fix the create azure file pvc failure if there is no storage account in current resource group #56557
Conversation
k8s-ci-robot
added
sig/azure
release-note
|
/test pull-kubernetes-unit |
| // find a storage account that matches storageType | ||
| accounts, err = az.getStorageAccounts(storageType) | ||
| if err != nil || len(accounts) == 0 { | ||
| storageAccount = getAccountNameForNum(az.getNextAccountNum()) |
There was a problem hiding this comment.
where is getNextAccountNum() defined? The only getNextAccountNum function I can find is defined for blob controller and it is quite buggy...
There was a problem hiding this comment.
@rootfs yes, it's buggy, I used another way to generate random storage account name for file share, the generated account name could be like pvcfile4100861029
There was a problem hiding this comment.
I will fix this buggy func getNextAccountNum() in another PR, will change the account name generation method, use new one getStorageAccountName by uuid in this PR
andyzhangx
force-pushed
the
azurefile-createaccount
branch
2 times, most recently
from
b494f06 to
fdd53c5
Compare
|
/retest |
|
andyzhangx
force-pushed
the
azurefile-createaccount
branch
2 times, most recently
from
c7bce8a to
0a02b26
Compare
| // find a storage account that matches storageType | ||
| accounts, err = az.getStorageAccounts(storageType) | ||
| if err != nil || len(accounts) == 0 { | ||
| uniqueID := az.controllerCommon.resourceGroup + az.controllerCommon.location + az.controllerCommon.subscriptionID |
There was a problem hiding this comment.
this reveals too much (perhaps sensitive) information
There was a problem hiding this comment.
@rootfs there is hash like function MakeCRC32 which would transform uniqueID to a hash string, e,g. if uniqueID is resourcegroupwestuscc1624c7-3f1d-4ed3-a855-668a86e96ad8, it will convert to 2380111856, you could see no one could parse string 2380111856 to get info like resourcegroup, subscriptionID.
The reason I use both uniqueID and UUID is that it's unique for every subscriptionID, resourcegroup, thus the account name conflict possibility be near zero as 1/10 000 000 000 in one resourcegroup. If that possibility happens, user could delete the PVC and recreate PVC again.
There was a problem hiding this comment.
where is that unique string transformed into a CRC string?
There was a problem hiding this comment.
Suppose using uuid is enough, though we need substr to fit for the limit constraint.
Ref:
https://github.com/Azure/azure-quickstart-templates/blob/master/101-storage-account-create/azuredeploy.json#L20
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-string#uniquestring
|
@rootfs if |
|
ping @rootfs |
k8s-github-robot
added
the
needs-rebase
andyzhangx
force-pushed
the
azurefile-createaccount
branch
from
0a02b26 to
307b49a
Compare
k8s-github-robot
removed
the
needs-rebase
|
@rootfs PTAL? Thanks!! |
|
@rootfs I have answered your question in the PR, could you take a look? Thanks. |
@rootfs there is hash like function |
|
@karataliu @feiskyer PTAL, thx. |
k8s-ci-robot
added
lgtm
| @@ -51,6 +51,9 @@ func (az *Cloud) getStorageAccounts() ([]accountWithLocation, error) { | |||
| storageType := "" | |||
| if acct.Sku != nil { | |||
| storageType = string((*acct.Sku).Name) | |||
| if matchingAccountType != "" && strings.ToLower(matchingAccountType) != strings.ToLower(storageType) { | |||
There was a problem hiding this comment.
Removed approved label.
@andyzhangx Could you fix this?
feiskyer
removed
the
approved
| accountType = defaultStorageAccountType | ||
| } | ||
|
|
||
| glog.V(2).Infof("azureFile - no storage account found, begin to create a new storage account %s in resource group %s, location: %s, accountType: %s", |
There was a problem hiding this comment.
Better be 'no matching storage account found'
| errResult = fmt.Errorf("failed to find a matching storage account") | ||
| // find the access key with this account | ||
| accountKey, err := az.getStorageAccesskey(accountName) | ||
| if err != nil { |
There was a problem hiding this comment.
Combine err check in same line
There was a problem hiding this comment.
if I code like following, it looks ugly, since accountKey will be used in the next statement.
if accountKey, err := az.getStorageAccesskey(accountName); err != nil {
...
} else {
if err := az.createFileShare(accountName, accountKey, shareName, requestGiB); err != nil {
}
| @@ -46,6 +46,9 @@ func (az *Cloud) getStorageAccounts() ([]accountWithLocation, error) { | |||
| storageType := "" | |||
| if acct.Sku != nil { | |||
| storageType = string((*acct.Sku).Name) | |||
| if matchingAccountType != "" && !strings.EqualFold(matchingAccountType, storageType) { | |||
There was a problem hiding this comment.
- if acct.Sku is really nil we'd better also skip it.
Consider just making Line40 to verify 'acct.Name != nil && acct.Location !=nil && acct.Sku != nil' , then remaining part could be simplified.
- matchingAccountType check could come first to avoid unnecessary 'name & loc' assignment check
|
Some comments on naming/misc, others look good. |
k8s-github-robot
added
the
needs-rebase
andyzhangx
force-pushed
the
azurefile-createaccount
branch
from
b17df2c to
fd08023
Compare
k8s-github-robot
removed
the
needs-rebase
| @@ -25,29 +25,29 @@ type accountWithLocation struct { | |||
| Name, StorageType, Location string | |||
| } | |||
|
|
|||
| // getStorageAccounts gets the storage accounts' name, type, location in a resource group | |||
| func (az *Cloud) getStorageAccounts() ([]accountWithLocation, error) { | |||
| // getStorageAccounts gets name, type, location of all storage accounts in a resource group which matches matchingAccountType | |||
| storageType = string((*acct.Sku).Name) | ||
|
|
||
| location := *acct.Location | ||
| if location != "" && !strings.EqualFold(matchingLocation, location) { |
There was a problem hiding this comment.
matchingLocation != "" ?
| } | ||
| accounts = append(accounts, accountWithLocation{Name: name, StorageType: storageType, Location: loc}) | ||
| accounts = append(accounts, accountWithLocation{Name: *acct.Name, StorageType: storageType, Location: location}) |
There was a problem hiding this comment.
We'd better use the actual type & location from acct object here, since storageType and location could be empty
There was a problem hiding this comment.
storageType, Location is from acc object.
storageType := string((*acct.Sku).Name)
if matchingAccountType != "" && !strings.EqualFold(matchingAccountType, storageType) {
continue
}
location := *acct.Location
if matchingLocation != "" && !strings.EqualFold(matchingLocation, location) {
continue
}
| @@ -91,7 +91,7 @@ func (c *BlobDiskController) CreateVolume(name, storageAccount, storageAccountTy | |||
| accounts = append(accounts, accountWithLocation{Name: storageAccount}) | |||
| } else { | |||
| // find a storage account | |||
| accounts, err = c.common.cloud.getStorageAccounts(storageAccountType) | |||
| accounts, err = c.common.cloud.getStorageAccounts(storageAccountType, location) | |||
There was a problem hiding this comment.
Note: We can also update upcoming account matching logic when fixing: '// TODO: create a storage account and container'
There was a problem hiding this comment.
yes, I am going to fix it in next PR, it's in my plan.
use new storage account name generation method use uuid to generate account name change azure file account prefix use uniqueID to generate a storage account name fix comments fix comments fix comments fix a storage account matching bug only use UUID in getStorageAccountName func use shorter storage account prefix for azure file fix comments fix comments fix comments fix rebase build error rewrite CreateFileShare code logic fix gofmt issue fix test error fix comments fix a location matching bug
andyzhangx
force-pushed
the
azurefile-createaccount
branch
from
663a218 to
aa21bef
Compare
|
And I have also done a few manual tests on Azure env, it works well. |
|
/test pull-kubernetes-e2e-kops-aws |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: andyzhangx, feiskyer, karataliu The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these OWNERS Files:
Approvers can indicate their approval by writing |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here. |
…6557-upstream-release-1.8 Automated cherry pick of #56557
What this PR does / why we need it:
When create an azure file PVC, there will be error if there is no storage account in current resource group.
With this PR, a storage account will be created if there is no storage account in current resource group.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #56556
Special notes for your reviewer:
CreateFileSharefunc.getStorageAccountNameto get a unique storage account name by UUID, a storage account for azure file would be likef0b2b0bd40c010112e897fa. And in next PR, I will use this function to create storage account for azure disk, the storage account for azure disk would be liked8f3ad8ad92000f1e1e88bd.Release note:
/sig azure
/assign @rootfs