nfs: implement ControllerModifyVolume to change NFS-server hostname by nixpanic · Pull Request #5829 · ceph/ceph-csi

nixpanic · 2025-12-04T16:52:38Z

The new hostname of the NFS-server is stored in a journal entry for the
volume. The new NFS-server will only be used the next time the NFS
Volume is mounted on a worker node.

It is not possible to update the VolumeContext of a Volume, so the old
hostname of the NFS-server will be stored there forever.

Show available bot commands

These commands are normally not required, but in case of issues, leave any of
the following bot commands in an otherwise empty comment in this PR:

/retest ci/centos/<job-name>: retest the <job-name> after unrelated
failure (please report the failure too!)

Madhu-1

@nixpanic is this tested code? i dont see ControllerServiceCapability_RPC_MODIFY_VOLUME capability is exposed for nFS

nixpanic · 2025-12-10T14:00:01Z

@nixpanic is this tested code? i dont see ControllerServiceCapability_RPC_MODIFY_VOLUME capability is exposed for nFS

Still trying to add some e2e tests, the csi-provisioner and csi-resizer sidecars have just gained the ability to pass credentials to the ControllerModifyVolume request.

Pull request has been modified.

nixpanic · 2025-12-12T10:20:06Z

/test ci/centos/mini-e2e-helm/k8s-1.34/nfs

nixpanic · 2025-12-12T10:48:09Z

/test ci/centos/mini-e2e/k8s-1.34/nfs

nixpanic · 2025-12-12T11:25:38Z

/test ci/centos/mini-e2e/k8s-1.34

nixpanic · 2025-12-12T12:32:59Z

@nixpanic is this tested code? i dont see ControllerServiceCapability_RPC_MODIFY_VOLUME capability is exposed for nFS

Verified 😜 that it fails with this:

  I1212 12:26:38.595866 75590 pvc.go:85] PVC cephcsi-nfs-pvc Event: ProvisioningFailed - CSI driver does not support VolumeAttributesClass: controller MODIFY_VOLUME capability is not reported

nixpanic · 2025-12-12T12:35:43Z

/test ci/centos/mini-e2e/k8s-1.34

nixpanic · 2025-12-12T12:50:48Z

/test ci/centos/mini-e2e/k8s-1.34

nixpanic · 2025-12-12T13:10:08Z

/test ci/centos/mini-e2e/k8s-1.34

nixpanic · 2025-12-16T08:48:59Z

/test ci/centos/mini-e2e/k8s-1.34/cephfs

nixpanic · 2025-12-16T15:31:44Z

/test ci/centos/mini-e2e/k8s-1.34/cephfs

nixpanic · 2025-12-17T09:09:06Z

/test ci/centos/mini-e2e/k8s-1.34/cephfs

nixpanic · 2025-12-17T12:19:59Z

/test ci/centos/mini-e2e/k8s-1.34/cephfs

nixpanic · 2025-12-19T13:15:28Z

Still trying to use the old nfs-server:

  Warning  FailedMount  8s (x13 over 10m)  kubelet            MountVolume.SetUp failed for volume "pvc-c64d91d7-9097-46f3-9594-eb993e5851b7" : rpc error: code = Internal desc = nfs: failed to mount "relocated.example.net:/0001-0024-e044d94f-5dfb-4f7b-a7e6-44895f196074-0000000000000001-38cbb13b-1f15-4a9b-80ff-3017574691a1" to "/var/lib/kubelet/pods/4ebe7989-0889-4af1-b138-48c67a90debd/volumes/kubernetes.io~csi/pvc-c64d91d7-9097-46f3-9594-eb993e5851b7/mount" : mount failed: exit status 32
Mounting command: mount
Mounting arguments: -t nfs relocated.example.net:/0001-0024-e044d94f-5dfb-4f7b-a7e6-44895f196074-0000000000000001-38cbb13b-1f15-4a9b-80ff-3017574691a1 /var/lib/kubelet/pods/4ebe7989-0889-4af1-b138-48c67a90debd/volumes/kubernetes.io~csi/pvc-c64d91d7-9097-46f3-9594-eb993e5851b7/mount
Output: mount.nfs: Failed to resolve server relocated.example.net: Name or service not known
 stderr: ""

nixpanic · 2025-12-19T13:43:59Z

It seems I missed handling of mutable_parameters in CreateVolume CSI procedure.

nixpanic · 2025-12-19T15:55:19Z

/test ci/centos/mini-e2e/k8s-1.34/cephfs

nixpanic · 2026-01-06T09:30:52Z

/test ci/centos/mini-e2e/k8s-1.34/cephfs

nixpanic · 2026-02-04T16:56:48Z

@Madhu-1 , NFS (and CephFS) uses admin credentials everywhere. Just using user credentials for ControllerModifyVolume and NodePublishVolume isn't straight forward. Reverted to admin credentials again, so that things at least work again.

mergify · 2026-02-04T19:16:22Z

This pull request now has conflicts with the target branch. Could you please resolve conflicts and force push the corrected changes? 🙏

Madhu-1 · 2026-02-05T05:26:06Z

@nixpanic lets address the merge conflict and have a tracker to address the admin creds

Signed-off-by: Niels de Vos <ndevos@ibm.com>

All functions use a fail-early-continue-on-success flow, NodeGetVolumeStats was not following this. Signed-off-by: Niels de Vos <ndevos@ibm.com>

Signed-off-by: Niels de Vos <ndevos@ibm.com>

The new hostname of the NFS-server is stored in a journal entry for the volume. The new NFS-server will only be used the next time the NFS Volume is mounted on a worker node. It is not possible to update the VolumeContext of a Volume, so the old hostname of the NFS=server will be stored there forever. Closes: ceph#5420 Signed-off-by: Niels de Vos <ndevos@ibm.com>

Signed-off-by: Niels de Vos <ndevos@ibm.com>

nixpanic · 2026-02-05T08:09:20Z

/test ci/centos/mini-e2e/k8s-1.35

Signed-off-by: Niels de Vos <ndevos@ibm.com>

Only the canary version suppors the VolumeAttributesClass with secrets in the ControllerModifyVolume gRPC. Signed-off-by: Niels de Vos <ndevos@ibm.com>

Signed-off-by: Niels de Vos <ndevos@ibm.com>

The NFS node-plugin does not support staging, it only uses publishing. For VolumeAttributeClass / ControllerModifyVolume the mutable parameters are stored in the Ceph backend. This means that during volume publishing the node-plugin needs to get the updated parameters from the Ceph cluster (hence the publish secret requirement). /tmp/csi has been added to the node-plugin Pod so that the temporary credentials file can be written. Signed-off-by: Niels de Vos <ndevos@ibm.com>

Signed-off-by: Niels de Vos <ndevos@ibm.com>

Only Kubernetes 1.34 and newer support VolumeAttributeClass functionality (GA). Ceph-CSI also depends on certain versions of the Kubernetes CSI external-provisioner and external-resizer. See-also: kubernetes-csi/docs#631 Signed-off-by: Niels de Vos <ndevos@ibm.com>

nixpanic · 2026-02-05T12:26:26Z

aaah! after renaming the VAC example, there was still a typo somewhere 😢

failed to create NFS voluemattributesclass: open ../examples/nfs//volumeattributeclass.yaml: no such file or directory

nixpanic · 2026-02-05T12:36:23Z

/test ci/centos/mini-e2e/k8s-1.35

nixpanic · 2026-02-05T14:07:10Z

@Madhu-1 and @Rakshith-R , this is now really ready for approval. The CI job is still running, but the NFS tests have passed.

nixpanic · 2026-02-05T14:11:41Z

@nixpanic lets address the merge conflict and have a tracker to address the admin creds

Tracked by #6026.

Rakshith-R · 2026-02-06T06:45:40Z

@Mergifyio requeue

mergify · 2026-02-06T06:45:47Z

requeue

✅ This pull request will be embarked automatically

Details

The head sha of this pull request, b4565bd, was never embarked in the merge queue.

But don't worry, Mergify will embark it automatically for you.

mergify · 2026-02-06T06:45:48Z

queue

✅ The pull request has been merged automatically

Details

The pull request has been merged automatically at 94c5e36

mergify · 2026-02-06T06:45:49Z

mergify Bot added the component/nfs Issues related to NFS label Dec 4, 2025

nixpanic force-pushed the nfs/ControllerModifyVolume branch from d006863 to 1a11979 Compare December 4, 2025 17:08

Rakshith-R previously approved these changes Dec 10, 2025

View reviewed changes

Madhu-1 reviewed Dec 10, 2025

View reviewed changes

nixpanic marked this pull request as draft December 10, 2025 14:00

nixpanic force-pushed the nfs/ControllerModifyVolume branch from 1a11979 to ca55fc1 Compare December 12, 2025 10:18

nixpanic force-pushed the nfs/ControllerModifyVolume branch from ca55fc1 to fe5d071 Compare December 12, 2025 12:35

nixpanic mentioned this pull request Dec 16, 2025

rebase: bump the k8s-dependencies group in /e2e with 4 updates #5864

Merged

nixpanic force-pushed the nfs/ControllerModifyVolume branch from 0215938 to fc84b94 Compare December 16, 2025 15:31

nixpanic force-pushed the nfs/ControllerModifyVolume branch from fc84b94 to df7f5dd Compare December 17, 2025 09:08

nixpanic force-pushed the nfs/ControllerModifyVolume branch from df7f5dd to 0f12bea Compare December 17, 2025 12:19

nixpanic force-pushed the nfs/ControllerModifyVolume branch from 0f12bea to dc81558 Compare December 19, 2025 15:55

nixpanic force-pushed the nfs/ControllerModifyVolume branch from dc81558 to 8899dcc Compare January 6, 2026 13:24

nixpanic added 6 commits February 5, 2026 09:03

nfs: create helpers for storing volume attributes in the journal

bfb3105

Signed-off-by: Niels de Vos <ndevos@ibm.com>

nfs: fail early in NodeGetVolumeStats

48f42d3

All functions use a fail-early-continue-on-success flow, NodeGetVolumeStats was not following this. Signed-off-by: Niels de Vos <ndevos@ibm.com>

nfs: move NFSVolume to shared types package

f9cec9a

Signed-off-by: Niels de Vos <ndevos@ibm.com>

nfs: make paramServer shared option public

52932ea

Signed-off-by: Niels de Vos <ndevos@ibm.com>

e2e: cleanup k8s.io module dependencies

05407b9

Signed-off-by: Niels de Vos <ndevos@ibm.com>

Madhu-1 previously approved these changes Feb 5, 2026

View reviewed changes

Rakshith-R previously approved these changes Feb 5, 2026

View reviewed changes

nixpanic added 7 commits February 5, 2026 13:25

e2e: add VolumeAttributesClass test for NFS

80b65b7

Signed-off-by: Niels de Vos <ndevos@ibm.com>

doc: include reference to NFS/ControllerModifyVolume in release-notes

0016f37

Signed-off-by: Niels de Vos <ndevos@ibm.com>

testing: use canary images for csi-resizer/provisioner

29b353e

Only the canary version suppors the VolumeAttributesClass with secrets in the ControllerModifyVolume gRPC. Signed-off-by: Niels de Vos <ndevos@ibm.com>

deploy: allow NFS-provisioner to access volumeattributesclasses

56d32c3

Signed-off-by: Niels de Vos <ndevos@ibm.com>

doc: mention support for NFS-server hostname changing

5f882c5

Signed-off-by: Niels de Vos <ndevos@ibm.com>

Madhu-1 approved these changes Feb 6, 2026

View reviewed changes

Rakshith-R approved these changes Feb 6, 2026

View reviewed changes

mergify Bot mentioned this pull request Feb 6, 2026

merge queue: embarking devel (9619c7c) and #5829 together #6029

Closed

78 tasks

Conversation

nixpanic commented Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Madhu-1 left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

nixpanic commented Dec 10, 2025

Uh oh!

nixpanic commented Dec 12, 2025

Uh oh!

nixpanic commented Dec 12, 2025

Uh oh!

nixpanic commented Dec 12, 2025

Uh oh!

nixpanic commented Dec 12, 2025

Uh oh!

nixpanic commented Dec 12, 2025

Uh oh!

nixpanic commented Dec 12, 2025

Uh oh!

nixpanic commented Dec 12, 2025

Uh oh!

nixpanic commented Dec 16, 2025

Uh oh!

nixpanic commented Dec 16, 2025

Uh oh!

nixpanic commented Dec 17, 2025

Uh oh!

nixpanic commented Dec 17, 2025

Uh oh!

nixpanic commented Dec 19, 2025

Uh oh!

nixpanic commented Dec 19, 2025

Uh oh!

nixpanic commented Dec 19, 2025

Uh oh!

nixpanic commented Jan 6, 2026

Uh oh!

nixpanic commented Feb 4, 2026

Uh oh!

mergify Bot commented Feb 4, 2026

Uh oh!

Madhu-1 commented Feb 5, 2026

Uh oh!

nixpanic commented Feb 5, 2026

Uh oh!

nixpanic commented Feb 5, 2026

Uh oh!

nixpanic commented Feb 5, 2026

Uh oh!

nixpanic commented Feb 5, 2026

Uh oh!

nixpanic commented Feb 5, 2026

Uh oh!

Rakshith-R commented Feb 6, 2026

Uh oh!

mergify Bot commented Feb 6, 2026

✅ This pull request will be embarked automatically

Uh oh!

mergify Bot commented Feb 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ The pull request has been merged automatically

Uh oh!

mergify Bot commented Feb 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merge Queue Status

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

nixpanic commented Dec 4, 2025 •

edited

Loading

Madhu-1 left a comment •

edited

Loading

mergify Bot commented Feb 6, 2026 •

edited

Loading

mergify Bot commented Feb 6, 2026 •

edited

Loading