Skip to content

STOR-2859: Add APIs for disabling force detach in KCM operator #2668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dobsonj wants to merge 1 commit into
base: master
Choose a base branch
from
Open

STOR-2859: Add APIs for disabling force detach in KCM operator #2668

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions ...ig/v1alpha1/tests/controllermanagers.config.openshift.io/DisableForceDetachOnTimeout.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
name: "ControllerManager"
crdName: controllermanagers.config.openshift.io
featureGates:
- DisableForceDetachOnTimeout
tests:
onCreate:
- name: Should be able to create with default values
initial: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout:
expected: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Enabled
- name: Should be able to create with force detach enabled
initial: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Enabled
expected: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Enabled
- name: Should be able to create with force detach disabled
initial: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Disabled
expected: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Disabled
- name: Should reject unsupported value of forceDetachOnTimeout
initial: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: INVALID
expectedError: "spec.forceDetachOnTimeout: Unsupported value: \"INVALID\": supported values: \"Enabled\", \"Disabled\""
Comment on lines +8 to +47
Copy link
Member

@saschagrunert saschagrunert Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those tests are just testing basic CRUD and can be omitted.

onUpdate:
- name: Enabled to Disabled
initial: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Enabled
updated: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Disabled
expected: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Disabled
- name: Disabled to default value
initial: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Disabled
updated: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout:
expected: |
apiVersion: config.openshift.io/v1alpha1
kind: ControllerManager
spec:
forceDetachOnTimeout: Enabled
76 changes: 76 additions & 0 deletions config/v1alpha1/types_controllermanager.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
package v1alpha1

import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// ControllerManager holds cluster-wide config information to run the Kubernetes controller manager
// and influence its placement decisions. The canonical name for this config is `cluster`.
Comment on lines +9 to +10
Copy link
Member

@saschagrunert saschagrunert Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like "influence its placement decisions" was copied from the Scheduler type description and doesn't apply to the controller manager, we should improve it a bit:

Suggested change
// ControllerManager holds cluster-wide config information to run the Kubernetes controller manager
// and influence its placement decisions. The canonical name for this config is `cluster`.
// ControllerManager holds cluster-wide configuration for the Kubernetes controller manager.
// The canonical name for this config is `cluster`.

//
// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
// +openshift:compatibility-gen:level=4
// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/2668
// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01
// +kubebuilder:object:root=true
// +kubebuilder:resource:path=controllermanagers,scope=Cluster
// +kubebuilder:subresource:status
// +kubebuilder:metadata:annotations=release.openshift.io/bootstrap-required=true
// +openshift:enable:FeatureGate=DisableForceDetachOnTimeout
type ControllerManager struct {
metav1.TypeMeta `json:",inline"`

// metadata is the standard object's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
metav1.ObjectMeta `json:"metadata,omitzero"`
// spec holds user settable values for configuration
// +required
Spec ControllerManagerSpec `json:"spec,omitzero"`
// status holds observed values from the cluster. They may not be overridden.
// +optional
Status ControllerManagerStatus `json:"status,omitzero"`
}

// ControllerManagerSpec defines the desired state of the Kubernetes controller manager
// +kubebuilder:validation:MinProperties=1
type ControllerManagerSpec struct {
// forceDetachOnTimeout expresses whether to allow kube-controller-manager
// to force detach volumes when unmount takes longer than the timeout.
// Valid values are Enabled and Disabled. If omitted, the default is Enabled.
// +default="Enabled"
Comment on lines +39 to +42
Copy link
Member

@saschagrunert saschagrunert Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per https://github.com/openshift/enhancements/blob/master/dev-guide/api-conventions.md

With configuration APIs, we typically default fields within the controller and not within the API. This means that the platform has the ability to make changes to the defaults over time as we improve the capabilities of OpenShift.

Suggested change
// forceDetachOnTimeout expresses whether to allow kube-controller-manager
// to force detach volumes when unmount takes longer than the timeout.
// Valid values are Enabled and Disabled. If omitted, the default is Enabled.
// +default="Enabled"
// forceDetachOnTimeout expresses whether to allow kube-controller-manager
// to force detach volumes when the maximum unmount time is exceeded or when
// a node is not healthy.
// Valid values are "Enabled" and "Disabled".
// When omitted, this means the user has no opinion and the platform is left
// to choose a reasonable default, which is subject to change over time.
// The current default is "Enabled".

I guess we can keep +kubebuilder:validation:MinProperties=1 on ControllerManagerSpec, The user explicitly sets Enabled or Disabled.

// +optional
ForceDetachOnTimeout ForceDetachOnTimeoutPolicy `json:"forceDetachOnTimeout,omitempty"`
}

// +kubebuilder:validation:Enum=Enabled;Disabled
Copy link
Member

@saschagrunert saschagrunert Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// +kubebuilder:validation:Enum=Enabled;Disabled
// ForceDetachOnTimeoutPolicy describes the policy for force detaching volumes
// when the maximum unmount time is exceeded.
// Valid values are "Enabled" and "Disabled".
// +kubebuilder:validation:Enum=Enabled;Disabled

type ForceDetachOnTimeoutPolicy string

const (
// ForceDetachOnTimeoutEnabled will allow kube-controller-manager to
// force detach volumes based on maximum unmount time and node status.
ForceDetachOnTimeoutEnabled ForceDetachOnTimeoutPolicy = "Enabled"
// ForceDetachOnTimeoutDisabled will prevent kube-controller-manager
// from force detaching volumes.
ForceDetachOnTimeoutDisabled ForceDetachOnTimeoutPolicy = "Disabled"
)

// ControllerManagerStatus defines the observed state of the Kubernetes controller manager
// +kubebuilder:validation:MinProperties=1
type ControllerManagerStatus struct {
}
Comment on lines +60 to +62
Copy link
Member

@saschagrunert saschagrunert Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MinProperties=1 makes the ControllerManagerStatus unusable. We should either add a field or remove the +kubebuilder:subresource:status option from ControllerManager.


// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
// +openshift:compatibility-gen:level=4
type ControllerManagerList struct {
metav1.TypeMeta `json:",inline"`

// metadata is the standard list's metadata.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
metav1.ListMeta `json:"metadata"`

Items []ControllerManager `json:"items"`
}
73 changes: 73 additions & 0 deletions ...ated.crd-manifests/0000_10_config-operator_01_controllermanagers-CustomNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/2668
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
release.openshift.io/feature-set: CustomNoUpgrade
name: controllermanagers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ControllerManager
listKind: ControllerManagerList
plural: controllermanagers
singular: controllermanager
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
ControllerManager holds cluster-wide config information to run the Kubernetes controller manager
and influence its placement decisions. The canonical name for this config is `cluster`.

Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
minProperties: 1
properties:
forceDetachOnTimeout:
default: Enabled
description: |-
forceDetachOnTimeout expresses whether to allow kube-controller-manager
to force detach volumes when unmount takes longer than the timeout.
Valid values are Enabled and Disabled. If omitted, the default is Enabled.
enum:
- Enabled
- Disabled
type: string
type: object
status:
description: status holds observed values from the cluster. They may not
be overridden.
minProperties: 1
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
73 changes: 73 additions & 0 deletions ....crd-manifests/0000_10_config-operator_01_controllermanagers-DevPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/2668
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
release.openshift.io/feature-set: DevPreviewNoUpgrade
name: controllermanagers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ControllerManager
listKind: ControllerManagerList
plural: controllermanagers
singular: controllermanager
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
ControllerManager holds cluster-wide config information to run the Kubernetes controller manager
and influence its placement decisions. The canonical name for this config is `cluster`.

Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
minProperties: 1
properties:
forceDetachOnTimeout:
default: Enabled
description: |-
forceDetachOnTimeout expresses whether to allow kube-controller-manager
to force detach volumes when unmount takes longer than the timeout.
Valid values are Enabled and Disabled. If omitted, the default is Enabled.
enum:
- Enabled
- Disabled
type: string
type: object
status:
description: status holds observed values from the cluster. They may not
be overridden.
minProperties: 1
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
73 changes: 73 additions & 0 deletions ...crd-manifests/0000_10_config-operator_01_controllermanagers-TechPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.openshift.io: https://github.com/openshift/api/pull/2668
api.openshift.io/merged-by-featuregates: "true"
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
release.openshift.io/feature-set: TechPreviewNoUpgrade
name: controllermanagers.config.openshift.io
spec:
group: config.openshift.io
names:
kind: ControllerManager
listKind: ControllerManagerList
plural: controllermanagers
singular: controllermanager
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
ControllerManager holds cluster-wide config information to run the Kubernetes controller manager
and influence its placement decisions. The canonical name for this config is `cluster`.

Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: spec holds user settable values for configuration
minProperties: 1
properties:
forceDetachOnTimeout:
default: Enabled
description: |-
forceDetachOnTimeout expresses whether to allow kube-controller-manager
to force detach volumes when unmount takes longer than the timeout.
Valid values are Enabled and Disabled. If omitted, the default is Enabled.
enum:
- Enabled
- Disabled
type: string
type: object
status:
description: status holds observed values from the cluster. They may not
be overridden.
minProperties: 1
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
Loading