Checked on AWS, AWS EBS CSI driver returns two topology segments:

I0520 12:19:17.666181       1 connection.go:185] GRPC response: {"volume":{"accessible_topology":[{"segments":{"topology.ebs.csi.aws.com/zone":"us-east-1b","topology.kubernetes.io/zone":"us-east-1b"}}],"capacity_bytes":1073741824,"volume_id":"vol-0df87601e5f389076"}}

PV provisioned directly as CSI (with CSI storage class) has the same issue:


    csi:
      driver: ebs.csi.aws.com
      fsType: ext4
      volumeAttributes:
        storage.kubernetes.io/csiProvisionerIdentity: 1621513076004-8081-ebs.csi.aws.com
      volumeHandle: vol-0560a74a5ed60d676
    nodeAffinity:
      required:
        nodeSelectorTerms:
        - matchExpressions:
          - key: topology.kubernetes.io/zone
            operator: In
            values:
            - us-east-1b
          - key: topology.ebs.csi.aws.com/zone
            operator: In
            values:
            - us-east-1b


CSI translation won't make it worse (or better).

Correction: the CSI volume topology is weird, it uses both topology.ebs.csi.aws.com/zone and topology.kubernetes.io/zone.

Reading upstream PRs, adding topology.kubernetes.io/zone is intentional:

https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/773
https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/729

We can fix the CSI translation library - when it translates nodeAffinity from CSI to in-tree, it should merge the two redundant nodeSelectorTerms into one, i.e. somewhere in https://github.com/kubernetes/kubernetes/blob/fed3a4520d99a2d99fd4ed0f7edf1ac79e7253e7/staging/src/k8s.io/csi-translation-lib/plugins/aws_ebs.go#L157

it seems that this duplication is by intention as per https://github.com/kubernetes/kubernetes/blob/fed3a4520d99a2d99fd4ed0f7edf1ac79e7253e7/staging/src/k8s.io/csi-translation-lib/plugins/in_tree_volume.go#L84-L86, which is used to translate the `nodeAffinity` in https://github.com/kubernetes/kubernetes/blob/fed3a4520d99a2d99fd4ed0f7edf1ac79e7253e7/staging/src/k8s.io/csi-translation-lib/plugins/in_tree_volume.go#L271-L274

Good point. Would you mind filing an issue upstream, so we can discuss there if it makes sense to squash the duplicities?

Verified on 4.8.0-0.nightly-2021-06-09-023740


$ oc get pv pvc-07a7f7ba-ccfb-431c-bf51-d9104db14f42
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                        STORAGECLASS   REASON   AGE
pvc-07a7f7ba-ccfb-431c-bf51-d9104db14f42   1Gi        RWO            Delete           Bound    wduan-csi/mypvc-default-sc   gp2                     5m35s

$ oc get pv pvc-07a7f7ba-ccfb-431c-bf51-d9104db14f42 -o yaml
metadata:
  annotations:
    pv.kubernetes.io/provisioned-by: ebs.csi.aws.com
...
  nodeAffinity:
    required:
      nodeSelectorTerms:
      - matchExpressions:
        - key: topology.kubernetes.io/zone
          operator: In
          values:
          - us-east-2b
        - key: topology.kubernetes.io/region
          operator: In
          values:
          - us-east-2

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438