Skip to content

Allow VolumeAttributesClassName changes in storageConfig webhook#921

Draft
SreedevT wants to merge 1 commit intok8ssandra:masterfrom
SreedevT:fix/allow-vac-changes-in-storage-webhook
Draft

Allow VolumeAttributesClassName changes in storageConfig webhook#921
SreedevT wants to merge 1 commit intok8ssandra:masterfrom
SreedevT:fix/allow-vac-changes-in-storage-webhook

Conversation

@SreedevT
Copy link
Copy Markdown

@SreedevT SreedevT commented Apr 23, 2026
edited
Loading

What this PR does:

VolumeAttributesClassName (VAC) is a field on PersistentVolumeClaimSpec used for in-place volume performance class changes (e.g. AWS EBS VolumeAttributesClass). It does not replace the PVC — only its performance tier is updated. The webhook was blocking all changes to CassandraDataVolumeClaimSpec beyond storage size, which prevented legitimate VAC updates with an error like:

admission webhook "vcassandradatacenter.kb.io" denied the request:
CassandraDatacenter write rejected, attempted to change
storageConfig.CassandraDataVolumeClaimSpec, diff:
  -  VolumeAttributesClassName: &"gp3-cassandra-general"
  +  VolumeAttributesClassName: &"gp3-cassandra"

This PR normalizes VolumeAttributesClassName before the DeepEqual check so changes to it are always permitted. It also consolidates the two separate nil guards for CassandraDataVolumeClaimSpec into one block, fixing a latent nil panic if AllowStorageChangesAnnotation was set on a DC with no StorageConfig.

Which issue(s) this PR fixes:
Fixes #922

Checklist

  • Changes manually tested
  • Automated Tests added/updated
  • Documentation added/updated
  • CHANGELOG.md updated (not required for documentation PRs)
  • CLA Signed: DataStax CLA

@SreedevT SreedevT requested a review from a team as a code owner April 23, 2026 08:56
@SreedevT SreedevT force-pushed the fix/allow-vac-changes-in-storage-webhook branch from 8f3e45a to 588715d Compare April 23, 2026 09:02
burmanm
burmanm reviewed Apr 23, 2026
View reviewed changes
Comment thread internal/webhooks/cassandra/v1beta1/cassandradatacenter_webhook.go
oldClaimSpec.Resources.Requests = newClaimSpec.Resources.Requests
}

// VolumeAttributesClassName changes are always allowed as they represent in-place volume
Copy link
Copy Markdown
Contributor

@burmanm burmanm Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't strictly true, the StorageClass must support ModifyVolume. Also, did you verify if the StatefulSet controller accepts these changes and applies them?

There is also no monitoring in here that the VolumeAttributesClass change has been approved as the CSI driver can reject it. That would require changes like the resizing parameter checks and correct reconciliation until the change has been approved.

This is relevant because in some drivers such as AWS, one can change from gp2 to gp3 and this operation might not be instant and as such will require the operator to correctly wait for the changes to be applied. There are also restrictions on how many times per day such operations can be done and we can't set the datacenter to a ready state if the changes haven't been applied (or for example incorrect / outdated parameters are used).

Copy link
Copy Markdown
Author

@SreedevT SreedevT Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thats fair, I have made the PR a draft. Current PR only bypasses the validation and does not make any changes.
Can I make it a gated feature with more checks in place?

@burmanm
Copy link
Copy Markdown
Contributor

burmanm commented Apr 23, 2026

It also consolidates the two separate nil guards for CassandraDataVolumeClaimSpec into one block, fixing a latent nil panic if AllowStorageChangesAnnotation was set on a DC with no StorageConfig.

Where is this change and in which scenarios can it happen?

VolumeAttributesClassName (VAC) is a Kubernetes 1.29+ field on PersistentVolumeClaimSpec used for in-place volume performance class changes (e.g. AWS EBS VolumeAttributesClass).

They only GAed in 1.34 and marked as stable in upcoming 1.36.

@SreedevT SreedevT force-pushed the fix/allow-vac-changes-in-storage-webhook branch from 588715d to 6604e5f Compare April 23, 2026 09:28
Allow VolumeAttributesClassName changes in storageConfig webhook
e16ff5b 
VolumeAttributesClassName (VAC) is used for in-place volume performance class changes (e.g. AWS EBS VolumeAttributesClass) and does not replace the PVC. The webhook was blocking all changes to CassandraDataVolumeClaimSpec beyond storage size, which prevented legitimate VAC updates.

Normalize VolumeAttributesClassName before the DeepEqual check so changes to it are always permitted. Also consolidates the two separate nil guards for CassandraDataVolumeClaimSpec into one block, fixing a latent nil panic if AllowStorageChangesAnnotation was set on a DC with no StorageConfig.
@SreedevT SreedevT force-pushed the fix/allow-vac-changes-in-storage-webhook branch from 6604e5f to e16ff5b Compare April 23, 2026 09:31
@SreedevT SreedevT marked this pull request as draft April 23, 2026 12:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@burmanm burmanm burmanm left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow VolumeAttributesClassName changes in storageConfig webhook

2 participants

@SreedevT @burmanm