Description of problem: PV needs to be able to be secured down so that claims can auto bind to the available PVs for the namespace. Admin are looking for a way to provision Persistent Volumes that are only available to a defined namespace. While at the same time allowing the user to provision their own PVCs. https://docs.openshift.com/enterprise/3.0/rest_api/kubernetes_v1.html#v1-persistentvolume Version-Release number of selected component (if applicable): 3.0.x
Adding to this RFE: Ability to configure a PV to only serve a certain: Namespace/Project Region of Nodes Zone of Nodes User Also upping the Severity as this RFE is a show stopper for case 01531822.
*** Bug 1273265 has been marked as a duplicate of this bug. ***
The addition of PVSelector on Claim can solve some of this (where labels on a volume must match the selector on a claim). This is new functionality that is in development. Another new piece of functionality is the ability to restrict which namespaces can use which selectors, so as to limit who can claim what. These are 2 "net new" RFEs.
(In reply to Mark Turansky from comment #6) > The addition of PVSelector on Claim can solve some of this (where labels on > a volume must match the selector on a claim). This is new functionality > that is in development. I believe this is what Bug 1284994 is for. > Another new piece of functionality is the ability to restrict which > namespaces can use which selectors, so as to limit who can claim what. So, this BZ would track that second part so that the goals on comment #0 & 3 can be met.
*** Bug 1296554 has been marked as a duplicate of this bug. ***
In 3.6 a cluster admin can create multiple storage classes and put PVs in those storage classes. They can then the default quota for those storage classes to 0 and explicitly only allow certain namespaces something other than 0. Thus addressing this problem.
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days