Is this a BUG REPORT or FEATURE REQUEST?:
@kubernetes/sig-storage-feature-requests
As a follow up to the conformance testing discussion in kubernetes/features#498, we had a meeting to brainstorm ideas around conformance testing of PVCs/PVs. Some ideas we came up with:
Some action items/questions:
cc @WilliamDenniss @bgrant0607 @AishSundar @pospispa @saad-ali
—
You are receiving this because you are on a team that was mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
Discussed a bit with @saad-ali. We brainstormed having 3 different suites for persistent volumes.
@msau42 are you still blocked on answers from sig-architecture to decide on further course of action. If so will you be taking up the ques with sig-architecture?
The main question I have: Is there value to having a core suite that tests only the control path with a mock driver? Just because the tests pass with a mock driver, doesn't mean that they will pass with a real volume driver. You could have OS/kernel dependencies that will prevent a real volume plugin from working. We can discuss this at the next conformance meeting and go from there.
The real value to the user is the persistent volume profile suite because it tests both control + data path integration of specific volume drivers in a particular platform. We can definitely focus on this first.
Conclusion from the comforance wg meeting:
Summary of the current idea for storage conformance tests:
Have 3 different conformance suites, and some examples for possible test cases in each:
More detailed test case tracking is available here. This sheet is open to anyone in kubernetes-dev.
/conformance
Catching up. Keep in mind that it needs to be possible to run the conformance suite against managed services that may have limited configurability.
I'm not sure it makes sense to have a storage-specific suite as part of Kubernetes certification. As with "node conformance" tests, the volume plugin tests sound useful independently of certification.
We haven't sorted out profiles yet, but there should not to be dozens of them, or else the numbers of possible combinations of different profiles would defeat the workload portability goal. (As well as being confusing for users.)
My current thinking is that we should bundle a common set of optional functionality into the first profile. For example, maybe it could contain RBAC, LoadBalancer Services, and single writer + dynamic provisioning + default storageclass.
it needs to be possible to run the conformance suite against managed services that may have limited configurability.
Can the tests themselves be configurable? For example, each provider can configure the test to drop in configuration for their supported volume plugin? This becomes especially important for providers that don't have in-tree volume types and need to use Flex or CSI drivers.
we should bundle a common set of optional functionality into the first profile. For example, maybe it could contain RBAC, LoadBalancer Services, and single writer + dynamic provisioning + default storageclass.
I think that could make sense for something like a "stateful workload" profile.
@msau42 Re. test configurability: I think it would be much better for users if there were a StorageClass that represented a consistent set of features/behaviors across providers, and that the conformance tests validated that behavior, rather than creating a configuration that existed just for the purpose of the tests. I also don't yet have a sense for how many providers will or won't enable users to choose and install CSI drivers.
It makes sense to test for a portable, out of the box experience with no extra steps needed. I think in that case, we could easily promote some of the existing StatefulSet tests that use default StorageClass into a conformance profile suite and write new tests around pod and PVC lifecycles.
I'll pursue the rest of the items outside of the conformance area and instead as part of a new volume plugin feature validation suite.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
/remove-lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
—
/remove-lifecycle stale
/lifecycle frozen
@msau42 is there a proposal that sig-architecture should look at?
/priority backlog
There's no proposal. We were last stuck on how to handle optional features in conformance. Profiles were discussed as one option. I would be happy to work with someone on a proposal if there has been any progress on this front. Cc @johnbelamaric
Nothing concrete around profiles or optional features yet, but I expect to have some ideas/plans on paper for discussion in the next week or so.
@johnbelamaric I had another thought regarding storage tests in conformance. Would it be useful to be able to test CSI conformance in the Kubernetes conformance suite using a non-cloud provider driver such as the CSI hostpath driver? It has no dependencies on cloud providers, and the tests we currently have deploy fixed images of the hostpath csi driver. By doing this, we at least can provide some confidence about basic CSI support in Kubernetes distros.
We would still want separate optional profiles/tests to test real storage implementations.
I like the idea of testing with a dummy driver. How dummy it is though may matter. For example, currently minikube is broken with regards to csi drivers:
kubernetes/minikube#4072
Testing with the csi-driver-hostpath driver though uncovers the issue.
I think it can't be completely mocked out like the mock driver, but hostpath seems more reasonable. Hostpath does have the limitation though of all the volumes being restricted to a single node, so we won't be able to add multi-node test cases that test things like data persistence.
But that's more of an evaluation of driver capabilities, more than testing whether or this k8s cluster makes all the proper csi calls
Would it be useful to be able to test CSI conformance in the Kubernetes conformance suite using a non-cloud provider driver such as the CSI hostpath driver?
A test that depends on the hostpath driver might not meet the current conformance tests requirements because it depends on a privileged pod.
A cluster is not required to support those (at least that is my understanding), or if it does, then how to authorize those pods to run is not standardized and thus a test might become non-portable.
In the current E2E test, we get by with a special cluster role binding that is required on some clusters and ignored on others: https://github.com/kubernetes/kubernetes/blob/c495744436fc94ebbef2fcbeb97699ca96fe02dd/test/e2e/testing-manifests/storage-csi/hostpath/hostpath/e2e-test-rbac.yaml#L1-L31
—
You are receiving this because you are on a team that was mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
I spoke to @johnbelamaric earlier about the privileged requirement and concluded that we can relax it if necessary. So I don't consider requiring privileged an issue.