CrossNamespaceVolumeDataSource does not work

[s2504s]

/kind bug

What happened?
A PVC is configured for using the dataSourceRef in order to be able to use VolumeSnapshot from the different namespace

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-dev-nginx
  namespace: dev
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: ebs-sc
  resources:
    requests:
      storage: 8Gi
  dataSourceRef:
    name: snapshot-staging-nginx
    kind: VolumeSnapshot
    apiGroup: snapshot.storage.k8s.io
    namespace: staging

But this functionality does not work - PVC was created but the source field is absent and the PV that is created from this PVC is empty

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-dev-nginx
  namespace: dev
status:
  phase: Pending
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 8Gi
  storageClassName: ebs-sc
  volumeMode: Filesystem

All requirements from this manual https://kubernetes.io/blog/2023/01/02/cross-namespace-data-sources-alpha/ are met:

• gateway.networking.k8s.io is added to the Kubernetes API
• kind: ReferenceGrant is created

apiVersion: gateway.networking.k8s.io/v1beta1
kind: ReferenceGrant
metadata:
  name: allow-staging-pvc
  namespace: staging
spec:
  from:
  - group: ""
    kind: PersistentVolumeClaim
    namespace: dev
  to:
  - group: snapshot.storage.k8s.io
    kind: VolumeSnapshot
    name: snapshot-staging-nginx

• Enable the CrossNamespaceVolumeDataSource feature gate for the CSI Provisioner
• Grant ReferenceGrants read permission to the CSI Provisioner - I granted cluster-admin role fro SA CSI-provisioner

What you expected to happen?
The created PVC should contain the dataSourceRef field and the PV should contain data form SnapshotVolume

How to reproduce it (as minimally and precisely as possible)?
Apply the manifest above

Anything else we need to know?:
If I use the same namespace for PVC and SnapshotVolume - everything works as expected - PVC contains right source and PV contains the data from that SnapshotVolume

Environment

• Kubernetes version (use kubectl version): 1.27
• Driver version: 1.19.0

[AndrewSirenko]

Hi @s2504s, thank you for reaching out. #1746 shows that the CrossNamespaceVolumeDataSource feature can be used with the aws-ebs-csi-driver if the relevant kube-apiserver and kube-controller-manager feature gates are turned on and the relevant cluster role rule is added. However, EKS will not enable the feature gates before the community enables them by default.

/close

[k8s-ci-robot]

@AndrewSirenko: Closing this issue.

In response to this:

Hi @s2504s, thank you for reaching out. #1746 shows that the CrossNamespaceVolumeDataSource feature can be used with the aws-ebs-csi-driver if the relevant kube-apiserver and kube-controller-manager feature gates are turned on and the relevant cluster role rule is added. However, EKS will not enable the feature gates before the community enables them by default.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.