nfs: add support for modifying clients parameter via VolumeAttributesClass#6219
Draft
nixpanic wants to merge 2 commits intoceph:develfrom
Draft
nfs: add support for modifying clients parameter via VolumeAttributesClass#6219nixpanic wants to merge 2 commits intoceph:develfrom
nixpanic wants to merge 2 commits intoceph:develfrom
Conversation
Member
Author
|
/test ci/centos/k8s-e2e-external-storage/1.35/cephfs |
nixpanic
commented
Apr 2, 2026
nixpanic
force-pushed
the
ai/bob/nfs/ControllerModifyVolume/clients
branch
5 times, most recently
from
22a917f to
100405b
Compare
The ControllerModifyVolume CSI procedure can now be used to modify the `clients` parameter that was originally configured in the StorageClass. The SetClients() method uses the NFS Admin API to update the export on the cluster (via ExportInfo + CreateCephFSExport) and stores the value in the journal for persistence. Removed GetClients() method as the clients parameter is not stored in the VolumeContext but configured directly in the NFS export on the server. Assisted-by: AskBob <askbob@ibm.com> Signed-off-by: Niels de Vos <ndevos@ibm.com>
Add comprehensive e2e test that verifies the clients parameter can be modified using VolumeAttributesClass. The test: - Creates a volume with restrictive clients (1.1.1.1) - Verifies that an app fails to mount with restrictive settings - Updates the clients parameter via VolumeAttributesClass to allow all clients (0.0.0.0/0) - Verifies that the app successfully mounts after the update The test runs just before the cleanup phase to ensure proper test sequencing. Assisted-by: AskBob <askbob@ibm.com> Signed-off-by: Niels de Vos <ndevos@ibm.com>
nixpanic
force-pushed
the
ai/bob/nfs/ControllerModifyVolume/clients
branch
from
100405b to
c27e00a
Compare
Member
Author
|
/test ci/centos/k8s-e2e-external-storage/1.35/cephfs |
Member
Author
|
/test ci/centos/mini-e2e-helm/k8s-1.35/cephfs |
Member
Author
|
/test ci/centos/mini-e2e-helm/k8s-1.35/nfs |
Member
Author
|
/test ci/centos/mini-e2e-helm/k8s-1.35 |
Member
Author
|
/test ci/centos/mini-e2e/k8s-1.35/cephfs |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Describe what this PR does
This PR adds support for modifying the NFS
clientsparameter using VolumeAttributesClass. This allows administrators to update the list of hostnames, networks, or IP addresses that are allowed to access an NFS export after the volume has been created, without needing to recreate the volume.The implementation includes:
clientsparameter inControllerModifyVolumeCSI methodSetClients()andGetClients()in the NFSVolume type to persist the clients list in the CephFS journalIs there anything that requires special attention
Kubernetes Version Requirement: This feature requires Kubernetes >= 1.34, as VolumeAttributesClass is a newer Kubernetes feature. The E2E test includes a version check to skip on older clusters.
Backward Compatibility: This change is fully backward compatible. The
clientsparameter remains optional and existing volumes continue to work without modification. The feature only activates when a VolumeAttributesClass is applied to update the parameter.Security Consideration: Administrators should be aware that updating the
clientsparameter can expand or restrict access to NFS exports. The E2E test demonstrates both restrictive and permissive configurations to validate proper behavior.Related issues
This PR implements support for modifying NFS export access controls dynamically, which is useful for scenarios where access requirements change after volume provisioning.
Future concerns
secType)clientsparameter format to catch configuration errors earlyShow available bot commands
These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:
/retest ci/centos/<job-name>: retest the<job-name>after unrelatedfailure (please report the failure too!)