Bug 1276082

Summary: [RFE] PV needs to be able to be secured down so that claims can auto bind to the available PVs for the namespace
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: RFEAssignee: Bradley Childs <bchilds>
Status: CLOSED CURRENTRELEASE QA Contact: Johnny Liu <jialiu>
Severity: high Docs Contact:
Priority: medium    
Version: 3.1.0CC: andelhie, aos-bugs, bchilds, charles_sheridan, dmcphers, eparis, erich, erjones, jkaur, jkrieger, jokerman, knakayam, mmccomas, pep, plarsen
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1276084 (view as bug list) Environment:
Last Closed: 2017-08-16 19:50:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1267746, 1276084    

Description Ryan Howe 2015-10-28 16:15:14 UTC 
Description of problem:

PV needs to be able to be secured down so that claims can auto bind to the available PVs for the namespace.

Admin are looking for a way to provision Persistent Volumes that are only available to a defined namespace. While at the same time allowing the user to provision their own PVCs.

https://docs.openshift.com/enterprise/3.0/rest_api/kubernetes_v1.html#v1-persistentvolume

Version-Release number of selected component (if applicable):
3.0.x
Comment 3 Ryan Howe 2015-10-29 18:49:18 UTC 
Adding to this RFE: 

Ability to configure a PV to only serve a certain:

Namespace/Project 
Region of Nodes
Zone of Nodes
User


Also upping the Severity as this RFE is a show stopper for case 01531822.
Comment 5 Ryan Howe 2016-01-12 21:04:16 UTC 
*** Bug 1273265 has been marked as a duplicate of this bug. ***
Comment 6 Mark Turansky 2016-01-13 13:46:20 UTC 
The addition of PVSelector on Claim can solve some of this (where labels on a volume must match the selector on a claim).  This is new functionality that is in development.

Another new piece of functionality is the ability to restrict which namespaces can use which selectors, so as to limit who can claim what.

These are 2 "net new" RFEs.
Comment 8 Josep 'Pep' Turro Mauri 2016-01-18 15:19:49 UTC 
(In reply to Mark Turansky from comment #6)
> The addition of PVSelector on Claim can solve some of this (where labels on
> a volume must match the selector on a claim).  This is new functionality
> that is in development.

I believe this is what Bug 1284994 is for.

> Another new piece of functionality is the ability to restrict which
> namespaces can use which selectors, so as to limit who can claim what.

So, this BZ would track that second part so that the goals on comment #0 & 3 can be met.
Comment 10 Dan McPherson 2016-04-13 21:41:05 UTC 
*** Bug 1296554 has been marked as a duplicate of this bug. ***
Comment 21 Eric Paris 2017-08-16 19:50:37 UTC 
In 3.6 a cluster admin can create multiple storage classes and put PVs in those storage classes. They can then the default quota for those storage classes to 0 and explicitly only allow certain namespaces something other than 0. Thus addressing this problem.
Comment 22 Red Hat Bugzilla 2023-09-14 23:58:39 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days