Skip to content

Commit

Permalink
feat(attach): avoid creation of volumeattachment object
Browse files Browse the repository at this point in the history
k8s is very slow in attaching the volumes when dealing with the
large number of volume attachment object.

(k8s issue kubernetes/kubernetes#84169)

The volumeattachment is not required for ZFSPV, so avoid creation
of attachment object, also removed the csi-attacher container as
this is also not needed as it acts on volumeattachment object.

k8s is very slow in attaching the volumes when dealing with the
large number of volume attachment object :

k8s issue kubernetes/kubernetes#84169).

Volumeattachment is a CR created just to tell the watcher of it
which is csi-attacher, that it has to call the Controller Publish/Unpublish grpc.
Which does all the tasks to attach the volumes to a node for example call to the
DigitalOcean Block Storage API service to attach a created volume to a specified node.
Since for ZFSPV, volume is already present locally, nothing needs to done in Controller
Publish/Unpublish, so it is good to remove them.

so avoiding creation of attachment object in this change, also removed the csi-attacher
container as this is also not needed as it acts on volumeattachment object.

Removed csi-cluster-driver-registrar container also as it is deprecated and not needed anymore.

We are using csidriver beta CRDs so minimum k8s version required is 1.14+.

Signed-off-by: Pawan <pawan@mayadata.io>
  • Loading branch information
pawanpraka1 committed Apr 22, 2020
1 parent 280949c commit 33a7ac8
Show file tree
Hide file tree
Showing 5 changed files with 113 additions and 211 deletions.
106 changes: 16 additions & 90 deletions deploy/yamls/zfs-driver.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@

---

# Create the CSI Driver object
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: zfs.csi.openebs.io
spec:
# do not require volumeattachment
attachRequired: false
podInfoOnMount: false
volumeLifecycleModes:
- Persistent
---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
Expand Down Expand Up @@ -463,6 +476,9 @@ rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["*"]
resources: ["zfsvolumes", "zfssnapshots"]
verbs: ["*"]
Expand Down Expand Up @@ -561,31 +577,6 @@ spec:
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-attacher
image: quay.io/k8scsi/csi-attacher:v2.0.0
imagePullPolicy: IfNotPresent
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-cluster-driver-registrar
image: quay.io/k8scsi/csi-cluster-driver-registrar:v1.0.1
args:
- "--v=5"
- "--driver-requires-attachment=false"
- "--csi-address=$(ADDRESS)"
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: openebs-zfs-plugin
image: quay.io/openebs/zfs-driver:ci
imagePullPolicy: IfNotPresent
Expand All @@ -611,45 +602,6 @@ spec:
emptyDir: {}
---

############################## CSI- Attacher #######################
# Attacher must be able to work with PVs, nodes and VolumeAttachments

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-attacher-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments", "csinodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-attacher-binding
subjects:
- kind: ServiceAccount
name: openebs-zfs-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: openebs-zfs-attacher-role
apiGroup: rbac.authorization.k8s.io

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
Expand Down Expand Up @@ -705,32 +657,6 @@ roleRef:

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-cluster-driver-registrar-role
rules:
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csidrivers"]
verbs: ["create", "delete"]

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-cluster-driver-registrar-binding
subjects:
- kind: ServiceAccount
name: openebs-zfs-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: openebs-zfs-cluster-driver-registrar-role
apiGroup: rbac.authorization.k8s.io

---

########################################
########### ############
########### Node plugin ############
Expand Down
106 changes: 16 additions & 90 deletions deploy/zfs-operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -458,6 +458,19 @@ status:

---

# Create the CSI Driver object
apiVersion: storage.k8s.io/v1beta1
kind: CSIDriver
metadata:
name: zfs.csi.openebs.io
spec:
# do not require volumeattachment
attachRequired: false
podInfoOnMount: false
volumeLifecycleModes:
- Persistent
---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
Expand Down Expand Up @@ -920,6 +933,9 @@ rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["*"]
resources: ["zfsvolumes", "zfssnapshots"]
verbs: ["*"]
Expand Down Expand Up @@ -1018,31 +1034,6 @@ spec:
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-attacher
image: quay.io/k8scsi/csi-attacher:v2.0.0
imagePullPolicy: IfNotPresent
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-cluster-driver-registrar
image: quay.io/k8scsi/csi-cluster-driver-registrar:v1.0.1
args:
- "--v=5"
- "--driver-requires-attachment=false"
- "--csi-address=$(ADDRESS)"
env:
- name: ADDRESS
value: /var/lib/csi/sockets/pluginproxy/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: openebs-zfs-plugin
image: quay.io/openebs/zfs-driver:ci
imagePullPolicy: IfNotPresent
Expand All @@ -1068,45 +1059,6 @@ spec:
emptyDir: {}
---

############################## CSI- Attacher #######################
# Attacher must be able to work with PVs, nodes and VolumeAttachments

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-attacher-role
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments", "csinodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-attacher-binding
subjects:
- kind: ServiceAccount
name: openebs-zfs-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: openebs-zfs-attacher-role
apiGroup: rbac.authorization.k8s.io

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
Expand Down Expand Up @@ -1162,32 +1114,6 @@ roleRef:

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-cluster-driver-registrar-role
rules:
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csidrivers"]
verbs: ["create", "delete"]

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: openebs-zfs-cluster-driver-registrar-binding
subjects:
- kind: ServiceAccount
name: openebs-zfs-controller-sa
namespace: kube-system
roleRef:
kind: ClusterRole
name: openebs-zfs-cluster-driver-registrar-role
apiGroup: rbac.authorization.k8s.io

---

########################################
########### ############
########### Node plugin ############
Expand Down
13 changes: 10 additions & 3 deletions upgrade/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
From zfs-driver:v0.6 version ZFS-LocalPV related CRs are now grouped together in its own group called `zfs.openebs.io`. Here steps are mentioned for how to upgrade for refactoring the CRDs.
From zfs-driver:v0.6 version ZFS-LocalPV related CRs are now grouped together in its own group called `zfs.openebs.io`. Here steps are mentioned for how to upgrade for refactoring the CRDs. Please do not provision/deprovision any volume during the upgrade.

steps to upgrade:-

Expand All @@ -21,7 +21,9 @@ zfsvolume.zfs.openebs.io/pvc-82368c44-eee8-47ee-85a6-633a8023faa8 created
zfssnapshot.zfs.openebs.io/snapshot-dc61a056-f495-482b-8e6e-e7ddc4c13f47 created
zfssnapshot.zfs.openebs.io/snapshot-f9db91ea-529e-4dac-b2b8-ead045c612da created
```
`
Please note that if you have modified the OPENEBS_NAMESPACE env in the driver's deployment to other namespace. Then you have to pass the namespace as an argument to the upgrade.sh script `sh upgrade/upgrash.sh [namespace]`.


3. upgrade the driver to v0.6

```
Expand Down Expand Up @@ -55,4 +57,9 @@ zfssnapshot.openebs.io/snapshot-f9db91ea-529e-4dac-b2b8-ead045c612da configured
zfssnapshot.openebs.io "snapshot-dc61a056-f495-482b-8e6e-e7ddc4c13f47" deleted
zfssnapshot.openebs.io "snapshot-f9db91ea-529e-4dac-b2b8-ead045c612da" deleted
customresourcedefinition.apiextensions.k8s.io "zfssnapshots.openebs.io" deleted
```
```

Please note that if you have modified the OPENEBS_NAMESPACE env in the driver's deployment to other namespace. Then you have to pass the namespace as an argument to the cleanup.sh script `sh upgrade/cleanup.sh [namespace]`.

5. restart kube-controller [optional]
kube-controller-manager might be using stale volumeattachment resources, it might get flooded with the error logs. Restarting kube-controller will fix it.
54 changes: 40 additions & 14 deletions upgrade/cleanup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,53 @@

set -e

kubectl get zfsvolumes.openebs.io -n openebs -oyaml > volumes.yaml
if [ -z $1 ]; then
# default namespace is openebs when all the custom resources are created
ZFSPV_NAMESPACE="openebs"
else
ZFSPV_NAMESPACE=$1
fi

# remove the finalizer from the old CR
sed -i "/zfs.openebs.io\/finalizer/d" volumes.yaml
kubectl apply -f volumes.yaml
echo "Fetching ZFS Volumes"
numVol=`kubectl get zfsvolumes.openebs.io -n $ZFSPV_NAMESPACE | wc -l`

# delete the old CR
kubectl delete -f volumes.yaml
if [ $numVol -gt 1 ]; then # numVol includes header also, so it should be greater than 1
echo "Cleaning the ZFS Volumes(`expr $numVol - 1`)"
kubectl get zfsvolumes.openebs.io -n $ZFSPV_NAMESPACE -oyaml > volumes.yaml

# delete the CRD definition
# remove the finalizer from the old CR
sed -i "/zfs.openebs.io\/finalizer/d" volumes.yaml
kubectl apply -f volumes.yaml

# delete the old CR
kubectl delete -f volumes.yaml
fi

# delete the ZFSVolume CRD definition
kubectl delete crd zfsvolumes.openebs.io

numAttach=`kubectl get volumeattachment | grep zfs.csi.openebs.io | wc -l`

if [ $numAttach -gt 0 ]; then
echo "Cleaning the volumeattachment(`expr $numAttach - 1`)"
# delete the volumeattachment object
kubectl delete volumeattachment --all
fi

echo "Fetching ZFS Snapshots"
numSnap=`kubectl get zfssnapshots.openebs.io -n $ZFSPV_NAMESPACE | wc -l`

kubectl get zfssnapshots.openebs.io -n openebs -oyaml > snapshots.yaml
if [ $numSnap -gt 1 ]; then # numSnap includes header also, so it should be greater than 1
echo "Cleaning the ZFS Snapshot(`expr $numSnap - 1`)"
kubectl get zfssnapshots.openebs.io -n $ZFSPV_NAMESPACE -oyaml > snapshots.yaml

# remove the finalizer from the old CR
sed -i "/zfs.openebs.io\/finalizer/d" snapshots.yaml
kubectl apply -f snapshots.yaml
# remove the finalizer from the old CR
sed -i "/zfs.openebs.io\/finalizer/d" snapshots.yaml
kubectl apply -f snapshots.yaml

# delete the old CR
kubectl delete -f snapshots.yaml
# delete the old CR
kubectl delete -f snapshots.yaml
fi

# delete the CRD definition
# delete the ZFSSnapshot CRD definition
kubectl delete crd zfssnapshots.openebs.io
Loading

0 comments on commit 33a7ac8

Please sign in to comment.