►
Description
https://github.com/kubernetes/kubernetes/issues/52617 - Remove the PersistentVolumeLabel Admission Controller ; Discussion will continue in the next extraction meeting.
A
Hello,
welcome
to
the
april
22nd
working
cloud
provider
extraction
working
group
meeting
today.
We
will
be
specifically
having
a
special
meeting
with
a
special
guest
from
storage
to
go
over
the
persistent
volume
label
controller,
so
this
is
specifically
around
bug
52617.
A
I
will
also
mention
that
this
is
a
kubernetes
cncf
meeting
and
as
such
I
would
ask
everyone
to
adhere
to
the
cncf
policies.
They
basically
amount
to
being
considerate
and
inclusive
of
all
your
fellow
members.
So
with
that,
I'm
gonna
go
ahead
and
you
know
take
a
quick
look.
So,
with
the
we
have
just
the
single
agenda
item:
remove
the
persistent
volume
label
admission
controller,
so
this
bug
has
been
open,
as
you
can
see
now
for
quite
a
long
time.
A
The
persistent
volume
controller
is
something
that
is
intended
to
run
in
the
ccm,
but
to
date
there
are
still
a
couple
of
the
providers,
principally
google
and
amazon
that
do
not
run
the
ccm
as
a
standard.
Part
of
their
control
are
their
managed
offerings,
and
so
this
is
in
part
a
meeting
to
discuss
what
our
plans
are
moving
forward
and
how
we
can
make
all
of
this
work.
A
A
A
So
that's
some
background
material
and
then
I
think,
as
of
about
a
week
ago,
michelle
actually
mentions
exactly
what
I
said
that
the
attempts
at
using
initializers
has
been
abandoned
and
we
should
consider
a
replacement
using
the
presumably
the
mutating
admission
web
hooks
to
make
this
happen.
So
with
that,
I
think
I'm
going
to
turn
it
over
to
michelle.
If
michelle,
you
want
to
discuss
a
little
bit
more
about
this
from
the
six
storage
perspective
and
the
research
you've
done
on
it,.
B
Sure
yeah,
so
I
guess
to
give
some
background.
Basically
what
this
admission
controller
does
is
if
someone
creates
a
pv
object,
referencing
a
particular
cloud
volume
like
gcepd
or
aws
ebs.
B
I
I
want
to
note
that
this
behavior
is
only
if
someone
is
importing
an
existing
disk
that
already
create
that
was
already
created
beforehand
and
they're
just
manually
importing
it
with
a
pv
object.
The
normal
flow
that
most
users
will
do
is
to
use
dynamic
provisioning,
which
is
when
they
create
a
pvc
object,
and
the
storage
plug-in
will
go,
create
the
volume
on
their
behalf,
and
when
that
volume
is
created,
the
storage
plugin
automatically
puts
all
the
correct
zone
and
region
labels
and
things
on
it.
B
So
this
is
really
this
controller.
Here
is
really
only
for
the
use
case
when
someone
wants
to
import
an
existing
one.
I
think
so.
So
there
is
a
question
as
to
like
whether
or
not
we
think
this
is
a
common
enough
scenario
that
we
want
to
continue
to
maintain
a
similar
behavior
when
we
move
to
out
of
tree
providers.
B
I
think
we
might
need
to
go
to
each
cloud
provider
to
perhaps
try
to
gather
data
on
usage
of
this
behavior,
but
my
expectation
is
that
there
are,
there
will
be
significant,
an
amount
of
users
still
depending
on
this
behavior,
so
yeah,
I
think
from
like
a
replacement
standpoint.
I
think
the
web
hook
seems
like
the
most
feasible
option
to
implement
a
similar
functionality,
and,
but
I
guess
you
know
every
it
would
be
one
more
thing
that
every
cloud
provider
may
have
to
bundle
in
a
web
hook
specific
to
this.
A
Yeah
so
so
quick
question
michelle,
it
seems
like
there
are
a
few
routes
we
can
go.
So
maybe
it's
worth
I
I
will
enumerate
the
ones
I
can
think
of
and
then,
if
I'm
missing
something
you
you
can,
let
me
know
let
me
go
with
the
the
dirtiest
one
that
I
can
think
of
which
is,
and
this
would
require
waiting
till
we
get
to
cc
to
everyone
being
on
the
ccm.
A
But
we
could
just
have
each
cloud
provider
implement
this
themselves
as
to
according
to
their
own
needs
as
their
own
controller,
so
not
even
worrying
about
a
web
hook
or
anything
just
have
this
being
a
controller
and
they
can
implement
it
as
they
see
fit.
Just
sitting
there.
Looking
on
a
a
pv
and
then
modifying
the
bb
right
so
to
watch
the
pv
another
option
would
be
to
write
an
admission,
a
web
hook,
admission
controller.
A
I
I
think
the
nice
thing
there
is
well
nice
nasty.
The
the
thing
there
is.
You
don't
even
need
the
ccm
right
at
that
point.
I
think
you're
once
again,
relying
on
every
cloud
provider
or
maintainer
of
a
kubernetes
cluster
to
write
their
own
web
hook.
Web
hook,
server
configure
it
and
then
it
would
kick
in
and
presumably
when
you
created
a
pv
object
and
would
determine
if
it
needed
to
modify
the
pv
object.
Is
that
a
reasonable
assessment.
A
You
that
in
that
is
a
mutatable
configuration
which
means
that,
for
those
of
us
who
were
doing
managed
kubernetes,
our
customers
could
mess
up
that
configuration
and
not
even
realize
that
they
had
broken
this
functionality.
B
I
get,
are
you
saying
the
the
customers
would
be
the
one
that
configures
the
web
hook.
A
No
not
so
much
saying
that
yes
and
no,
what
I'm
saying
is,
even
if
the
cloud
provider
provisions
the
web
hook,
the
web
hook
is
mutable,
which
means
that
the
customer
can
either
modify
or
delete
it
act,
either
accidentally
or
deliberately.
A
A
So
the
cloud
controller
manager
is
a
framework
with
with
a
little
bit
of
wrapper,
that
is
provided
by
the
cloud
provider
that
allows
them
to
inject
their
cloud
provider.
Implementation,
add
any
additional
controllers
they
want,
but
it
does
provide
a
a
lot
of
the
common
code
and
so
at
least
three
or
I
think
it's
at
least
four
of
the
controllers
that
run
on
the
ccm
are
common
code
themselves
that
exist
in
kk
and
can
just
be
imported.
A
A
You
know,
I
think,
about
three
or
four
files
that
are
needed
on
the
cloud
provider's
side
amounting
to
maybe
four
or
500
lines
of
code,
but
that
then
implements
you
know
tens
of
thousands
of
lines
of
code
from
kk
to
make
it
all
work,
and
that's
largely
thanks
to
it
used
to
be
it
used
to
be
much
closer
to
50
50
on
the
amount
of
code,
but
cc
who's
on
the
call
put
a
lot
of
work
into
making
sure
that
as
much
as
possible
of
the
common
code
exists
in
kk
and
is
easy
to
to
to
reference
and
pull
in.
A
A
Yeah,
so
I
think
your
basic
idea
we
could
have
common
code
and
just
have
to
plug
in
a
little
bit
is
certainly
the
pattern
we've
been
following.
It
just
requires
some
thought
around
the
interface
to
try
and
make
sure
we
can
come
up
with
an
interface.
That's
both
easy
to
use
and
covers
each
cloud
provider's
needs.
B
Yeah
and
I
think
the
the
thing
about
the
the
the
current
emission
controller
that
we
have
there's
already
some
sort
of
an
interface
where,
basically,
I
think,
there's
like
a
giant
case
statement
there
and
then
it
just
spills
out
to
every
cloud
provider
to
just
plug
in
their
api.
A
Okay,
so
before
we
go
too
far
off
so
we've
gone
over
the
web
hook
idea
we've
gone
over
the
custom
controller
idea.
A
Michelle
has
then
added
a
variant
on
the
custom
controller
where
we
try
to
get
as
much
common
code
and
only
you
know
try
to
minimize
the
amount
of
special
code
needed
for
a
individual
cloud
provider.
Does
anyone
have
any?
I
think
that.
A
Yeah,
I
imagine
that
would
work
for
the
web
hook
too.
Does
anyone
have
any
other
ideas
they'd
like
to
discuss
iberk.
B
A
B
Personal
preference,
my
personal
preference,
is,
is
the
web
hook
approach,
mainly
because
these
some
of
the
information
that
the
current
web
hook
does
like
put
in
the
topology
of
the
volume
on
the
pv
object,
that's
actually
used
in
pod
scheduling.
D
All
right
can,
I
add
something
here
for
the
web
hook.
D
We
had
this
problem
with
other
web
hooks.
We
have,
and
I
mean
we
can
say
if
the
customer
deletes
it,
they
won't
get
the
functionality,
but
it's
a
managed
service
and
in
our
experience,
customers
sometimes
do
this
deliberately
and
it's
a
customer
paying.
So
if
possible,
I
would
do
the
controller
with
the
variant,
because
again
many
servers
and
customers
sometimes
come
to
us.
Why
can
I
even
break
my
cluster
in
such
a
bad
way?
D
Basically,
so
from
aws
point
of
view,
I
think
we
will
try
to
reduce
the
customer
pain
and
that's
why
I
don't
think
web
hook
would
be
the
best
idea
for
us,
but
obviously,
if
that's
a
conclusion
well,
we
can
just
implement
it.
A
So,
just
to
be
clear,
given
that
I
don't
think
we
have
everyone
that
I
would
like
in
this
call.
We've
only
got
two
of
the
cloud
providers
and
we've
got
several
other
people
who
would
like
a
say
in
this.
I
would
like
to
record
this
I'd
like
to
go
over
options,
but
I
think
we're
probably
going
to
need
to
have
a
second
meeting.
A
I
just
want
to
record
the
thoughts,
but
thank
you
for
your
opinion,
eh
book.
I
think
it
actually.
I
have
similar
reservations,
but
I
would
like
to
make
sure
everyone
gets
a
say.
Matt
did
you
have
any
opinion.
E
No
I'm
pretty
much
aligned
with
michelle
on
this.
B
Another
point
is:
another
point
is
like:
if
we
make
a
library
for
this,
it
could
be
up
to
the
cloud
provider
to
decide
if
they
want
to
do
it
as
a
controller
or
a
web
hook.
A
If
I
look
at
the
gcp
reference
implementation
versus
gke,
one
of
the
differences-
I
I
that
is
immediately
obvious
based
on
those
two
is
that
gke
actually
has
a
web
hook,
a
a
control
plane
web
hook,
server
as
a
convenient
place
to
put
the
sort
of
web
hook.
You're
mentioning
michelle.
I
know
the
gcp
reference
implementation
does
not,
and
so
you
know
one
of
the
interesting
things
that
we're
going
to
come
is
we'll
probably
have
to
look
at
adding
something
like
the.
A
If
we
go
the
web
hook,
route
we'll
probably
need
to
add
a
control,
plane,
webhook
server
to
the
gcp
reference
implementation,
and
you
know
I
I'm.
I
definitely
am
curious.
What
dims's
view
of
this
is
because
and
possibly
just
in
santa
barbara's
as
well,
because
it's
the
sort
of
thing
that
we
may
need
to
and
bend
the
elder,
because
it's
the
sort
of
thing
that
if
we
make
it
a
standard
thing,
we
may
want
to
make
sure
that
things
like
cube,
adm
and
all
of
the
other.
A
You
know
cluster
api
and
the
other
mechanisms
provisioning
actually
can
deal
with
the
change
we're
proposing.
A
However,
having
made
a
play
a
play
in
one
direction,
the
other
thing
I
will
point
out
is
that
for
amazon
and
google,
both
if
we
go
the
controller
manager
route,
we
either
need
some
commitment
to
very
quickly
move
over
to
using
the
ccm.
A
I'm
not
sure
if
anyone
has
any
opinions
on
all
the
things
I
just
mentioned.
D
B
A
I'm
not
sure
I
am
not
sure
if
anyone
other
than
those
of
us
using
cube
up
are
using
add-on
manager.
I
I
certainly
don't
didn't
think
either
cluster
api
or
cube
adm
used
add-on
manager,
but
I
could
be
wrong.
B
Yeah,
I
I
also
don't
know:
is
it
possible
to
to
write
another
web
hook
to
disallow
other
users
from
disabling
specific
web
hooks.
A
So
one
of
the
earliest
problems
we
had
with
the
web
systems
was
exactly
what
you
just
described,
but
it
was
a
customer
writing
a
web,
a
broken
web
hook
that
prevented
you
from
modifying
the
web
hooks
and
what
you
ended
up
with
is
a
web
hook
that
could
not
be
removed
because
it
prevented
it
and
the
only
way
for
I
believe
it
was
actually
joe
and
I
to
fix
that
particular
problem
was
to
bring
the
whole
cluster
down
and
manually
go
in
and
hack
the
lcd
storage
file
by
hand
to
remove
the
web
hook
so
that
you,
the
system,
could
actually
come
up
successfully
and
ever
since
then
we
have
made
it
an
explicit
part
of
the
web
hook.
A
Logic
that
you
that
web
hooks
are
not
allowed
to
be
applied
to
the
web
hook
configuration
resource
that
having
been
said,
I
don't
think
it's
a
bad
idea
and
in
fact
I
believe,
sig
api
machinery
is
about
somewhere
into
year.
Two
of
discussing
how
a
cloud
provider
can
actually
write
policies
of
the
type
you're
describing
it
probably
wouldn't
be
done
by
a
web
hook.
B
All
right,
that's
good,
to
know.
Yeah,
I'm
trying
to.
A
Cool
well,
we
are
about
out
of
time.
I
think
this
is
actually
a
really
good
discussion,
which
is
all
I
was
hoping
to
get
for
now.
I'm
gonna
go
ahead
and
publish
this
to
the
youtube
channel,
and
we
can
continue
this
on
the
slack
channel.
I
I
would
suggest
we
should
once
dims
and
nick
and
a
few
other
people
have
had
a
chance
to
review
the
meaning.