Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve Deletion Secret Handling #161

Closed
saad-ali opened this issue Aug 14, 2019 · 1 comment · Fixed by #165
Closed

Improve Deletion Secret Handling #161

saad-ali opened this issue Aug 14, 2019 · 1 comment · Fixed by #165
Assignees
@xing-yang

Comments

@saad-ali
Copy link
Member

This is the same underlying issue as kubernetes-csi/external-provisioner#330 for external-provisioner. This bug is to track the work for the external-snapshotter. We should make sure the annotations used for both solution have the same name.

Today, the external-snapshotter will look at VolumeSnapshotClass for deletion secret. If the secret does not exist, delete is called any way.

The problem is that the VolumeSnapshotClass may be deleted or mutated (deleted and recreated with different parameters). This will result in snapshots being unable to delete. Ideally we want the deletion secret on the VolumeSnapshotContent object. However, @liggitt pointed out that this would result in asymmetry of the API (provision is handled by a higher layer controller and specified in VolumeSnapshotClass, having that controller then look at VolumeSnapshotContent object for the delete secret seems wrong). That said, we do want to better handle this case.

So as a compromise, the proposal is to 1) add a reference to the deletion secret as an annotation on the VolumeSnapshotContent object (instead of a first class field), and 2) to better document why you shouldn't have deletion secrets.

For 1, the proposed change is to add a new flag to external-snapshotter that says controller requires deletion secret, if this is set by SP, the external-snapshotter should store a reference to the provision secret in an annotation on the PV object, and when deleting, if the flag is set and the VolumeSnapshotContent object has the annotation, fetch and pass the secret in the CSI DeleteSnapshot call.

And 2 is being tacked in kubernetes-csi/docs#189 (comment).

CC @jingxu97 @xing-yang
@xing-yang xing-yang self-assigned this Aug 23, 2019
@xing-yang
Copy link
Collaborator

CC @yuxiangqian

@xing-yang xing-yang mentioned this issue Aug 24, 2019
Merged
xing-yang added a commit to xing-yang/external-snapshotter that referenced this issue Jul 20, 2021
@xing-yang
Squashed 'release-tools/' changes from bc0504a..c0a4fb1
9eb9a93 
c0a4fb1 Merge pull request kubernetes-csi#164 from anubha-v-ardhan/patch-1
9c6a6c0 Master to main cleanup
682c686 Merge pull request kubernetes-csi#162 from pohly/pod-name-via-shell-command
36a29f5 Merge pull request kubernetes-csi#163 from pohly/remove-bazel
68e43ca prow.sh: remove Bazel build support
c5f59c5 prow.sh: allow shell commands in CSI_PROW_SANITY_POD
71c810a Merge pull request kubernetes-csi#161 from pohly/mock-test-fixes
9e438f8 prow.sh: fix mock testing
d7146c7 Merge pull request kubernetes-csi#160 from pohly/kind-update
4b6aa60 prow.sh: update to KinD v0.11.0
7cdc76f Merge pull request kubernetes-csi#159 from pohly/fix-deployment-selection
ef8bd33 prow.sh: more flexible CSI_PROW_DEPLOYMENT, part II
204bc89 Merge pull request kubernetes-csi#158 from pohly/fix-deployment-selection
61538bb prow.sh: more flexible CSI_PROW_DEPLOYMENT
2b0e6db Merge pull request kubernetes-csi#157 from humblec/csi-release
a2fcd6d Adding myself to csi reviewers group
f325590 Merge pull request kubernetes-csi#149 from pohly/cluster-logs
4b03b30 Merge pull request kubernetes-csi#155 from pohly/owners
a6453c8 owners: introduce aliases
ad83def Merge pull request kubernetes-csi#153 from pohly/fix-image-builds
5561780 build.make: fix image publishng
29bd39b Merge pull request kubernetes-csi#152 from pohly/bump-csi-test
bc42793 prow.sh: use csi-test v4.2.0
b546baa Merge pull request kubernetes-csi#150 from mauriciopoppe/windows-multiarch-args
bfbb6f3 add parameter base_image and addon_image to BUILD_PARAMETERS
2d61d3b Merge pull request kubernetes-csi#151 from humblec/cm
48e71f0 Replace `which` command ( non standard)  with `command -v` builtin
feb20e2 prow.sh: collect cluster logs
7b96bea Merge pull request kubernetes-csi#148 from dobsonj/add-checkpathcmd-to-prow
2d2e03b prow.sh: enable -csi.checkpathcmd option in csi-sanity
09d4151 Merge pull request kubernetes-csi#147 from pohly/mock-testing
74cfbc9 prow.sh: support mock tests
4a3f110 prow.sh: remove obsolete test suppression
6616a6b Merge pull request kubernetes-csi#146 from pohly/kubernetes-1.21
510fb0f prow.sh: support Kubernetes 1.21
c63c61b prow.sh: add CSI_PROW_DEPLOYMENT_SUFFIX
51ac11c Merge pull request kubernetes-csi#144 from pohly/pull-jobs
dd54c92 pull-test.sh: test importing csi-release-tools into other repo
7d2643a Merge pull request kubernetes-csi#143 from pohly/path-setup
6880b0c prow.sh: avoid creating paths unless really running tests

git-subtree-dir: release-tools
git-subtree-split: c0a4fb1
xing-yang pushed a commit to xing-yang/external-snapshotter that referenced this issue Jul 26, 2021
@k8s-ci-robot
Merge pull request kubernetes-csi#161 from pohly/mock-test-fixes
71c810a 
prow.sh: fix mock testing
rhrmo pushed a commit to rhrmo/external-snapshotter that referenced this issue Oct 2, 2024
@openshift-merge-bot
Merge pull request kubernetes-csi#161 from openshift-bot/art-consiste…
900a6fb 
…ncy-openshift-4.18-ose-csi-external-snapshotter

OCPBUGS-39454: Updating ose-csi-external-snapshotter-container image to be consistent with ART for 4.18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xing-yang xing-yang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add deletion secret as annotation to content xing-yang/external-snapshotter
2 participants
@xing-yang @saad-ali