SPBM policy integration for dynamic volume provisioning inside kubernetes #142
Conversation
| @@ -101,39 +110,50 @@ func (util *VsphereDiskUtil) CreateVolume(v *vsphereVolumeProvisioner) (vmDiskPa | |||
| case datastore: | |||
| volumeOptions.Datastore = value | |||
| case Fstype: | |||
| fstype = value | |||
| fstype := value | |||
There was a problem hiding this comment.
remove :=. Change this to
fstype = value
There was a problem hiding this comment.
Good observation. I will fix it in next commit.
| deviceConfigSpec.Profile = append(deviceConfigSpec.Profile, profileSpec) | ||
| } | ||
| virtualMachineConfigSpec.DeviceChange = append(virtualMachineConfigSpec.DeviceChange, deviceConfigSpec) | ||
| task, err := vm.Reconfigure(ctx, virtualMachineConfigSpec) |
There was a problem hiding this comment.
Do we want add check for nil task to avoid NPE? we have observed nil task when user does not have read permission.
BaluDontu
force-pushed
the
SPBMPolicySupportVsphere
branch
from
af26171
to
6d41087
Compare
| @@ -1266,19 +1282,43 @@ func (vs *VSphere) CreateVolume(volumeOptions *VolumeOptions) (volumePath string | |||
| dc, err := f.Datacenter(ctx, vs.cfg.Global.Datacenter) | |||
| f.SetDatacenter(dc) | |||
|
|
|||
| if volumeOptions.StoragePolicyName != "" { | |||
There was a problem hiding this comment.
Shouldn't you fail early if storagePolicyName and VSANStorageProfileData are set? If we are already doing it, can you point to the code where we fail early?
There was a problem hiding this comment.
You can see that code in vspherE_volume_util.go file - 6d41087#diff-482fa05b285b59ab0bc70641f984ce98R131
|
|
||
| if volumeOptions.Datastore != "" { | ||
| if !IsUserSpecifiedDatastoreCompatible(dsRefs, volumeOptions.Datastore) { | ||
| return "", fmt.Errorf("User specified datastore: %q is not compatible with the StoragePolicy: %q requirements", volumeOptions.Datastore, volumeOptions.StoragePolicyName) |
There was a problem hiding this comment.
Don't we want to say why it is not compatible? SPBM gives reasons why a particular datastore is incompatible.
There was a problem hiding this comment.
Yes, I have made sure it shows messages why a datastore is incompatible.
There was a problem hiding this comment.
Can you paste an example of what message the k8s user would see? SPBM does return CompatibilityResult.error that says what are the expected capabilities and what the storage can offer (actual capability). Do we show this to k8s user?
| compatibleHubs := res.CompatibleDatastores() | ||
| // Return an error if there are no compatible datastores. | ||
| if len(compatibleHubs) < 1 { | ||
| return nil, fmt.Errorf("There are no compatible datastores: %+v that satisfy the storage policy: %+q requirements", datastores, storagePolicyID) |
There was a problem hiding this comment.
Returning 0 compatible datastores with nil error is a perfectly fine behavior for this method. The caller can decide if it was expecting 0 or 1 or 2 or more etc. Based on the caller's requirements, it can treat it as error or perfectly fine condition.
There was a problem hiding this comment.
Makes sense. Moved it to the original caller function.
| } | ||
|
|
||
| // Get the datastore morefs. | ||
| func (vs *VSphere) getDatastoreMorefs(ctx context.Context, dsRefs []types.ManagedObjectReference) ([]mo.Datastore, error) { |
There was a problem hiding this comment.
Rename this method to getDatastoreMo since you are returning the Datastore manaject objects here and not really a managed object references. You may want to consider renaming the local variables in this method for the same reasons.
| } | ||
|
|
||
| // Verify if the user specified datastore is in the list of compatible datastores. | ||
| func IsUserSpecifiedDatastoreCompatible(dsRefs []mo.Datastore, dsName string) bool { |
There was a problem hiding this comment.
Rename the function according to the implemented logic. This method seems to be just checking if the given dsName is in the given Datastore managed object array. The method has nothing to do with compatibility or incompatibility checks.
There was a problem hiding this comment.
Restructured the code slightly here to make sure IsUserSpecifiedDatastoreCompatible() does what it needs to do.
| } | ||
|
|
||
| // Get the best fit compatible datastore by free space. | ||
| func GetBestFitCompatibleDatastore(dsRefs []mo.Datastore) string { |
There was a problem hiding this comment.
Rename to GetMostFreeDatastore and return the Datastore managed object. Also I think we should not use Refs here as these are not managed object references, instead they are managed objects. I see this misnaming used a lot in your change.
There was a problem hiding this comment.
I have renamed it all places.
| return nil, err | ||
| } | ||
|
|
||
| // The K8s cluster might be deployed inside a cluster or a host. |
There was a problem hiding this comment.
I guess we cannot assume this. The k8s cluster could be created in a child resource pool that may be within one or many resource pool/child resource pools.
There was a problem hiding this comment.
Removed this logic altogether.
| } | ||
|
|
||
| // Get all datastores accessible inside the current Kubernetes cluster. | ||
| func (vs *VSphere) getAllAccessibleDatastoresForK8sCluster(ctx context.Context, resourcePool *object.ResourcePool) ([]types.ManagedObjectReference, error) { |
There was a problem hiding this comment.
You are assuming that all the datastores within the cluster are accessible to all k8s nodes. This may not be true! You will also have to check if the ESX hosts running the k8s nodes have access to the datastores.
There was a problem hiding this comment.
Yes. You are correct! I have retrieved datastores from the esx host.
| @@ -374,7 +376,47 @@ | |||
| pvpod 1/1 Running 0 48m | |||
| ``` | |||
|
|
|||
| ### Virtual SAN policy support inside Kubernetes | |||
| ### Storage Policy Management inside kubernetes | |||
| #### Using existing vCenter SPBM policy | |||
There was a problem hiding this comment.
As we discussed there are some known issues with the user specifying the policy name instead of policy ID, and I think we should document this so that the VI admin/k8s admin/k8s user knows about it and how to deal with it. I'm just listing down our discussion points
*** Admin updating the policy name in vCenter could cause confusions/inconsistencies ***
This happens when VI admin changes the policy name without the knowledge of k8s users or letting the k8s users know about it. The k8s users will not be able to create volume with storage class that uses old policy name. k8s user and VI admin has to resolve such issues by finding out the latest policy name and updating the existing storage classes with latest policy name.
*** Two or more PVs could show different policy names but with the same policy ID ***
The k8s user can see the policy name and policy ID while describing PVs. If a storage policy name in vCenter is updated, then this is not reflected in the policy names shown for the existing PVs (the policy ID will be shown correctly). The k8s user has to update the storage class to use the latest policy name, and any PVs created after this point will show the correct policy name and policy ID. However, if the old PVs and new PVs are described, the old PVs will continue to show the old policy name which could cause confusions.
There was a problem hiding this comment.
True. This would not be the right place to describe these known issues. When we announce a release with this feature that's when we would have this information written up.
There was a problem hiding this comment.
So, how are you tracking that these known issues are not lost?
| @@ -374,7 +376,47 @@ | |||
| pvpod 1/1 Running 0 48m | |||
| ``` | |||
|
|
|||
| ### Virtual SAN policy support inside Kubernetes | |||
| ### Storage Policy Management inside kubernetes | |||
| #### Using existing vCenter SPBM policy | |||
There was a problem hiding this comment.
True. This would not be the right place to describe these known issues. When we announce a release with this feature that's when we would have this information written up.
| @@ -1266,19 +1282,43 @@ func (vs *VSphere) CreateVolume(volumeOptions *VolumeOptions) (volumePath string | |||
| dc, err := f.Datacenter(ctx, vs.cfg.Global.Datacenter) | |||
| f.SetDatacenter(dc) | |||
|
|
|||
| if volumeOptions.StoragePolicyName != "" { | |||
There was a problem hiding this comment.
You can see that code in vspherE_volume_util.go file - 6d41087#diff-482fa05b285b59ab0bc70641f984ce98R131
| compatibleHubs := res.CompatibleDatastores() | ||
| // Return an error if there are no compatible datastores. | ||
| if len(compatibleHubs) < 1 { | ||
| return nil, fmt.Errorf("There are no compatible datastores: %+v that satisfy the storage policy: %+q requirements", datastores, storagePolicyID) |
There was a problem hiding this comment.
Makes sense. Moved it to the original caller function.
| } | ||
|
|
||
| // Get the best fit compatible datastore by free space. | ||
| func GetBestFitCompatibleDatastore(dsRefs []mo.Datastore) string { |
There was a problem hiding this comment.
I have renamed it all places.
| } | ||
|
|
||
| // Get the datastore morefs. | ||
| func (vs *VSphere) getDatastoreMorefs(ctx context.Context, dsRefs []types.ManagedObjectReference) ([]mo.Datastore, error) { |
|
|
||
| if volumeOptions.Datastore != "" { | ||
| if !IsUserSpecifiedDatastoreCompatible(dsRefs, volumeOptions.Datastore) { | ||
| return "", fmt.Errorf("User specified datastore: %q is not compatible with the StoragePolicy: %q requirements", volumeOptions.Datastore, volumeOptions.StoragePolicyName) |
There was a problem hiding this comment.
Yes, I have made sure it shows messages why a datastore is incompatible.
| } | ||
|
|
||
| // Verify if the user specified datastore is in the list of compatible datastores. | ||
| func IsUserSpecifiedDatastoreCompatible(dsRefs []mo.Datastore, dsName string) bool { |
There was a problem hiding this comment.
Restructured the code slightly here to make sure IsUserSpecifiedDatastoreCompatible() does what it needs to do.
| } | ||
|
|
||
| // Get all datastores accessible inside the current Kubernetes cluster. | ||
| func (vs *VSphere) getAllAccessibleDatastoresForK8sCluster(ctx context.Context, resourcePool *object.ResourcePool) ([]types.ManagedObjectReference, error) { |
There was a problem hiding this comment.
Yes. You are correct! I have retrieved datastores from the esx host.
| return nil, err | ||
| } | ||
|
|
||
| // The K8s cluster might be deployed inside a cluster or a host. |
There was a problem hiding this comment.
Removed this logic altogether.
| if err != nil { | ||
| return nil, err | ||
| } | ||
| dsMorefs := make(map[int][]types.ManagedObjectReference) |
There was a problem hiding this comment.
Comment on line#210-219
This entire block can be written in a simple and efficient way. There is no need to create multiple maps to arrive at the shared datastore list and also I found it a bit complex to understand the logic. Here's how we can write this block (pseudo code only):
Set sharedDs;
for (i = 0; i < vmList.size(); i++) {
Set accessibleDs = getAccesibleDatastoresForNode(vm.get(i))
if (i == 0) {
sharedDs.addAll(accesibleDs);
} else {
sharedDs = intersect(sharedDs, accessibleDs);
if (sharedDs.size() == 0) {
break;
}
}
}
sharedDs intersect(sharedDs, accessibleDs) {
for ds : sharedDs {
if (accessibleDs.get(ds) == null) {
sharedDs.remove(ds)
}
}
return sharedDs
}
| @@ -1535,20 +1533,27 @@ func (vs *VSphere) cleanUpDummyVMs(dummyVMPrefix string) { | |||
| f.SetDatacenter(dc) | |||
|
|
|||
| // Get the folder reference for global working directory where the dummy VM needs to be created. | |||
| vmFolder, err := getFolder(ctx, vs.client, vs.cfg.Global.Datacenter, vs.cfg.Global.WorkingDir) | |||
| vmFolder, err := f.Folder(ctx, strings.TrimSuffix(vs.cfg.Global.WorkingDir, "/")) | |||
There was a problem hiding this comment.
I did not quite get why you had to modify this method. Can you explain what is this method doing, when it is invoked and why this needs change?
There was a problem hiding this comment.
This is just to get folder. I don't need a function, I can get folder reference from working directory path.
| var sharedList []string | ||
| for _, val1 := range list1 { | ||
| // Check if val1 is found in list2 | ||
| for _, val2 := range list2 { |
There was a problem hiding this comment.
This search will be expensive if the number of entries are a lot but may not be so inefficient if the number of entries are less. I was expecting you to use "map" since "set" data structure is not there in go std library. But the logic seems correct, see if you can use map instead.
There was a problem hiding this comment.
Since the datastores will be very minimum for a VM, this logic would be not so expensive.
|
The code changes looks ok to me. I dont see any "testing done" mentioned in this review. Could you explain what tests have you done on the latest code to verify that it works fine? |
|
A few test cases, I have executed for this PR.
|
|
LGTM |
|
The PR is already merged on Kubernetes - kubernetes#46176 |
Till now, vSphere CP provides support to configure persistent volume with VSAN storage capabilities - kubernetes#42974. Right now this only works with VSAN.
Also there might be other use cases:
We can achieve about 2 use cases by using existing storage policies which are already created on vCenter. The user will specify the SPBM policy ID as part of dynamic provisioning and volume will have the policy configured with it.
This feature will allow you to specify the SPBM policy ID as part of dynamic volume provisioning. The created persistent volume will have the SPBM policy ID associated with it when u create a PVC.
For example,
When you deploy a pod with the PVC referring to the above mentioned storageclass, you will see the volume association on the vCenter for the node where the volume is attached to.