Comments (9)
I checked a little bit more, and it seems that the checkDiskExists()
function in the NodeGetVolumeStats
function is the only place in the node service where the credentials are needed right now.
The Azure CSI maintainers offered to look into whether it is possible to get rid of this check. Afterwards it should be possible to start the CSI driver without client id/secret.
from gardener-extension-provider-azure.
/reopen
We decided to postpone CSI migration for Azure to Kubernetes v1.21, so let's adapt the version constants in the code from 1.20 to 1.21.
from gardener-extension-provider-azure.
Adopting CSI together with support for 1.18 seems to be a good plan:
- The Azure Disk CSI driver migration feature is still alpha, but according to this document it will be promoted to beta with 1.18.
- The CSI migration process is not yet sufficiently documented (there is only https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/ and the design proposal). SIG storage might work on a dedicated migration instruction document, let's see. Particularly, it seems that it is necessary to drain the worker nodes before enabling the
CSIMigration*
feature gates on the kubelet --> introducing the CSI migration together with a minor release update seems feasible as we get new nodes anyways here and don't need to implement special migration logic. - There is an open bug with deleting volumes that have been provisioned with the in-tree volume plugin (i.e., prior CSI migration): kubernetes/kubernetes#79043. SIG storage is working on a fix (and it will probably be cherry-picked to 1.17, but for the mentioned reasons above migrating to CSI with 1.18 seems to make most sense).
from gardener-extension-provider-azure.
The CSI migration is beta with 1.17, though, the CSI plugins for Azure are not yet ready to cater with Gardener needs. We will have to contribute there before we can migrate to CSI. Hence, postponing this issue until 1.19.
from gardener-extension-provider-azure.
I opened kubernetes-sigs/azuredisk-csi-driver#354 for the Azure Disk CSI plugin. After it's merged I'll use the same approach to enhance the Azure File CSI plugin.
from gardener-extension-provider-azure.
Turns out that what I described with #3 (comment) was actually a misconfiguration during my tests - the Azure Disk CSI plugin already works for our scenario as it disables the metadata service in the controller service of the CSI driver. Hence kubernetes-sigs/azuredisk-csi-driver#354 is closed again for now.
However, it seems that the node service of the CSI driver also requires the client id/secret credentials in order to talk to the Azure API and find out information about certain disks. This would mean that we would have to expose the credentials in the shoot cluster which is undesired. I'm investigating further...
from gardener-extension-provider-azure.
I played with the latest kubernetes-sigs/[email protected]
and kubernetes-sigs/[email protected]
releases and it seems that the problems we faced have been resolved. This would mean that we can go ahead and introduce CSI (migration) already with 1.18 as initially planned.
I'll do some more testing tomorrow, and if successful I'll add the respective changes to the currently open 1.18 support PR #72. I'll also update this ticket with my results.
from gardener-extension-provider-azure.
It turns out that the Azure CSI migration is still alpha with 1.18 (although suggested differently by https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/), hence, let's plan for 1.19. There are still flaws in the Azure File CSI migration, the Azure Disk CSI migration worked so far.
See also kubernetes/enhancements#1490.
from gardener-extension-provider-azure.
We decided to postpone CSI migration for Azure to Kubernetes v1.21, so let's adapt the version constants in the code from 1.20 to 1.21.
Let's wait few more days to make sure that CSIMigrationAzureFile
promotion to beta will be pushed back to v1.21 - ref kubernetes/kubernetes#96293. Theoretically it can get in for v1.20 via an Exception.
from gardener-extension-provider-azure.
Related Issues (20)
- Deletion fails due to empty string vnet reference
- Seed deletion fails due to missing backupbucket secret HOT 1
- Support PremiumV2_LRS storage HOT 2
- Improve error code matching HOT 1
- Add Infrastructure integration test for invalid credentials HOT 1
- Error code not added HOT 2
- Intermittent Azure API fault results in zombie NatGateway and persistent shoot creation failure HOT 2
- Add native support for generation 1 and 2 OS images and machine types
- Enhance error code
- Improve error classification for `PublicIPAddressInUse` HOT 1
- Change StorageAccount for backupbucket from LRS to ZRS HOT 1
- Enable Serial Console Support in Worker Node HOT 3
- Integrate vSMP MemeoryOne in Azure HOT 4
- Cannot delete `BackupEntries` which use the secret from a `core.BackupBucket.status.generatedSecretRef` reference HOT 2
- [CPM] Restoration of cluster fails if it's `Infrastructure` resource on the source `Seed` was annotated with `migration.azure.provider.extensions.gardener.cloud/zone` HOT 1
- Map context timeout/deadline exceeded code during VM Deletion to gardener ERR_INFRA_DEPENDENCIES HOT 1
- Parametrize and Expose Azure disks IOPs and Throughput
- Can't use azure dns provider with non-azure infrastructure provider HOT 2
- `OverconstrainedZonalAllocationRequest` could be a transient error
- Support more Azure cloud environments
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gardener-extension-provider-azure.