Support specifying volume tags via PVC labels or annotations #1876
Comments
|
also: it would allow tags to be changed. Since you can't update storageclasses (they're immutable) |
|
If we can use PVC lable against sc in dynamic provisioning,This is great for maintaining your own tags independently between each project! |
|
Hi all, thanks for the feature request - we've made a note of this and will evaluate it in the near future. One key consideration is that there is currently a limitation in Kubernetes where CSI drivers do not have the ability to retrieve tags applied to a PVC from the We will provide more updates as we make progress on the evaluation and any plans to support this, thanks! /kind feature |
k8s-ci-robot
added
the
kind/feature
|
@torredil Till then, cant we have the labels/annotation part at least, considering it cannot be changed once created? |
|
If it's useful, we (PlanetScale) worked around this limitation by deploying https://github.com/mtougeron/k8s-pvc-tagger which supports AWS and GCP |
|
Hi all, after significant discussion, we don't currently plan to support this in the driver itself. The Kubernetes community intentionally does not supply annotations/labels to CSI drivers: kubernetes-csi/external-provisioner#86. Because of this, the only solution would involve a work-around that directly bypasses this design and introduces race condition and correctness concerns. We do support dynamic tag values based on the PVC name and namespace, and the PV name: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/tagging.md#storageclass-tagging. We have seen these features utilized in usecases such as cost tagging and tagging volumes for DLM policies. We are working on the ability to modify the tags of existing volumes using Kubernetes's |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The |
|
@TomBillietKlarrio modifying tags via Using dynamic substitution in those tags as can be done in the |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
/remove-lifecycle rotten Can modify tags via VAC now, see Volume modification via VolumeAttributesClass example. We're waiting to close issue until #2093 is merged (interpolated tags), which will happen once the next kubernetes-csi/external-resizer is released after K8s v1.32. |
k8s-ci-robot
removed
the
lifecycle/rotten
|
Hey everyone, just to clarify that I understood everything in here correctly:
If I get all this correctly, what is the recommended way to do configure per-volume tags that can not be inferred from PVC name, namespace or PV name? We do have a requirement to set tags like e.g. Note: As far as I'm aware, it would technically be possible to create one VAC per volume, but as far as I understand the design, that is not the intended use. |
Correct, we are also adding this to VACs but are waiting on a release of the
Correct.
Correct, see my answer to question 1.
We don't intend to attempt to bypass/workaround the limitations set in place by Kubernetes: kubernetes-csi/external-provisioner#86. If Kubernetes were to change their mind and support per-PVC parameters in some way, we would likely make any necessary changes on our end to support that. If you need/want such a feature, I would strongly encourage asking upstream within Kubernetes for support.
With what is currently supported by Kubernetes, you would need to create a SC/VAC for each volume if the tags are truly unique per volume. In your example of an |
In our scenario, we have one What would be the best practice here? Ideally I'd like keep only 1 SC and have a VAC for each volume. |
|
@calvinbui If your tags never change, you can go with that approach. Note that a VAC is immutable after creation, so if you ever want to update any of the tags, you would need to create a new one and point the PVC to that new VAC. While this works in theory, since Volume modifications have a 6 hour cooldown period, you will only be able to do any of these changes once every 6 hours for any volume. For this reason, we went with using mtougeron/k8s-pvc-tagger as @TomBillietKlarrio has already mentioned, since that is not affected by the 6 hour period as it uses the tagging actions, not the volume modification actions. |
|
one small correction @morremeyer
While successfully calling EC2 modify-volume does have a 6 hour cooldown today, tag changes do not have this cooldown. If the only difference between those 2 VACs are tags, you should not have to wait for any 6 hour cooldown. If you are, then there's a bug somewhere we should squash 😅. See this sequence diagram to understand the sequence of events between K8s, EBS CSI Driver, and AWS We will likely update our documentation to explicitly call out that tag changes do not have the same cooldown restrictions as other types of modifications. |
Is your feature request related to a problem?/Why is this needed
Applying unique sets of tags based on application requirements currently requires creating a storageclass specific to the application and set of tags. This makes it difficult to maintain tags when there is a lot of variety in keys and values
/feature
Describe the solution you'd like in detail
Ideally, you could specify list of tags in the PVC, that way the storage class can remain application-agnostic. One of the following options should work -
Describe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: