Skip to content

Commit ac18804

Browse files
author
NickrenREN
committed
add pv protection description
1 parent c431b28 commit ac18804

File tree

4 files changed

+119
-5
lines changed

4 files changed

+119
-5
lines changed

_data/tasks.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,7 @@ toc:
170170
- docs/tasks/administer-cluster/configure-multiple-schedulers.md
171171
- docs/tasks/administer-cluster/ip-masq-agent.md
172172
- docs/tasks/administer-cluster/dns-custom-nameservers.md
173-
- docs/tasks/administer-cluster/pvc-protection.md
173+
- docs/tasks/administer-cluster/storage-object-in-use-protection.md
174174

175175
- title: Federation - Run an App on Multiple Clusters
176176
section:

docs/admin/authorization/rbac.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -628,6 +628,7 @@ These roles include:
628628
* system:controller:node-controller
629629
* system:controller:persistent-volume-binder
630630
* system:controller:pod-garbage-collector
631+
* system:controller:pv-protection-controller
631632
* system:controller:pvc-protection-controller
632633
* system:controller:replicaset-controller
633634
* system:controller:replication-controller

docs/concepts/storage/persistent-volumes.md

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,14 +72,15 @@ Once a user has a claim and that claim is bound, the bound PV belongs to the use
7272

7373
### Storage Object in Use Protection
7474
{% assign for_k8s_version="v1.10" %}{% include feature-state-beta.md %}
75-
The purpose of the Storage Object in Use Protection feature is to ensure that Persistent Volume Claims (PVCs) in active use by a pod are not removed from the system as this may result in data loss.
75+
The purpose of the Storage Object in Use Protection feature is to ensure that Persistent Volume Claims (PVCs) in active use by a pod and Persistent Volume (PVs) that are bound to PVCs are not removed from the system as this may result in data loss.
7676

7777
**Note:** PVC is in active use by a pod when the pod status is `Pending` and the pod is assigned to a node or the pod status is `Running`.
7878
{: .note}
7979

80-
When the [Storage Object in Use Protection beta feature](/docs/tasks/administer-cluster/pvc-protection/) is enabled, if a user deletes a PVC in active use by a pod, the PVC is not removed immediately. PVC removal is postponed until the PVC is no longer actively used by any pods.
80+
When the [Storage Object in Use Protection beta feature](/docs/tasks/administer-cluster/storage-object-in-use-protection/) is enabled, if a user deletes a PVC in active use by a pod, the PVC is not removed immediately. PVC removal is postponed until the PVC is no longer actively used by any pods, and also if admin deletes a PV that is bound to a PVC, the PV is not removed immediately. PV removal is postponed until the PV is not bound to a PVC any more.
8181

8282
You can see that a PVC is protected when the PVC's status is `Terminating` and the `Finalizers` list includes `kubernetes.io/pvc-protection`:
83+
8384
```shell
8485
kubectl describe pvc hostpath
8586
Name: hostpath
@@ -94,6 +95,28 @@ Finalizers: [kubernetes.io/pvc-protection]
9495
...
9596
```
9697

98+
You can see that a PV is protected when the PV's status is `Terminating` and the `Finalizers` list includes `kubernetes.io/pv-protection` too:
99+
100+
```shell
101+
kubectl describe pv task-pv-volume
102+
Name: task-pv-volume
103+
Labels: type=local
104+
Annotations: <none>
105+
Finalizers: [kubernetes.io/pv-protection]
106+
StorageClass: standard
107+
Status: Available
108+
Claim:
109+
Reclaim Policy: Delete
110+
Access Modes: RWO
111+
Capacity: 1Gi
112+
Message:
113+
Source:
114+
Type: HostPath (bare host directory volume)
115+
Path: /tmp/data
116+
HostPathType:
117+
Events: <none>
118+
```
119+
97120
### Reclaiming
98121

99122
When a user is done with their volume, they can delete the PVC objects from the API which allows reclamation of the resource. The reclaim policy for a `PersistentVolume` tells the cluster what to do with the volume after it has been released of its claim. Currently, volumes can either be Retained, Recycled or Deleted.

docs/tasks/administer-cluster/pvc-protection.md renamed to docs/tasks/administer-cluster/storage-object-in-use-protection.md

Lines changed: 92 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ title: Storage Object in Use Protection
88
{% capture overview %}
99
{% assign for_k8s_version="v1.10" %}{% include feature-state-beta.md %}
1010

11-
Persistent volume claims (PVCs) that are in active use by a pod can be protected from pre-mature removal.
11+
Persistent volume claims (PVCs) that are in active use by a pod and persistent volumes (PVs) that are bound to PVCs can be protected from pre-mature removal.
1212

1313
{% endcapture %}
1414

@@ -56,8 +56,9 @@ spec:
5656
```
5757
5858
- Check that the PVC has the finalizer `kubernetes.io/pvc-protection` set:
59+
5960
```shell
60-
$ kubectl describe pvc slzc
61+
kubectl describe pvc slzc
6162
Name: slzc
6263
Namespace: default
6364
StorageClass: slow
@@ -215,6 +216,95 @@ Warning FailedScheduling 18s (x4 over 21s) default-scheduler persistentvolum
215216

216217
- Wait until the pod status of both pods is `Terminated` or `Completed` (either delete the pods or wait until they finish). Afterwards, check that the PVC is removed.
217218

219+
## Storage Object in Use Protection feature used for PV Protection
220+
221+
The example below uses a `HostPath` PV.
222+
223+
Verification scenarios follow below.
224+
225+
### Scenario 1: The PV is not bound to a PVC
226+
227+
- Create a PV:
228+
229+
```yaml
230+
kind: PersistentVolume
231+
apiVersion: v1
232+
metadata:
233+
name: task-pv-volume
234+
labels:
235+
type: local
236+
spec:
237+
capacity:
238+
storage: 1Gi
239+
accessModes:
240+
- ReadWriteOnce
241+
persistentVolumeReclaimPolicy: Delete
242+
storageClassName: standard
243+
hostPath:
244+
path: "/tmp/data"
245+
```
246+
247+
- Check that the PV has the finalizer `kubernetes.io/pv-protection` set:
248+
249+
```shell
250+
Name: task-pv-volume
251+
Labels: type=local
252+
Annotations: pv.kubernetes.io/bound-by-controller=yes
253+
Finalizers: [kubernetes.io/pv-protection]
254+
StorageClass: standard
255+
Status: Terminating (lasts 1m)
256+
Claim: default/task-pv-claim
257+
Reclaim Policy: Delete
258+
Access Modes: RWO
259+
Capacity: 1Gi
260+
Message:
261+
Source:
262+
Type: HostPath (bare host directory volume)
263+
Path: /tmp/data
264+
HostPathType:
265+
Events: <none>
266+
```
267+
268+
- Delete the PV and check that the PV (not bound to a PVC) is removed successfully.
269+
270+
### Scenario 2: The PV is bound to a PVC
271+
272+
- Again, create the same PV.
273+
274+
- Create a PVC
275+
276+
```yaml
277+
kind: PersistentVolumeClaim
278+
apiVersion: v1
279+
metadata:
280+
name: task-pv-claim
281+
spec:
282+
accessModes:
283+
- ReadWriteOnce
284+
resources:
285+
requests:
286+
storage: 1Gi
287+
```
288+
289+
- Wait until the PV and PVC are bound to each other.
290+
- Delete the PV and verify that the PV is not removed but its status is `Terminating`:
291+
292+
```shell
293+
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
294+
task-pv-volume 1Gi RWO Delete Terminating default/task-pv-claim standard 59s
295+
296+
```
297+
- Delete the PVC and verify that the PV is removed too.
298+
299+
```shell
300+
kubectl delete pvc task-pv-claim
301+
persistentvolumeclaim "task-pv-claim" deleted
302+
$ kubectl get pvc
303+
No resources found.
304+
$ kubectl get pv
305+
No resources found.
306+
```
307+
218308
{% endcapture %}
219309

220310
{% capture discussion %}

0 commit comments

Comments
 (0)