Skip to content

Fix: PVC finalizer not removed due to broken VolumeSnapshots #1309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix: PVC finalizer not removed due to broken VolumeSnapshots #1309

wants to merge 1 commit into from
+15 −1

Conversation

vasumahalingam-nutanix
Copy link

@vasumahalingam-nutanix vasumahalingam-nutanix commented Jun 9, 2025
edited
Loading

What type of PR is this?

/kind bug

What this PR does / why we need it:

Fixes a bug where a PVC’s finalizer snapshot.storage.kubernetes.io/pvc-as-source-protection is not removed when there are broken or misconfigured VolumeSnapshots that reference the PVC but never transition to ReadyToUse.

The snapshot controller currently considers any VolumeSnapshot with ReadyToUse == false as blocking PVC deletion — even if the snapshot is invalid and has already failed.

This patch ensures the controller only considers:

  • VolumeSnapshots with ReadyToUse == false, and
  • that still retain the pvc-as-source-protection finalizer

This avoids permanently stuck PVCs when broken snapshots linger in the namespace.

Which issue(s) this PR fixes:
Fixes #1305

Special notes for your reviewer:

  • The change preserves the protective behavior for in-progress snapshots.
  • The PVC can now be deleted once only broken snapshots remain, and they no longer hold the finalizer.

Does this PR introduce a user-facing change?:

release-note Fix: PVC finalizer `snapshot.storage.kubernetes.io/pvc-as-source-protection` is now removed even if other VolumeSnapshots are stuck in a failed state, as long as those snapshots no longer hold the finalizer.

@vasumahalingam-nutanix
Fix: PVC finalizer not removed due to broken VolumeSnapshots
f751807 
When VolumeSnapshots referencing a PVC are stuck in a non-ready state
(e.g., due to a misconfigured VolumeSnapshotClass), the PVC finalizer
\`pvc-as-source-protection\` is never removed, preventing PVC deletion.

This patch ensures that only VolumeSnapshots that are:
  - not ReadyToUse
  - and still own the PVC finalizer
are considered \"in-use\" by the snapshot controller.

This prevents invalid or broken snapshots from blocking PVC deletion.

Signed-off-by: Vasu Mahalingam <[email protected]>
@k8s-ci-robot k8s-ci-robot added do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jun 9, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vasumahalingam-nutanix
Once this PR has been reviewed and has the lgtm label, please assign yuxiangqian for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested a review from gnufied June 9, 2025 21:45
@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 9, 2025
@k8s-ci-robot
Copy link
Contributor

Hi @vasumahalingam-nutanix. Thanks for your PR.

I'm waiting for a kubernetes-csi member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Jun 9, 2025
@vasumahalingam-nutanix
Copy link
Author

Hi @gnufied , @sunnylovestiramisu PTAL when you get a chance. This PR resolves an edge case where PVC deletion is blocked due to broken VolumeSnapshots that are no longer usable or hold the finalizer. It ensures correctness without affecting valid in-progress snapshots. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gnufied gnufied Awaiting requested review from gnufied

@sunnylovestiramisu sunnylovestiramisu Awaiting requested review from sunnylovestiramisu

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PVC finalizer not removed if invalid VolumeSnapshots with missing ReadyToUse field exist in the namespace
2 participants
@vasumahalingam-nutanix @k8s-ci-robot