Checked on AWS, AWS EBS CSI driver returns two topology segments: I0520 12:19:17.666181 1 connection.go:185] GRPC response: {"volume":{"accessible_topology":[{"segments":{"topology.ebs.csi.aws.com/zone":"us-east-1b","topology.kubernetes.io/zone":"us-east-1b"}}],"capacity_bytes":1073741824,"volume_id":"vol-0df87601e5f389076"}} PV provisioned directly as CSI (with CSI storage class) has the same issue: csi: driver: ebs.csi.aws.com fsType: ext4 volumeAttributes: storage.kubernetes.io/csiProvisionerIdentity: 1621513076004-8081-ebs.csi.aws.com volumeHandle: vol-0560a74a5ed60d676 nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - us-east-1b - key: topology.ebs.csi.aws.com/zone operator: In values: - us-east-1b CSI translation won't make it worse (or better).
Correction: the CSI volume topology is weird, it uses both topology.ebs.csi.aws.com/zone and topology.kubernetes.io/zone.
Reading upstream PRs, adding topology.kubernetes.io/zone is intentional: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/773 https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/729
We can fix the CSI translation library - when it translates nodeAffinity from CSI to in-tree, it should merge the two redundant nodeSelectorTerms into one, i.e. somewhere in https://github.com/kubernetes/kubernetes/blob/fed3a4520d99a2d99fd4ed0f7edf1ac79e7253e7/staging/src/k8s.io/csi-translation-lib/plugins/aws_ebs.go#L157
it seems that this duplication is by intention as per https://github.com/kubernetes/kubernetes/blob/fed3a4520d99a2d99fd4ed0f7edf1ac79e7253e7/staging/src/k8s.io/csi-translation-lib/plugins/in_tree_volume.go#L84-L86, which is used to translate the `nodeAffinity` in https://github.com/kubernetes/kubernetes/blob/fed3a4520d99a2d99fd4ed0f7edf1ac79e7253e7/staging/src/k8s.io/csi-translation-lib/plugins/in_tree_volume.go#L271-L274
Good point. Would you mind filing an issue upstream, so we can discuss there if it makes sense to squash the duplicities?
Verified on 4.8.0-0.nightly-2021-06-09-023740 $ oc get pv pvc-07a7f7ba-ccfb-431c-bf51-d9104db14f42 NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pvc-07a7f7ba-ccfb-431c-bf51-d9104db14f42 1Gi RWO Delete Bound wduan-csi/mypvc-default-sc gp2 5m35s $ oc get pv pvc-07a7f7ba-ccfb-431c-bf51-d9104db14f42 -o yaml metadata: annotations: pv.kubernetes.io/provisioned-by: ebs.csi.aws.com ... nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: topology.kubernetes.io/zone operator: In values: - us-east-2b - key: topology.kubernetes.io/region operator: In values: - us-east-2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438