Critical Description
Spike Goal*
What is our purpose in implementing this? What new capability will be available to customers?
There is a known design limitation in k8s where files within a PV need to relabeled during the attachment process. Depending on the number of files and backend performance/load this can lead to timeout and pod creation failure or even worst with nodes moving to NotReady as the container runtime is unresponsive.
STOR-966 aims to bring a native long term solution upstream but it will take several cycles to reach GA upstream and downstream OCP support.
In the meantime we offer two workarounds described in this KCS, unfortunately customers are reluctant to use them as it requires the pods definitions to include additional parameters and there is no guarantees that OCP project users will use them leaving the environment open to this issue.
The goal of this spike is to find a way to automate the suggested workaround so that users don't have to specify the spc_t seLinuxOptions or TrySkipVolumeSELinuxLabel annotation.
Why is this important? (mandatory)
We are facing more and more escalation from customers hitting this issue and the workarounds are not adopted due to the lack of automation (needs to manually change the pod definition).
Scenarios (mandatory)
Provide details for user scenarios including actions to be performed, platform specifications, and user personas.
- Find automation for the spc_t workaround to that users don't have to add it to their pod definition
- Find automation for the TrySkipVolumeSELinuxLabel workaround to that users don't have to add it to their pod definition
TBD: Find out how the workaround is applied. By namespace/project?
Dependencies (internal and external) (mandatory)
We assume the prerequisites for both workarounds are met as described in the KCS
