Bug 1276082 - [RFE] PV needs to be able to be secured down so that claims can auto bind to the available PVs for the namespace [NEEDINFO]
[RFE] PV needs to be able to be secured down so that claims can auto bind to ...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE (Show other bugs)
3.1.0
Unspecified Unspecified
medium Severity high
: ---
: ---
Assigned To: Bradley Childs
Johnny Liu
:
: 1273265 1296554 (view as bug list)
Depends On:
Blocks: 1267746 1276084
  Show dependency treegraph
 
Reported: 2015-10-28 12:15 EDT by Ryan Howe
Modified: 2017-08-16 15 EDT (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1276084 (view as bug list)
Environment:
Last Closed: 2017-08-16 15:50:37 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
erjones: needinfo? (bchilds)
knakayam: needinfo? (bchilds)
erich: needinfo? (bchilds)
erich: needinfo? (bchilds)


Attachments (Terms of Use)

  None (edit)
Description Ryan Howe 2015-10-28 12:15:14 EDT
Description of problem:

PV needs to be able to be secured down so that claims can auto bind to the available PVs for the namespace.

Admin are looking for a way to provision Persistent Volumes that are only available to a defined namespace. While at the same time allowing the user to provision their own PVCs.

https://docs.openshift.com/enterprise/3.0/rest_api/kubernetes_v1.html#v1-persistentvolume

Version-Release number of selected component (if applicable):
3.0.x
Comment 3 Ryan Howe 2015-10-29 14:49:18 EDT
Adding to this RFE: 

Ability to configure a PV to only serve a certain:

Namespace/Project 
Region of Nodes
Zone of Nodes
User


Also upping the Severity as this RFE is a show stopper for case 01531822.
Comment 5 Ryan Howe 2016-01-12 16:04:16 EST
*** Bug 1273265 has been marked as a duplicate of this bug. ***
Comment 6 Mark Turansky 2016-01-13 08:46:20 EST
The addition of PVSelector on Claim can solve some of this (where labels on a volume must match the selector on a claim).  This is new functionality that is in development.

Another new piece of functionality is the ability to restrict which namespaces can use which selectors, so as to limit who can claim what.

These are 2 "net new" RFEs.
Comment 8 Josep 'Pep' Turro Mauri 2016-01-18 10:19:49 EST
(In reply to Mark Turansky from comment #6)
> The addition of PVSelector on Claim can solve some of this (where labels on
> a volume must match the selector on a claim).  This is new functionality
> that is in development.

I believe this is what Bug 1284994 is for.

> Another new piece of functionality is the ability to restrict which
> namespaces can use which selectors, so as to limit who can claim what.

So, this BZ would track that second part so that the goals on comment #0 & 3 can be met.
Comment 10 Dan McPherson 2016-04-13 17:41:05 EDT
*** Bug 1296554 has been marked as a duplicate of this bug. ***
Comment 21 Eric Paris 2017-08-16 15:50:37 EDT
In 3.6 a cluster admin can create multiple storage classes and put PVs in those storage classes. They can then the default quota for those storage classes to 0 and explicitly only allow certain namespaces something other than 0. Thus addressing this problem.

Note You need to log in before you can comment on or make changes to this bug.