Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1717746

Summary: selector-label volume binding is not working
Product: OpenShift Container Platform Reporter: Jaspreet Kaur <jkaur>
Component: StorageAssignee: Jan Safranek <jsafrane>
Status: CLOSED NOTABUG QA Contact: Liang Xia <lxia>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: aos-bugs, aos-storage-staff, jsafrane
Target Milestone: ---   
Target Release: 3.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-11 08:31:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jaspreet Kaur 2019-06-06 05:18:18 UTC 
Description of problem: Even if binding the volumes and claim using selector labels binding, random non-matching PVC gets bound to the PV.

As per https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/selector_label_binding.html#selector-label-volume-binding;


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
As per https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/selector_label_binding.html#selector-label-volume-binding;
I've defined selectors and labels on the Openshift PV & PVC.

Openshift PersistVolume Defination:

cat mktg-ops--kafka-iscsi_pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mktg-ops--kafka--kafka-broker01
  labels:
    project: mktg-ops--kafka
    claimname: kafka-broker01
    storage-tier: poc
    storage-type: block
spec:
  capacity:
    storage: 15Gi
  accessModes:
    - ReadWriteOnce
  iscsi:
    targetPortal: "<ip>:3260"
    portals: ["<ip>"]
    iqn: "<iqn>"
    lun: 0
    initiatorName: <iqn-name>
    fsType: xfs
    readOnly: false


Openshift PersistentVolumeClaim defination:

cat mktg-ops--kafka-iscsi_pvc.yaml
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: "kafka-broker01"
spec:
  accessModes:
  - ReadWriteOnce
  resources:
     requests:
       storage: "15Gi"
  selector:
    matchLabels:
      project: mktg-ops--kafka
      claimname: kafka-broker01
      storage-tier: poc
      storage-type: block


Note; the selector-Labels are matching exactly. I expected the binding of only these PV-PVC

However it gets bounded to below :

oc get -n alm-tools--prototype pvc postgresql  -o yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    pv.kubernetes.io/bind-completed: "yes"
    pv.kubernetes.io/bound-by-controller: "yes"
  creationTimestamp: 2019-05-09T14:14:27Z
  finalizers:
  - kubernetes.io/pvc-protection
  labels:
    app: django-psql-persistent
    template: django-psql-persistent
  name: postgresql
  namespace: alm-tools--prototype
  resourceVersion: "171152406"
  selfLink: /api/v1/namespaces/alm-tools--prototype/persistentvolumeclaims/postgresql
  uid: c11960ac-7264-11e9-bb01-001a4a195f6a
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  volumeName: mktg-ops--kafka--kafka-broker01
status:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 15Gi
  phase: Bound


Actual results: Selector label volume and volume claim not respected


Expected results: Selector label volume binding should work


Additional info:
Comment 1 Jan Safranek 2019-06-18 11:42:22 UTC 
If I understand the report correctly, your PV got bound to a "random" PVC, while you expected that it binds only to a PVC that specifies the selector?

I am afraid it's not how selectors work. Using a selector, a PVC can require PV with specific labels. But a PVC without any selector matches *any* PV, i.e. your "postgresql" PVC matched your PV.

To reserve a PV for specific tasks, you have two options:

1) Create specific storage class for the PV. If necessary (in multi tenant env), use quota to "reserve" the storage class (and thus the PV(s)) only to specific namespace.

2) Or, if you know the PVC namespace + name, you can "pre-bind" the PV to your PVC. Such PV will bind only to given PVC and to nothing else:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: mktg-ops--kafka--kafka-broker01
spec:
  capacity:
    storage: 15Gi
  accessModes:
    - ReadWriteOnce
  claimRef:
      apiVersion: v1
      kind: PersistentVolumeClaim
      name: kafka-broker01
      namespace: default
  iscsi:
    ...

Does it solve your issue?
Comment 2 Jan Safranek 2019-07-11 08:31:38 UTC 
I explained how PV binding and selector works, the observed behavior is expected.
Comment 3 Red Hat Bugzilla 2023-09-14 05:29:49 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days