enable PVC CBT during new provisioning or attachment by zhanhank · Pull Request #3981 · kubernetes-sigs/vsphere-csi-driver

zhanhank · 2026-04-21T06:39:30Z

What this PR does / why we need it:
This PR is part of CSI CBT enablement in WCP. It implements CBT enablement for new PVC provisioned or existing PVC attaching to VM.
It bumps govmomi commit to use new CNS CBT APIs.
It adds CBTConfig CR to query namespace CBT status.
It adds FSS CSIBackupAPI for CSI CBT feature gate.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Testing done:

https://jenkins-vcf-csifvt.devops.broadcom.net/job/vks-instapp-e2e-pre-checkin/1021/ Passed
https://jenkins-vcf-csifvt.devops.broadcom.net/view/instapp/job/wcp-instapp-e2e-pre-checkin/1261/ Passed

Manual testing:

1, enable cbt for the test namespace test-vadp-supervisor-ns

get cbtconfig default -o yaml
apiVersion: cnsdp.vmware.com/v1alpha1
kind: CBTConfig
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"cnsdp.vmware.com/v1alpha1","kind":"CBTConfig","metadata":{"annotations":{},"name":"default","namespace":"test-vadp-supervisor-ns"},"spec":{"enabled":true}}
  creationTimestamp: "2026-04-21T01:52:39Z"
  generation: 3
  name: default
  namespace: test-vadp-supervisor-ns
  resourceVersion: "5795620"
  uid: c6e9e619-5a6e-4c51-85d6-1a824db233e0
spec:
  enabled: true
status:
  enabled: true

2, provisioning new PVC and confirm underlying CNS volume and FCD CBT is on

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
....
  creationTimestamp: "2026-04-21T02:58:17Z"
  finalizers:
  - kubernetes.io/pvc-protection
  name: pvc-05
  namespace: test-vadp-supervisor-ns
  resourceVersion: "5673302"
  uid: ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: wcpglobal-storage-profile
  volumeMode: Filesystem
  volumeName: pvc-ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4
....

Enablement logging

2026-04-21T03:00:27.500Z        DEBUG   common/util.go:558      CBT is enabled for namespace test-vadp-supervisor-ns    {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.500Z        DEBUG   common/vsphereutil.go:1409      vSphere CSI driver is setting CBT flags for volume: ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4        {"TraceId": "03b60e4b
-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.500Z        INFO    volume/manager.go:3668  Set control flags [enableChangedBlockTracking]  {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.500Z        DEBUG   config/config.go:540    GetCnsconfig called with cfgPath: /etc/vmware/wcp/vsphere-cloud-provider.conf   {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b
0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:381    Initializing vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net       {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:426    vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net config: {User:**********************************************************
********************************************** Password:******************** VCenterPort:443 InsecureFlag:false CAFile: Thumbprint: Datacenters:datacenter-40 TargetvSANFileShareClusters: Mi
grationDataStoreURL: FileVolumeActivated:false} {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:435    No Net Permissions given in Config. Using default permissions.  {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:508    Setting default queryLimit to 10000     {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.501Z        DEBUG   config/config.go:513    Setting default list volume threshold to 50     {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.510Z        DEBUG   vsphere/virtualcenter.go:305    Successfully connected to vCenter       {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d", "attempt": 1}
2026-04-21T03:00:27.637Z        INFO    volume/manager.go:3682  Successfully set control flags [enableChangedBlockTracking] for volumeID: "ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4"        {"Tra
ceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.637Z        DEBUG   common/vsphereutil.go:1416      Successfully set CBT flags for volume: ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4     {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.637Z        DEBUG   wcp/controller.go:1797  createVolumeInternal: returns fault ""  {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}
2026-04-21T03:00:27.637Z        INFO    wcp/controller.go:1809  Volume created successfully. Volume Handle: "ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4", PV Name: "pvc-ca75f28a-47e8-486f-8ae2-97e4a4f1d9f4"      {"TraceId": "03b60e4b-7cc7-4d01-8388-ed54012b0e3d"}

3, attach precreated PVC to a PodVM and confirm underlying CNS volume and FCD CBT is on

2026-04-21T05:48:14.429Z        INFO    wcp/controller.go:1909  ControllerPublishVolume: called with args volume_id:"740267e6-08ef-424a-9368-12ca92418998" node_id:"lvn-dvm-10-161-219-158.dv
m.lvn.broadcom.net" volume_capability:{mount:{fs_type:"ext4"} access_mode:{mode:SINGLE_NODE_WRITER}} volume_context:{key:"storage.kubernetes.io/csiProvisionerIdentity" value:"1776740264395-
4550-csi.vsphere.vmware.com"} volume_context:{key:"type" value:"vSphere CNS Block Volume"}      {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1365 Feature "supports_shared_disks_with_VM_service_VMs" is a WCP defined feature state. Reading the capabilities
CR "supervisor-capabilities".   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1387 Supervisor capability "supports_shared_disks_with_VM_service_VMs" is set to true        {"TraceId": "d8d7866d
-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1365 Feature "supports_shared_disks_with_VM_service_VMs" is a WCP defined feature state. Reading the capabilities CR "supervisor-capabilities".   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1387 Supervisor capability "supports_shared_disks_with_VM_service_VMs" is set to true        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1365 Feature "supports_shared_disks_with_VM_service_VMs" is a WCP defined feature state. Reading the capabilities CR "supervisor-capabilities".   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.429Z        DEBUG   k8sorchestrator/k8sorchestrator.go:1387 Supervisor capability "supports_shared_disks_with_VM_service_VMs" is set to true        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.453Z        DEBUG   common/util.go:558      CBT is enabled for namespace test-vadp-supervisor-ns    {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.454Z        DEBUG   config/config.go:540    GetCnsconfig called with cfgPath: /etc/vmware/wcp/vsphere-cloud-provider.conf   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.454Z        DEBUG   config/config.go:381    Initializing vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.454Z        DEBUG   config/config.go:426    vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net config: {User:******************************************************************************************************** Password:******************** VCenterPort:443 InsecureFlag:false CAFile: Thumbprint: Datacenters:datacenter-40 TargetvSANFileShareClusters: MigrationDataStoreURL: FileVolumeActivated:false} {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.455Z        DEBUG   config/config.go:435    No Net Permissions given in Config. Using default permissions.  {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.455Z        DEBUG   config/config.go:508    Setting default queryLimit to 10000     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.455Z        DEBUG   config/config.go:513    Setting default list volume threshold to 50     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.482Z        DEBUG   vsphere/virtualcenter.go:305    Successfully connected to vCenter       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18", "attempt": 1}
2026-04-21T05:48:14.652Z        DEBUG   common/vsphereutil.go:1409      vSphere CSI driver is setting CBT flags for volume: 740267e6-08ef-424a-9368-12ca92418998        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.652Z        INFO    volume/manager.go:3668  Set control flags [enableChangedBlockTracking]  {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.652Z        DEBUG   config/config.go:540    GetCnsconfig called with cfgPath: /etc/vmware/wcp/vsphere-cloud-provider.conf   {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:381    Initializing vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:426    vc server lvn-dvm-10-161-222-78.dvm.lvn.broadcom.net config: {User:******************************************************************************************************** Password:******************** VCenterPort:443 InsecureFlag:false CAFile: Thumbprint: Datacenters:datacenter-40 TargetvSANFileShareClusters: MigrationDataStoreURL: FileVolumeActivated:false} {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:435    No Net Permissions given in Config. Using default permissions.  {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:508    Setting default queryLimit to 10000     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.657Z        DEBUG   config/config.go:513    Setting default list volume threshold to 50     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.663Z        DEBUG   vsphere/virtualcenter.go:305    Successfully connected to vCenter       {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18", "attempt": 1}
2026-04-21T05:48:14.816Z        INFO    volume/manager.go:3682  Successfully set control flags [enableChangedBlockTracking] for volumeID: "740267e6-08ef-424a-9368-12ca92418998"        {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}
2026-04-21T05:48:14.816Z        DEBUG   common/vsphereutil.go:1416      Successfully set CBT flags for volume: 740267e6-08ef-424a-9368-12ca92418998     {"TraceId": "d8d7866d-4bee-4fcb-b623-16ef28455b18"}

Special notes for your reviewer:

Release note:

enable PVC CBT during new provisioning or attachment

k8s-ci-robot · 2026-04-21T06:39:38Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: zhanhank
Once this PR has been reviewed and has the lgtm label, please assign kolluria for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot · 2026-04-21T06:39:39Z

Welcome @zhanhank!

It looks like this is your first PR to kubernetes-sigs/vsphere-csi-driver 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/vsphere-csi-driver has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

k8s-ci-robot · 2026-04-21T06:39:40Z

Hi @zhanhank. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

deepakkinni · 2026-04-21T06:40:33Z

Triggering CSI-WCP Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1260

deepakkinni · 2026-04-21T07:00:57Z

FAILED --- Jenkins Build #1260

deepakkinni · 2026-04-21T07:05:24Z

Triggering CSI-WCP Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1261

deepakkinni · 2026-04-21T07:44:12Z

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1021

deepakkinni · 2026-04-21T08:09:13Z

SUCCESS --- Jenkins Build #1261

deepakkinni · 2026-04-21T08:27:05Z

SUCCESS --- Jenkins Build #1021

deepakkinni · 2026-04-21T18:05:05Z

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1027

deepakkinni · 2026-04-21T19:01:11Z

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1028

deepakkinni · 2026-04-22T05:58:26Z

Triggering CSI-TKG Pre-checkin Pipeline for this PR... Job takes approximately an hour to complete
Jenkins Build #1030

deepakkinni · 2026-04-22T06:03:44Z

FAILED --- Jenkins Build #1030

Signed-off-by: Hank Zhan <hank.zhan@broadcom.com>

k8s-ci-robot requested review from gnufied and xing-yang April 21, 2026 06:39

k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 21, 2026

k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 21, 2026

zhanhank force-pushed the enable_cbt_on_new_pvc branch from 146f926 to b50771d Compare April 21, 2026 07:01

akankshapanse reviewed Apr 21, 2026

View reviewed changes

Comment thread pkg/common/cns-lib/volume/manager.go Outdated

akankshapanse reviewed Apr 21, 2026

View reviewed changes

Comment thread pkg/csi/service/common/constants.go Outdated

zhanhank requested a review from akankshapanse April 22, 2026 01:55

akankshapanse reviewed Apr 22, 2026

View reviewed changes

Comment thread pkg/csi/service/common/util.go Outdated

enable PVC CBT when new provisioning or attach

a8bda0a

Signed-off-by: Hank Zhan <hank.zhan@broadcom.com>

zhanhank force-pushed the enable_cbt_on_new_pvc branch from 850f2df to a8bda0a Compare April 22, 2026 11:53

zhanhank requested a review from akankshapanse April 22, 2026 11:54

Conversation

zhanhank commented Apr 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

k8s-ci-robot commented Apr 21, 2026

Uh oh!

k8s-ci-robot commented Apr 21, 2026

Uh oh!

k8s-ci-robot commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

Uh oh!

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 21, 2026

Uh oh!

deepakkinni commented Apr 22, 2026

Uh oh!

deepakkinni commented Apr 22, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

zhanhank commented Apr 21, 2026 •

edited

Loading