From f5528e4c18ac8315007a0d393c2829e228166e7a Mon Sep 17 00:00:00 2001 From: chenpu <1102509144@163.com> Date: Wed, 20 Mar 2024 01:38:22 +0800 Subject: [PATCH] fix: add finalizer to prevent volume leakage --- cmd/csi-provisioner/csi-provisioner.go | 2 ++ pkg/controller/controller.go | 22 +++++++++++++--------- pkg/controller/provisioning_controller.go | 5 +++-- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/cmd/csi-provisioner/csi-provisioner.go b/cmd/csi-provisioner/csi-provisioner.go index e5445551e1..b9669c835b 100644 --- a/cmd/csi-provisioner/csi-provisioner.go +++ b/cmd/csi-provisioner/csi-provisioner.go @@ -84,6 +84,8 @@ var ( capacityThreads = flag.Uint("capacity-threads", 1, "Number of simultaneously running threads, handling CSIStorageCapacity objects") operationTimeout = flag.Duration("timeout", 10*time.Second, "Timeout for waiting for volume operation (creation, deletion, capacity queries)") + provisioningFinalizerThreads = flag.Uint("provisioning-protection-threads", 1, "Number of simultaneously running threads, handling provisioning finalizer removal") + enableLeaderElection = flag.Bool("leader-election", false, "Enables leader election. If leader election is enabled, additional RBAC rules are required. Please refer to the Kubernetes CSI documentation for instructions on setting up these RBAC rules.") leaderElectionNamespace = flag.String("leader-election-namespace", "", "Namespace where the leader election resource lives. Defaults to the pod namespace if not set.") diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 6162a61fcf..26b71cbb5c 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -1012,31 +1012,35 @@ func (p *csiProvisioner) setCloneFinalizer(ctx context.Context, pvc *v1.Persiste return nil } -func (p *csiProvisioner) setProvisioningFinalizer(ctx context.Context, claim *v1.PersistentVolumeClaim) error { - if !checkFinalizer(claim, pvcProvisioningFinalizer) { - claim.Finalizers = append(claim.Finalizers, pvcProvisioningFinalizer) - _, err := p.client.CoreV1().PersistentVolumeClaims(claim.Namespace).Update(ctx, claim, metav1.UpdateOptions{}) +func (p *csiProvisioner) setProvisioningFinalizer(ctx context.Context, claim *v1.PersistentVolumeClaim) (err error) { + clone := claim.DeepCopy() + if !checkFinalizer(clone, pvcProvisioningFinalizer) { + clone.Finalizers = append(clone.Finalizers, pvcProvisioningFinalizer) + claim, err = p.client.CoreV1().PersistentVolumeClaims(clone.Namespace).Update(ctx, clone, metav1.UpdateOptions{}) + klog.V(5).Infof("successfully set PVC ProvisioningFinalizer %+v", claim.Name) return err } return nil } -func (p *csiProvisioner) removeProvisioningFinalizer(ctx context.Context, claim *v1.PersistentVolumeClaim) error { - if !checkFinalizer(claim, pvcProvisioningFinalizer) { +func (p *csiProvisioner) removeProvisioningFinalizer(ctx context.Context, claim *v1.PersistentVolumeClaim) (err error) { + clone := claim.DeepCopy() + if !checkFinalizer(clone, pvcProvisioningFinalizer) { return nil } newFinalizers := make([]string, 0) - for _, f := range claim.GetFinalizers() { + for _, f := range clone.GetFinalizers() { if f == pvcProvisioningFinalizer { continue } newFinalizers = append(newFinalizers, f) } - claim.Finalizers = newFinalizers - _, err := p.client.CoreV1().PersistentVolumeClaims(claim.Namespace).Update(ctx, claim, metav1.UpdateOptions{}) + clone.Finalizers = newFinalizers + claim, err = p.client.CoreV1().PersistentVolumeClaims(clone.Namespace).Update(ctx, clone, metav1.UpdateOptions{}) + klog.V(5).Infof("successfully remove PVC ProvisioningFinalizer %+v", claim.Name) return err } diff --git a/pkg/controller/provisioning_controller.go b/pkg/controller/provisioning_controller.go index a75590d5bc..a295f51cb1 100644 --- a/pkg/controller/provisioning_controller.go +++ b/pkg/controller/provisioning_controller.go @@ -164,9 +164,10 @@ func (p *ProvisioningProtectionController) syncClaim(ctx context.Context, claim finalizers = append(finalizers, finalizer) } } - claim.ObjectMeta.Finalizers = finalizers - if _, err := p.client.CoreV1().PersistentVolumeClaims(claim.Namespace).Update(ctx, claim, metav1.UpdateOptions{}); err != nil { + clone := claim.DeepCopy() + clone.Finalizers = finalizers + if _, err := p.client.CoreV1().PersistentVolumeClaims(clone.Namespace).Update(ctx, clone, metav1.UpdateOptions{}); err != nil { return err } return nil