Skip to content

Enhance storageclass validation for linkedclone volume creation #3791

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
k8s-ci-robot merged 1 commit into from
Dec 11, 2025
Merged

Enhance storageclass validation for linkedclone volume creation #3791

k8s-ci-robot merged 1 commit into from
Dec 11, 2025

Conversation

@deepakkinni
Copy link
Collaborator

@deepakkinni deepakkinni commented Dec 8, 2025
edited
Loading

What this PR does / why we need it:

Enhances LinkedClone PVC validation in guest clusters to compare supervisor storage class references instead of guest storage class names. This allows LinkedClone volumes to reference different guest storage classes as long as they point to the same supervisor storage class, providing more flexibility in storage class management.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Testing done:

Precheckins:
WCP(PASS): https://jenkins-vcf-csifvt.devops.broadcom.net/job/wcp-instapp-e2e-pre-checkin/725/
VKS(PASS): https://jenkins-vcf-csifvt.devops.broadcom.net/job/vks-instapp-e2e-pre-checkin/665/

Modified the validation logic in validateGuestPVCOperation to fetch StorageClass objects and compare their parameters.svStorageClass values. Updated validation comments and error messages to reflect this change.

Added comprehensive unit tests covering five scenarios:

  • LinkedClone with matching svStorageClass (same StorageClass)
  • LinkedClone with different StorageClass names but same svStorageClass
  • LinkedClone with mismatched svStorageClass
  • LinkedClone with missing svStorageClass in source StorageClass
  • LinkedClone with missing svStorageClass in LinkedClone StorageClass

Test results:

=== RUN   TestValidateGuestPVCOperation_LinkedClone_StorageClass
=== RUN   TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_matching_svStorageClass_should_succeed
=== RUN   TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_different_StorageClass_but_same_svStorageClass_should_succeed
=== RUN   TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_mismatched_svStorageClass_should_fail
=== RUN   TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_missing_svStorageClass_in_source_StorageClass_should_fail
=== RUN   TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_missing_svStorageClass_in_LinkedClone_StorageClass_should_fail
--- PASS: TestValidateGuestPVCOperation_LinkedClone_StorageClass (0.00s)
    --- PASS: TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_matching_svStorageClass_should_succeed (0.00s)
    --- PASS: TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_different_StorageClass_but_same_svStorageClass_should_succeed (0.00s)
    --- PASS: TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_mismatched_svStorageClass_should_fail (0.00s)
    --- PASS: TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_missing_svStorageClass_in_source_StorageClass_should_fail (0.00s)
    --- PASS: TestValidateGuestPVCOperation_LinkedClone_StorageClass/LinkedClone_with_missing_svStorageClass_in_LinkedClone_StorageClass_should_fail (0.00s)
PASS
ok  	sigs.k8s.io/vsphere-csi-driver/v3/pkg/syncer/admissionhandler	0.640s



Actual testbed testing:
root@localhost [ ~ ]# cat pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: src-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: wcpglobal-storage-profile

root@localhost [ ~ ]# cat vs-1.yaml
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
  name: vs-1
spec:
  volumeSnapshotClassName: volumesnapshotclass-delete
  source:
    persistentVolumeClaimName: src-pvc
root@localhost [ ~ ]# cat lc-1.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
     csi.vsphere.volume/fast-provisioning : "true"
  name: vs1-lc-1
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  dataSource:
    name: vs-1
    kind: VolumeSnapshot
    apiGroup: snapshot.storage.k8s.io
  storageClassName: wcpglobal-storage-profile
root@localhost [ ~ ]# cat lc-2.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
     csi.vsphere.volume/fast-provisioning : "true"
  name: vs1-lc-2
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  dataSource:
    name: vs-1
    kind: VolumeSnapshot
    apiGroup: snapshot.storage.k8s.io
  storageClassName: wcpglobal-storage-profile-latebinding
root@localhost [ ~ ]# cat lc-3.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
     csi.vsphere.volume/fast-provisioning : "true"
  name: vs1-lc-3
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  dataSource:
    name: vs-1
    kind: VolumeSnapshot
    apiGroup: snapshot.storage.k8s.io
  storageClassName: testpol


Regression LC creation:

root@localhost [ ~ ]# kubectl -n testns apply -f lc-1.yaml
persistentvolumeclaim/vs1-lc-1 created


Create LC with different WFFC version of storageclass:
root@localhost [ ~ ]# kubectl -n testns apply -f lc-2.yaml
persistentvolumeclaim/vs1-lc-2 created

Create LC with different storageclass:
root@localhost [ ~ ]# kubectl -n testns apply -f lc-3.yaml
Error from server: error when creating "lc-3.yaml": admission webhook "validation.csi.vsphere.vmware.com" denied the request: StorageClass svStorageClass mismatch, Namespace: testns, LinkedClone StorageClass: testpol (svStorageClass: testpol), source PVC StorageClass: wcpglobal-storage-profile (svStorageClass: wcpglobal-storage-profile)

Special notes for your reviewer:

The validation now retrieves StorageClass objects via the Kubernetes API to access their parameters. Error messages include both StorageClass names and their svStorageClass parameter values for better troubleshooting. The change is backward compatible and only affects LinkedClone PVC validation in guest clusters.

RBAC changes needed - this is covered in standard package

Release note:
NONE

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Dec 8, 2025
@deepakkinni
Copy link
Collaborator Author

deepakkinni commented Dec 8, 2025

SUCCESS --- Jenkins Build #665

@deepakkinni
Copy link
Collaborator Author

deepakkinni commented Dec 9, 2025

Triggering CSI-WCP Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #722

@deepakkinni
Copy link
Collaborator Author

deepakkinni commented Dec 9, 2025

FAILED --- Jenkins Build #722

@deepakkinni
Copy link
Collaborator Author

deepakkinni commented Dec 9, 2025

SUCCESS --- Jenkins Build #725

@deepakkinni deepakkinni force-pushed the topic/dk016388/lc_sc_val_v1 branch 3 times, most recently from 02ddc1c to ff69aae Compare December 10, 2025 02:59
@xing-yang
Copy link
Contributor

xing-yang commented Dec 10, 2025

/approve

1 similar comment
@nikhilbarge
Copy link
Contributor

nikhilbarge commented Dec 10, 2025

/approve

chethanv28
chethanv28 reviewed Dec 10, 2025
View reviewed changes
chethanv28
chethanv28 reviewed Dec 10, 2025
View reviewed changes
@deepakkinni deepakkinni force-pushed the topic/dk016388/lc_sc_val_v1 branch 2 times, most recently from 6eb4d01 to 851613b Compare December 10, 2025 07:43
chethanv28
chethanv28 approved these changes Dec 10, 2025
View reviewed changes
Copy link
Collaborator

@chethanv28 chethanv28 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

Good to merge after fixing the linter errors

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Dec 10, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chethanv28, deepakkinni, nikhilbarge, xing-yang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [chethanv28,deepakkinni,xing-yang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@deepakkinni deepakkinni force-pushed the topic/dk016388/lc_sc_val_v1 branch from 851613b to e60270d Compare December 10, 2025 22:49
@deepakkinni
Copy link
Collaborator Author

deepakkinni commented Dec 10, 2025

/test pull-vsphere-csi-driver-verify-golangci-lint

@xing-yang
Copy link
Contributor

xing-yang commented Dec 11, 2025

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 11, 2025
@k8s-ci-robot k8s-ci-robot merged commit 2342695 into kubernetes-sigs:master Dec 11, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chethanv28 chethanv28 chethanv28 approved these changes

@divyenpatel divyenpatel Awaiting requested review from divyenpatel

@gnufied gnufied Awaiting requested review from gnufied

Assignees

@xing-yang xing-yang

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@deepakkinni @xing-yang @nikhilbarge @k8s-ci-robot @chethanv28