on the release, so no worries if you can't :)
There was a problem hiding this comment.
I think bulk of discussion is here - #321 (review)
The tldr; of the discussion is - allowing normal users to specify mountOptions can enable users to compromise the host operating system itself. Users can disable selinux or can cause kernel panic which would crash the host operating system. That is why mount option should be carefully controlled.
| then a "provisioning failed" event will be added to PVC and PVC will stay in pending state. | ||
|
|
||
| Also, if configured mount option is invalid then corresponding mount time failure error will be added to pod object. | ||
|
|
||
|
|
||
| ## Preventing users from specifying mount options in inline volume specs of Pod | ||
|
|
||
| While mount options enable more flexibility in how volumes are mounted, it can result | ||
| in user specifying options that are not supported or are known to be problematic when | ||
| using inline volume specs. |
There was a problem hiding this comment.
When using inline volumes? What is more problematic about an in-line volume? Coordinate the fsType and the mount options? If that guess is on track, then it's more problematic for file-system dependent mount options (there are file-system independent options too) and when not specifyng in-line the fsType?
k8s-github-robot
added
the
size/M
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
Automatic merge from submit-queue |
Automatic merge from submit-queue (batch tested with PRs 50919, 51410, 50099, 51300, 50296) Take mount options to GA by adding PV.spec.mountOptions **What this PR does / why we need it**: Implements kubernetes/community#771 issue: kubernetes/enhancements#168 **Special notes for your reviewer**: TODO: - ~StorageClass mountOptions~ As described in proposal, this adds PV.spec.mountOptions + mountOptions parameter to every plugin that is both provisionable & supports mount options. (personally, even having done all the work already, i don't agree w/ the proposal that mountOptions should be SC parameter but... :)) **Release note**: ```release-note Add mount options field to PersistentVolume spec ```
Automatic merge from submit-queue Proposal for taking mount option to GA Also add support for specifying mount options in storage classes. cc @kubernetes/sig-storage-api-reviews @liggitt
Also add support for specifying mount options
in storage classes.
cc @kubernetes/sig-storage-api-reviews @liggitt