[Bug v2.0.0] Volume Topology Requirements do not conform to CSI spec

[apricote]

Summary

Topology labels added to new volumes in v2.0.0 does not conform to the CSI spec.

We plan to fix this ASAP, but the change will require manual fixing of affected PersistentVolumes.

See section recommended actions to learn how to proceed.

This issue will be updated as the situation progresses. I recommend subscribing to the issue to receive notifications.

Recommended Actions

• If you have not installed hcloud-csi-driver v2.0.0 or you are a new user
  • Upgrade to v2.1.0+ at a time convenient to you.
• If you have installed hcloud-csi-driver v2.0.0
  • Upgrade to v2.0.1 as soon as possible.
  • Upgrade to v2.1.0+ at a time convenient to you.
  • Any volumes you have created while the csi-driver v2.0.0 was installed, reference the wrong topology label. They will still work with v2.1.0+, but we recommend to fix the labels.
  • Fixing the labels will require manual work from you, follow this guideline: https://github.com/hetznercloud/csi-driver/blob/main/docs/v2.0.0-fix-volume-topology/fix-volume-topology.md
  • Please subscribe to this issue to be informed of any updates. You can also message the Hetzner Support, if you have further questions and to be notified of any updates.

Background

The CSI Spec supports topology requirements for volumes, this happens in two steps:

• On registration, every node returns its topology in the NodeGetInfo call
• On volume creation, the Container Orchestrator (k8s/nomad) specifies a list of required topologies for the new volume (CreateVolume call), the driver then chooses which of the supplied topologies the volume will serve and returns those in the response.
• The CO then tries to schedule the workload to a node that can use the volume (based on the volumes accessible_topology and the node accessible_topology)

For version 2.0.0 of the CSI driver we made a change to the topologies, to fix an issue with cluster-autoscaler and to use a standardized label, see #302 for details of this change:

 node:
   csi.hetzner.cloud/location: hel1
+  topology.kubernetes.io/region: hel1

 volume:
-  csi.hetzner.cloud/location: hel1
+  topology.kubernetes.io/region: hel1

The change was validated with Kubernetes and everything worked as we expected it. It turns out that this does not strictly adher to the CSI spec, because the created volume has a accessible_topology that does not match the nodes accessible_topology. The csi.hetzner.cloud/location label is missing.

The accessible_topology segments are combined using AND in the spec, so theoretically this should not be schedulable in Kubernetes. In practice the Kubernetes scheduler allows this, and the volume can still be attached. Because of this we did not find the bug prior to release.

The Nomad scheduler on the other hand is strict, and only allows scheduling to happen if all topology constraints from the volume match the ones of the node.

While we could implement a dirty hack to make this work in Nomad, we want to do the right thing and conform to the CSI spec. For this, we will revert the changes from #302 and go back to only using the topology constraint csi.hetzner.cloud/location.

All PersistentVolumes created with v2.0.0 of the csi-driver reference the topology.kubernetes.io/region label, which will not be reported by the CSI driver in v2.1.0+. Because of the way Kubernetes handles scheduling, the volumes will still be useable in v2.1.0+ of the driver. We will provide a guide to fix the topology labels for these volumes ASAP.

Plan

This plan tracks the progress of individual steps to deal with the issue. The details of this plan might change.

• Publish Issue with details ([Bug v2.0.0] Volume Topology Requirements do not conform to CSI spec #333)
• Add note to v2.0.0 release to point users to this issue
• Add note to README to point users to this issue
• Release v2.0.1 (fix: invalid topology label on new volumes #333 #334)
  • This release is intended to fix the immediate issue, so affected users will only have to fix volumes created in v2.0.0, and not for any new volumes afterwards.
  • Reverts changes made to the labels that new volumes will have
  • recommended only for users of v2.0.0
• Release v2.1.0 (fix: revert invalid topology changes #333 #335)
  • Fully revert the changes made in [enhancement] Use native kubernetes topology region label for volumes nodeAffinity #302
  • Intended for users upgrading from v1.x and new users
  • EDIT: Volumes created with v2.0.0 still work with this version, so anyone may upgrade
• Publish guidelines for users of v2.0.x to fix volumes with broken topology requirements.

[apricote]

Version v2.0.1 has been released. Users of v2.0.0 should upgrade to this version as soon as possible, as new volumes created with this version will not need to be fixed to work with v2.1.0 later.

Users of v1.x should not upgrade to v2.0.1, please see the Recommended Actions in the note above.

[madalinignisca]

I'm confused with the recommendations. If 2.0.1 should be the first good and fixed version of 2.x, on a new cluster installing for first time, would 2.0.1 be good to use?

If I want to start today a new cluster, what should block me in installing 2.0.1?

[apricote]

I'm confused with the recommendations. If 2.0.1 should be the first good and fixed version of 2.x, on a new cluster installing for first time, would 2.0.1 be good to use?

If I want to start today a new cluster, what should block me in installing 2.0.1?

Nothing blocks you, but that version still does not follow the CSI spec, so we do not recommend using that version for a new cluster, only if you are using v2.0.0 at the moment.

Version v2.1.0 will be released in the next 2 hours, so you might want to wait for this instead of installing v1.6.0 and later migrating to v2.x.

[madalinignisca]

2h is great. Many thanks. I thought it might take another few days or more. For me this are great news, I intended to have it ready for next week.

[apricote]

Version v2.1.0 has been released.

New users and users of v1.x should upgrade/use this version.

Users of v2.0.x may upgrade to this version. Volumes created with v2.0.0 still reference invalid topology labels and we are working on a migration guide for these volumes.

[apricote]

The guideline to fix PersistentVolumes created with the v2.0.0 release is now published: https://github.com/hetznercloud/csi-driver/blob/main/docs/v2.0.0-fix-volume-topology/fix-volume-topology.md

If you have any further questions, feel free to comment here or contact the Hetzner Cloud support.