Skip to content

enable PVC CBT during new provisioning or attachment#3981

Open
zhanhank wants to merge 1 commit intokubernetes-sigs:masterfrom
zhanhank:enable_cbt_on_new_pvc
Open

enable PVC CBT during new provisioning or attachment#3981
zhanhank wants to merge 1 commit intokubernetes-sigs:masterfrom
zhanhank:enable_cbt_on_new_pvc

Conversation

@zhanhank
Copy link
Copy Markdown

@zhanhank zhanhank commented Apr 21, 2026

What this PR does / why we need it:
This PR is part of CSI CBT enablement in WCP. It implements CBT enablement for new PVC provisioned or existing PVC attaching to VM.
It bumps govmomi commit to use new CNS CBT APIs.
It adds CBTConfig CR to query namespace CBT status.
It adds FSS CSIBackupAPI for CSI CBT feature gate.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Testing done:

https://jenkins-vcf-csifvt.devops.broadcom.net/job/vks-instapp-e2e-pre-checkin/1021/ Passed
https://jenkins-vcf-csifvt.devops.broadcom.net/view/instapp/job/wcp-instapp-e2e-pre-checkin/1261/ Passed

Manual testing:

1, enable cbt for the test namespace test-vadp-supervisor-ns

get cbtconfig default -o yaml
apiVersion: cnsdp.vmware.com/v1alpha1
kind: CBTConfig
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"cnsdp.vmware.com/v1alpha1","kind":"CBTConfig","metadata":{"annotations":{},"name":"default","namespace":"test-vadp-supervisor-ns"},"spec":{"enabled":true}}
  creationTimestamp: "2026-04-21T01:52:39Z"
  generation: 3
  name: default
  namespace: test-vadp-supervisor-ns
  resourceVersion: "5795620"
  uid: c6e9e619-5a6e-4c51-85d6-1a824db233e0
spec:
  enabled: true
status:
  enabled: true

2, provisioning new PVC and confirm underlying CNS volume and FCD CBT is on

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
....
  creationTimestamp: "2026-04-21T02:58:17Z"
  finalizers:
  - kubernetes.io/pvc-protection
  name: pvc-05
  namespace: test-vadp-supervisor-ns
  resourceVersion: "5673302"
  uid: ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: wcpglobal-storage-profile
  volumeMode: Filesystem
  volumeName: pvc-ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4
....

Enablement logging

2026-04-21T03:00:27.500Z        DEBUG   common/util.go:558      CBT is enabled for namespace test-vadp-supervisor-ns    {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.500Z        DEBUG   common/vsphereutil.go:1409      vSphere CSI driver is setting CBT flags for volume: ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4        {"TraceId": "03b60e4b
-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.500Z        INFO    volume/manager.go:3668  Set control flags [enableChangedBlockTracking]  {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.500Z        DEBUG   config/config.go:540    GetCnsconfig called with cfgPath: /etc/vmware/wcp/vsphere-cloud-provider.conf   {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b
0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:381    Initializing vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net       {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:426    vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net config: {User:**********************************************************
********************************************** Password:******************** VCenterPort:443 InsecureFlag:false CAFile: Thumbprint: Datacenters:datacenter-40 TargetvSANFileShareClusters: Mi
grationDataStoreURL: FileVolumeActivated:false} {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:435    No Net Permissions given in Config. Using default permissions.  {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:508    Setting default queryLimit to 10000     {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:513    Setting default list volume threshold to 50     {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.510Z        DEBUG   vsphere/virtualcenter.go:305    Successfully connected to vCenter       {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d", "attempt": 1}
2026-04-21T03:00:27.637Z        INFO    volume/manager.go:3682  Successfully set control flags [enableChangedBlockTracking] for volumeID: "ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4"        {"Tra
ceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.637Z        DEBUG   common/vsphereutil.go:1416      Successfully set CBT flags for volume: ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4     {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.637Z        DEBUG   wcp/controller.go:1797  createVolumeInternal: returns fault ""  {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.637Z        INFO    wcp/controller.go:1809  Volume created successfully. Volume Handle: "ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4", PV Name: "pvc-ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4"      {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}

3, attach precreated PVC to a PodVM and confirm underlying CNS volume and FCD CBT is on

2026-04-21T05:48:14.429Z        INFO    wcp/controller.go:1909  ControllerPublishVolume: called with args volume_id:"740267e6-08ef-424a-9368-12ca92418998" node_id:"lvn-dvm-10-161-219-158.dv
m.lvn.broadcom.net" volume_capability:{mount:{fs_type:"ext4"} access_mode:{mode:SINGLE_NODE_WRITER}} volume_context:{key:"storage.kubernetes.io/csiProvisionerIdentity" value:"1776740264395-
4550-csi.vsphere.vmware.com"} volume_context:{key:"type" value:"vSphere CNS Block Volume"}      {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1365 Feature "supports_shared_disks_with_VM_service_VMs" is a WCP defined feature state. Reading the capabilities
CR "supervisor-capabilities".   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1387 Supervisor capability "supports_shared_disks_with_VM_service_VMs" is set to true        {"TraceId": "d8d7866d
-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1365 Feature "supports_shared_disks_with_VM_service_VMs" is a WCP defined feature state. Reading the capabilities CR "supervisor-capabilities".   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1387 Supervisor capability "supports_shared_disks_with_VM_service_VMs" is set to true        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1365 Feature "supports_shared_disks_with_VM_service_VMs" is a WCP defined feature state. Reading the capabilities CR "supervisor-capabilities".   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1387 Supervisor capability "supports_shared_disks_with_VM_service_VMs" is set to true        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.453Z        DEBUG   common/util.go:558      CBT is enabled for namespace test-vadp-supervisor-ns    {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.454Z        DEBUG   config/config.go:540    GetCnsconfig called with cfgPath: /etc/vmware/wcp/vsphere-cloud-provider.conf   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.454Z        DEBUG   config/config.go:381    Initializing vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.454Z        DEBUG   config/config.go:426    vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net config: {User:******************************************************************************************************** Password:******************** VCenterPort:443 InsecureFlag:false CAFile: Thumbprint: Datacenters:datacenter-40 TargetvSANFileShareClusters: MigrationDataStoreURL: FileVolumeActivated:false} {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.455Z        DEBUG   config/config.go:435    No Net Permissions given in Config. Using default permissions.  {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.455Z        DEBUG   config/config.go:508    Setting default queryLimit to 10000     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.455Z        DEBUG   config/config.go:513    Setting default list volume threshold to 50     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.482Z        DEBUG   vsphere/virtualcenter.go:305    Successfully connected to vCenter       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18", "attempt": 1}
2026-04-21T05:48:14.652Z        DEBUG   common/vsphereutil.go:1409      vSphere CSI driver is setting CBT flags for volume: 740267e6-08ef-424a-9368-12ca92418998        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.652Z        INFO    volume/manager.go:3668  Set control flags [enableChangedBlockTracking]  {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.652Z        DEBUG   config/config.go:540    GetCnsconfig called with cfgPath: /etc/vmware/wcp/vsphere-cloud-provider.conf   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:381    Initializing vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:426    vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net config: {User:******************************************************************************************************** Password:******************** VCenterPort:443 InsecureFlag:false CAFile: Thumbprint: Datacenters:datacenter-40 TargetvSANFileShareClusters: MigrationDataStoreURL: FileVolumeActivated:false} {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:435    No Net Permissions given in Config. Using default permissions.  {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:508    Setting default queryLimit to 10000     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:513    Setting default list volume threshold to 50     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.663Z        DEBUG   vsphere/virtualcenter.go:305    Successfully connected to vCenter       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18", "attempt": 1}
2026-04-21T05:48:14.816Z        INFO    volume/manager.go:3682  Successfully set control flags [enableChangedBlockTracking] for volumeID: "740267e6-08ef-424a-9368-12ca92418998"        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.816Z        DEBUG   common/vsphereutil.go:1416      Successfully set CBT flags for volume: 740267e6-08ef-424a-9368-12ca92418998     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}

Special notes for your reviewer:

Release note:

enable PVC CBT during new provisioning or attachment

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: zhanhank
Once this PR has been reviewed and has the lgtm label, please assign kolluria for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

Welcome @zhanhank!

It looks like this is your first PR to kubernetes-sigs/vsphere-csi-driver 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/vsphere-csi-driver has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 21, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

Hi @zhanhank. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 21, 2026
@deepakkinni
Copy link
Copy Markdown
Collaborator

Triggering CSI-WCP Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1260

@deepakkinni
Copy link
Copy Markdown
Collaborator

FAILED --- Jenkins Build #1260

@zhanhank zhanhank force-pushed the enable_cbt_on_new_pvc branch from 146f926 to b50771d Compare April 21, 2026 07:01
@deepakkinni
Copy link
Copy Markdown
Collaborator

Triggering CSI-WCP Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1261

@deepakkinni
Copy link
Copy Markdown
Collaborator

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1021

@deepakkinni
Copy link
Copy Markdown
Collaborator

SUCCESS --- Jenkins Build #1261

@deepakkinni
Copy link
Copy Markdown
Collaborator

SUCCESS --- Jenkins Build #1021

Comment thread pkg/common/cns-lib/volume/manager.go Outdated
Comment thread pkg/csi/service/common/constants.go Outdated
@deepakkinni
Copy link
Copy Markdown
Collaborator

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1027

@deepakkinni
Copy link
Copy Markdown
Collaborator

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1028

@zhanhank zhanhank requested a review from akankshapanse April 22, 2026 01:55
@deepakkinni
Copy link
Copy Markdown
Collaborator

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1030

@deepakkinni
Copy link
Copy Markdown
Collaborator

FAILED --- Jenkins Build #1030

Comment thread pkg/csi/service/common/util.go Outdated
Signed-off-by: Hank Zhan <hank.zhan@broadcom.com>
@zhanhank zhanhank force-pushed the enable_cbt_on_new_pvc branch from 850f2df to a8bda0a Compare April 22, 2026 11:53
@zhanhank zhanhank requested a review from akankshapanse April 22, 2026 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants