Feat: Add PVC storage support

[chinhuang007]

Motivation

Support PVC as a storage option, to address issue #230

Modifications

• Add PVCs to deployment
• Add secret watch to ServingRuntime controller to update deployment
• Add logic to ServingRuntime controller to create PVCs for predictors if the global setting is true
• Create volumes and PVCs based on deployment for ServingRuntimes
• Update Predictor controller to validate for PVCs

Result

• PVCs are read from the storage secret and created for all ServingRuntimes
• PVCs are read from the predictor spec and created for all ServingRuntimes if the global setting is true

Related Issues

• PVC storage support #230
• feat: Add pullman PVC storage provider modelmesh-runtime-adapter#36

---

Resolves #230

[kserve-oss-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: chinhuang007
To complete the pull request process, please assign njhill after the PR has been reviewed.
You can assign the PR to them by writing /assign @njhill in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[njhill]

Thanks @chinhuang007, please see inline comments.

[njhill]

Can be simplified:

Suggested change

	volumeMounts = append([]corev1.VolumeMount{
	{
	Name: pvcName,
	MountPath: PVCRootDir + "/" + pvcName,
	ReadOnly: true,
	},
	}, volumeMounts...)
	volumeMounts = append(volumeMounts, corev1.VolumeMount{
	Name: pvcName,
	MountPath: PVCRootDir + "/" + pvcName,
	ReadOnly: true,
	})

[njhill]

I think this could just be a []string?

[njhill]

We don't want this here. That field in the CRD is deprecated, we decided against "hard coded" storage types so it will just be included as the "type" parameter in the StorageSpec.

We could change the returned error message however to indicate this e.g. "spec.storage.PersistentVolumeClaim is not supported, use 'pvc' type storage in the storageSpec instead"

[njhill]

As discussed, we should add all the same PVC mounts here as done for the other containers below. Will need to add a new arg to this func and the one that calls it to pass through the list of PVCs.

[njhill]

I don't think this is needed.

[njhill]

Might be best to just check doing a Get on a secret called storage-config

[njhill]

Remove this per previous comment

[njhill]

👍

[njhill]

I don't think a constant is needed here, best to keep it consistent with the others.

[njhill]

Rename to storageSecretRequests? (otherwise a bit generic)

Also don't need a separate namespace arg, can just get it from the secret inside this func.

[chinhuang007]

@njhill thanks for the detailed review as always! Just made a few changes so please take a look again.

[njhill]

Thanks @chinhuang007 it's getting closer :)

One of the things is nontrivial and I'll aim to add some more detail for that.

[njhill]

I think we still need to change this per prior comment, to support different predictor "sources" (could be predictor or inferencservice). I will aim to write an example of what I mean.

[njhill]

@chinhuang007 here is what I was thinking of, sorry again for the delay:

	if cfg.AllowAnyPVC {
		restProxyEnabled := cfg.RESTProxy.Enabled
		f := func(p *api.Predictor) bool {
			if runtimeSupportsPredictor(rt, p, restProxyEnabled, req.Name) &&
				p.Spec.Storage != nil && p.Spec.Storage.Parameters != nil {
				
				params := *p.Spec.Storage.Parameters
				if stype := params["type"]; stype == "pvc" {
					if name := params["name"]; name != "" {
						pvcsMap[name] = struct{}{}
					}
				}
			}
			return false
		}

		for _, pr := range r.RegistryMap {
			if found, err := pr.Find(ctx, req.Namespace, f); found || err != nil {
				return nil, err
			}
		}
	}

[njhill]

We should check for the existence of the "name" key in both cases... with a wrong configuration this could panic.

[njhill]

I actually think we can probably omit this whole section. If the PVC isn't present it will cause the predictor load to fail (with an informative message from the puller).

[njhill]

Getting the value here means it won't be dynamic. We can just grab it from the config where we use it.

[njhill]

Per other comment this doesn't need to be a reconciler field, just pass cfg into this function and get the value from there.

[njhill]

I think we should name this differently, how about AllowAnyPVC?

We should also add to the docs ... the config params table and also in the storage part of the docs explain how this parameter works.

[njhill]

Can avoid double lookup: Edit: ignore this, see follow-on comment

Suggested change

	if _, exists := storageConfig["name"]; !exists {
	return nil, fmt.Errorf("Missing PVC name in storage configuration")
	}
	pvcsMap[storageConfig["name"]] = struct{}{}
	if name, exists := storageConfig["name"]; exists {
	pvcsMap[name] = struct{}{}
	} else {
	return nil, fmt.Errorf("Missing PVC name in storage configuration")
	}

[njhill]

Actually on second thoughts, simplest would just be this. I also think we shouldn't return a failure for this, best to just log a warning.

Suggested change

	if _, exists := storageConfig["name"]; !exists {
	return nil, fmt.Errorf("Missing PVC name in storage configuration")
	}
	pvcsMap[storageConfig["name"]] = struct{}{}
	if name := storageConfig["name"]; name != "" {
	pvcsMap[name] = struct{}{}
	} else {
	// Log warning here
	}

[njhill]

So that we use a consistent snapshot of the config for the whole reconciliation, it would be better to pass the already retrieved config struct into this function instead of getting via the provider. Can just add a cfg arg to getPVCs().

[njhill]

@chinhuang007 we should probably check for p == nil here like before.

[fOO223Fr]

@pvaneck @ckadner is there any update on this Feature? this would be a great addition for our use case. Thank you

[njhill]

@fOO223Fr yes this is the next thing we are focused on completing. It didn't make the 0.10 release but is mostly complete. The main thing remaining to do is some tests, which @ckadner is working on.

[Jooho]

To use PVC, why do we need to check StorageSecretName The default "storage-config" secret usually has credentials for accessing cloud storage such as S3. However, PVC does not need credentials to attach to the pod.
With this code block, the controller keeps checking if the secret exists in a namespace. So although it is not needed, it must exist in the namespace to deploy an inference pod.

[ckadner]

This goes back to some of the design decisions for the implementation, i.e. ...

#230 (comment)

The controller will watch the storage config secret in each namespace and keep the pvcs mounted to runtime deployments based on any pvc type entries
Predictors can always reference one of these PVCs for storage

#230 (comment)

The entry type will be checked and the name used to create volumes and volume mounts for runtime deployments, while the keys are irrelevant.

[Jooho]

so even though users want to use PVC only, creating storage-config Secret with dummy data is required, am I right?

[ckadner]

If you use the allowAnyPVC config parameter, and don't want to deploy the minio-examples image, I suppose you would not need it
Certainly it should not be required to create it with dummy data, so I think we should tolerate it not being there. @njhill

[njhill]

@ckadner yes as discussed offline we should change it so that in that mode the storage-config secret isn't required.

[njhill]

Thanks @chinhuang007 @ckadner!

[njhill]

/lgtm