Support Volume Mount Options

[rootfs]

Description

We currently support network filesystems: NFS, Glusterfs, Ceph FS, SMB (Azure file), Quobytes, and local filesystems such as ext[3|4] and XFS.

Mount time options that are operationally important and have no security implications should be suppported. Examples are NFS's TCP mode, versions, lock mode, caching mode; Glusterfs's caching mode; SMB's version, locking, id mapping; and more.

One solution is to walk through all the mount options and create API objects for each one of them in their volume source. This solution clearly states what are the supported options. But supporting all valid mount options makes us liable to compatibility issues when mount options changes between OS distributions/releases, or between OSes (Linux, BSD/OSX if they are to be supported in the future)

Second solution also adds an API objects in volume source. Instead of 1-1 mapping, the single API object is a string comma separated blob like version=3,protoc=tcp,nolock. It is the convention used by mount command. Since this solution only supported a subset of filesystem options, it is not subject to mount option changes. Arguably, the mount options are only for expert user who understand what they do. The mount options API object defaults to none.

• Primary contact (assignee): @gnufied
• Responsible SIGs: Storage
• Design proposal link (community repo):
• Reviewer(s) - (for LGTM) recommend having 2+ reviewers (at least one from code-area OWNERS file) agreed to review. Reviewers from multiple companies preferred:
  Google: @saad-ali @jingxu97
  RedHat: @childsb @jsafrane
• Approver (likely from SIG/area to which feature belongs): @saad-ali @childsb
• Feature target (which target equals to which milestone):
  • Alpha release target: 1.6
  • Beta release target: -
  • Stable release target (x.y): 1.8

[rootfs]

@kubernetes/sig-storage-misc

[idvoretskyi]

@rootfs are you a person, responsible for the feature?

[gnufied]

This should be assigned to me. I unfortunately don't have enough privilege to do that myself - https://docs.google.com/spreadsheets/d/1t4z5DYKjX2ZDlkTpCnp18icRAQqOE85C1T1r2gqJVck/edit#gid=0

[idvoretskyi]

@gnufied done.

[rootfs]

We have a case to pass selinux context as -o context to cifs mount in azure_file volume to resolve permission denied issue.

[thockin]

@jingxu97 @saad-ali would be nice to get the design tradeoffs done and get this behind us. It's been lingering for a long time.

[matchstick]

@saad-ali and I talked this over today and we both agree that making sure that working with rootfs on this is one of his now highest priorities, now that he is no longer under the release czar role.

[gnufied]

Yeah it is a top priority for us too. I am working on a design document with @rootfs and will publish it today. I apologize for not sending the design proposal sooner - got caught up in other feature requests.

[gnufied]

The design proposal - https://github.com/kubernetes/community/pull/321/files

[philips]

cc @lpabon

[gnufied]

@spxtr can we keep this open? we need to walk this feature through - beta, GA, docs and whole thing.

[childsb]

@spxtr was this closed on purpose?

[idvoretskyi]

@gnufied any update on this feature? Docs and release notes are required (please, provide them to the features spreadsheet.

[spxtr]

Sorry, I simply synced my fork, and thanks to this bug feature, GitHub closed the issue.

[gnufied]

Added release notes to spreadsheet. The documentation PR is - kubernetes/website#2743

[saad-ali]

This is beta for 1.6 not stable updated labels and spreadsheet.

[mdelio]

@gnufied are we planning to bring this to stable in 1.7

[saad-ali]

This is not going to go to GA in 1.7 (it went beta in 1.6). We will punt GA to 1.8.

[gnufied]

We are going to try and get this GA in 1.8. The corresponding feature request change for taking this feature to GA - kubernetes/community#771

[idvoretskyi]

@saad-ali @gnufied please, update the feature description with the new timeline.

[gnufied]

@idvoretskyi I didn't create this issue, @rootfs did - but I do own it. I can't edit the original description unfortunately. The feature went beta in 1.6 and is going GA in 1.8.

[saad-ali]

@saad-ali @gnufied please, update the feature description with the new timeline.

Done. This feature is being promoted to stable in 1.8.

[matthewceroni]

I see this is support on the PV via an annotation, but what about when using dynamic provisioning?

I attempted to add the annotation to the volumeClaimTemplate but that did not see to work.

{{- if .Values.Persistence.Enabled }}
  volumeClaimTemplates:
  - metadata:
      name: pgdata
      annotations:
        volume.beta.kubernetes.io/storage-class: {{ .Values.Persistence.StorageClass }}
        volume.beta.kubernetes.io/mount-options: "noatime"
    spec:
      accessModes:
      - {{ .Values.Persistence.AccessMode | quote }}
      resources:
        requests:
          storage: {{ .Values.Persistence.Size | quote }}
{{- else }}
      - name: pgdata
        emptyDir: {}
{{- end }}

FYI: This results in an EBS volume (when rendered via helm)

[jsafrane]

@matthewceroni, in 1.8 we plan to add mountOptions to storageClass.parameters, see kubernetes/community#771

[gnufied]

This feature has been implemented as speced. Closing.

/close