Check for PVC label selector conflicts against the secondary cluster. - WIP(Need to test) #1855
Conversation
d8f3da4 to
92a2325
Compare
|
How do you plan to do the conflict check? Labels can be added and removed at any time. Lets say we have a conflict check the time a drpc is added, there are no conflict. Now the user add a label or add a new pvc machine another drpc label. The next time we look at the pvcs we will find a new pvc and protect it. How the conflict check helps? The example you using Exist for label is a very bad way to select pvcs. The only way to protect from such bad label selector is to reject Exists selector and allow only In selector. |
The conflict check is implemented within the VRG reconciliation process, which already watching PVCs for the addition of the VRG owner label. Therefore, updating labels on PVCs does not pose an issue.
I think you are explaining primary cluster behavior, The conflict check applies specifically to the secondary cluster. If any PVC in the secondary cluster matches the primary VRG’s label selector, the check will trigger an error. It does not consider whether the PVC is owned by another VRG or remains unowned.
The above example provides a straightforward, high-level overview to highlight the importance of performing a PVC conflict check in the secondary cluster. Since a PVC can have multiple labels, conflicts can arise in various ways. |
The flow is not clear. Can yo describe the state in both clusters and explain when the conflicts check happens, and what is expected result of the conflict check? Does it only log an error, or prevent failover/relocate? The behavior must be specified and discussed before we working on a solution. An issue is the right place to describe the problem and specify the solution. |
This PR is part of the independent VM feature, and I have already discussed the issue with my sub-team. I raised the PR to facilitate discussions with other sub-teams, as I felt continuing the discussion under an issue would delay implementation. I still need help deciding whether to simply log the issue, return an error in the secondary VRG reconciliation, or update a status condition. |
Signed-off-by: Gowtham Shanmugasundaram <gshanmug@redhat.com>
92a2325 to
05da967
Compare
There is no way to discuss this PR with other people if the problem and the suggested behavior is not specified in public. |
I still don’t understand why presenting the problem along with a clear example isn't sufficient for the PR review. While we can continue refining the solution by creating a well-documented issue, drafting extensive documentation, and holding multiple meetings, this approach will only prolong the process. The purpose of the PR is to initiate discussions and collaboratively work toward a solution rather than delaying implementation with excessive formalities. |
Example Scenario: PVC Label Selector Conflict Check
Primary Cluster (Cluster 1)
PVC:
VRG1 (Primary for VolumeReplicationGroup of Cluster 1):
This configuration ensures that any PVC with the label key
appis selected.Secondary Cluster (Cluster 2)
PVCs:
VRG2 (Primary for VolumeReplicationGroup of Cluster 2):
This configuration selects only PVCs labeled
app: backup-service.Why is a Conflict Check Needed?
1️⃣ Unintended PVC Selection
2️⃣ Data Integrity & Isolation
By implementing PVC label selector conflict checks, you can ensure a seamless and reliable failover strategy while avoiding unintended PVC protection. 🚀