OCPEDGE-2326: add storageclass configuration options to lvms

[Neilhamza]

this PR completes jiras:
https://issues.redhat.com/browse/OCPEDGE-2326
https://issues.redhat.com/browse/OCPEDGE-2327
https://issues.redhat.com/browse/OCPEDGE-2328

Adds configurable StorageClassOptions at the DeviceClass level in LVMCluster, allowing users to control how LVMS-generated StorageClasses are created while respecting Kubernetes immutability guarantees.

Unit tests and e2e coverage will be added in a follow-up PR.

Changes
API

Added StorageClassOptions to DeviceClass with optional:

reclaimPolicy

volumeBindingMode

additionalParameters

additionalLabels

Webhook

Validates StorageClassOptions on create/update

Warns on conflicts with LVMS-owned parameters and labels

Validates label keys/values per Kubernetes rules

Rejects updates to immutable StorageClass fields after creation

Controller

Uses CreateOrUpdate for StorageClass reconciliation

Sets immutable fields at creation time only

Supports day-2 updates for metadata-only fields (additionalLabels)

Ownership-aware label pruning ensures spec is the source of truth

No delete/recreate behavior for StorageClasses

Immutability Model

StorageClass behavior fields are immutable in Kubernetes and are configurable only at creation time.
Metadata-only fields (labels) are safely reconciled day-2 without impacting existing PVCs.

Example
apiVersion: lvm.topolvm.io/v1alpha1
kind: LVMCluster
metadata:
name: lvmcluster
spec:
storage:
deviceClasses:
- name: vg1
storageClassOptions:
reclaimPolicy: Retain
volumeBindingMode: Immediate
additionalParameters:
provisioner-secret-name: my-secret
additionalLabels:
environment: production

[openshift-ci-robot]

@Neilhamza: This pull request references OCPEDGE-2326 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Introduces configurable StorageClass options at the DeviceClass level, enabling users to customize reclaimPolicy, volumeBindingMode, additionalParameters, and additionalLabels. Supports day-2 operations with full backward compatibility.

JIRA: OCPSTRAT-2718

Changes
API (lvmcluster_types.go)

Added StorageClassOptions struct with optional fields for reclaim policy, volume binding mode, parameters, and labels
All fields use pointer types to distinguish unset (nil) from explicitly set values
Validation (lvmcluster_webhook.go)

Added verifyStorageClassOptions() to warn on LVMS-owned parameter conflicts
Validates label key format per Kubernetes standards
Integrated into create/update webhook paths
Controller (topolvm_storageclass.go)

Implements delete+recreate for immutable fields (reclaimPolicy, volumeBindingMode, parameters)
In-place updates for mutable fields (labels)
Added needsRecreation() and applyAdditionalLabels() helpers
Protects LVMS-managed labels and parameters from override
Immutability Handling
Kubernetes StorageClass spec fields are immutable. This PR follows the canonical pattern:

Detect changes to immutable fields
Delete existing StorageClass
Recreate with new configuration
PVC Safety: Existing PVCs unaffected—they store provisioning info at creation and don't depend on the StorageClass object afterward. Brief <1s window where new PVC creation may fail during recreation.

Example

apiVersion: lvm.topolvm.io/v1alpha1
kind: LVMCluster
metadata:
name: lvmcluster
spec:
storage:
deviceClasses:

• name: vg1
  storageClassOptions:
  reclaimPolicy: Retain
  volumeBindingMode: Immediate
  additionalParameters:
  provisioner-secret-name: my-secret
  additionalLabels:
  environment: production

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Neilhamza
Once this PR has been reviewed and has the lgtm label, please assign jerpeter1 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@Neilhamza: This pull request references OCPEDGE-2326 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Introduces configurable StorageClass options at the DeviceClass level, enabling users to customize reclaimPolicy, volumeBindingMode, additionalParameters, and additionalLabels. Supports day-2 operations with full backward compatibility.

Changes
API (lvmcluster_types.go)

Added StorageClassOptions struct with optional fields for reclaim policy, volume binding mode, parameters, and labels
(lvmcluster_webhook.go)

Added verifyStorageClassOptions() to warn on LVMS-owned parameter conflicts
Validates label key format per Kubernetes standards
Integrated into create/update webhook paths
Controller (topolvm_storageclass.go)

Implements delete+recreate for immutable fields (reclaimPolicy, volumeBindingMode, parameters)
In-place updates for mutable fields (labels)
Added needsRecreation() and applyAdditionalLabels() helpers
Protects LVMS-managed labels and parameters from override
Immutability Handling
Kubernetes StorageClass spec fields are immutable. This PR follows the canonical pattern:

Detect changes to immutable fields
Delete existing StorageClass
Recreate with new configuration
PVC Safety: Existing PVCs unaffected—they store provisioning info at creation and don't depend on the StorageClass object afterward. Brief <1s window where new PVC creation may fail during recreation.

Example

apiVersion: lvm.topolvm.io/v1alpha1
kind: LVMCluster
metadata:
name: lvmcluster
spec:
storage:
deviceClasses:

• name: vg1
  storageClassOptions:
  reclaimPolicy: Retain
  volumeBindingMode: Immediate
  additionalParameters:
  provisioner-secret-name: my-secret
  additionalLabels:
  environment: production

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 21.26866% with 211 lines in your changes missing coverage. Please review.
✅ Project coverage is 46.83%. Comparing base (0561e12) to head (0e4a655).
⚠️ Report is 57 commits behind head on main.

Files with missing lines	Patch %	Lines
...ollers/lvmcluster/resource/topolvm_storageclass.go	0.00%	82 Missing ⚠️
internal/controllers/lvmcluster/controller.go	19.00%	75 Missing and 6 partials ⚠️
api/v1alpha1/lvmcluster_webhook.go	47.50%	37 Missing and 5 partials ⚠️
internal/controllers/lvmcluster/resource/utils.go	0.00%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1965      +/-   ##
==========================================
- Coverage   48.11%   46.83%   -1.28%     
==========================================
  Files          52       52              
  Lines        3735     3978     +243     
==========================================
+ Hits         1797     1863      +66     
- Misses       1782     1949     +167     
- Partials      156      166      +10     

Files with missing lines	Coverage Δ
api/v1alpha1/lvmcluster_types.go	100.00% <ø> (ø)
internal/controllers/lvmcluster/resource/utils.go	0.00% <0.00%> (ø)
api/v1alpha1/lvmcluster_webhook.go	71.22% <47.50%> (-7.09%)	⬇️
internal/controllers/lvmcluster/controller.go	44.98% <19.00%> (-7.96%)	⬇️
...ollers/lvmcluster/resource/topolvm_storageclass.go	0.00% <0.00%> (ø)

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[openshift-ci-robot]

@Neilhamza: This pull request references OCPEDGE-2326 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

this PR completes jiras:
https://issues.redhat.com/browse/OCPEDGE-2326
https://issues.redhat.com/browse/OCPEDGE-2327
https://issues.redhat.com/browse/OCPEDGE-2328

unit testing and e2e will be done in an additional PR

Introduces configurable StorageClass options at the DeviceClass level, enabling users to customize reclaimPolicy, volumeBindingMode, additionalParameters, and additionalLabels. Supports day-2 operations with full backward compatibility.

Changes
API (lvmcluster_types.go)

Added StorageClassOptions struct with optional fields for reclaim policy, volume binding mode, parameters, and labels
(lvmcluster_webhook.go)

Added verifyStorageClassOptions() to warn on LVMS-owned parameter conflicts
Validates label key format per Kubernetes standards
Integrated into create/update webhook paths
Controller (topolvm_storageclass.go)

Implements delete+recreate for immutable fields (reclaimPolicy, volumeBindingMode, parameters)
In-place updates for mutable fields (labels)
Added needsRecreation() and applyAdditionalLabels() helpers
Protects LVMS-managed labels and parameters from override
Immutability Handling
Kubernetes StorageClass spec fields are immutable. This PR follows the canonical pattern:

Detect changes to immutable fields
Delete existing StorageClass
Recreate with new configuration
PVC Safety: Existing PVCs unaffected—they store provisioning info at creation and don't depend on the StorageClass object afterward. Brief <1s window where new PVC creation may fail during recreation.

Example

apiVersion: lvm.topolvm.io/v1alpha1
kind: LVMCluster
metadata:
name: lvmcluster
spec:
storage:
deviceClasses:

• name: vg1
  storageClassOptions:
  reclaimPolicy: Retain
  volumeBindingMode: Immediate
  additionalParameters:
  provisioner-secret-name: my-secret
  additionalLabels:
  environment: production

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[qJkee]

/сс

[Neilhamza]

waitForStorageCleanup prevents race where LVM metadata flush is async: vgremove/lvremove
return before disk flush completes, causing next test to find stale metadata (VG exists,
thin-pool missing) and mark cluster Degraded. Observed in HyperShift CI job.

[Neilhamza]

/retest

[Neilhamza]

/retest list

[Neilhamza]

/test e2e-aws-hypershift

[Neilhamza]

/test e2e-aws-hypershift

[qJkee]

Where do you use it? I can't find anywhere

[Neilhamza]

The sc variable is required for the Get() call right after, which is used to check whether the StorageClass already exists.
This existence check gates the immutability validation:
– If the StorageClass does not exist yet (NotFound), immutability checks are skipped
– If the StorageClass exists, updates to storageClassOptions are rejected

[qJkee]

But it can be created during this webhook call. Basically we need to check old and new CR configuration, not with existing objects. The cluster will be reconciled later accordingly

[Neilhamza]

completely rewrote the immutability check in api/v1alpha1/lvmcluster_webhook.go:

removed:

• The StorageClass GET call (the r.Get(ctx, types.NamespacedName{Name: scName}, sc)
• Any dependency on checking the actual StorageClass object in the cluster

added:

1. immutableSCFields struct (lines 623-629) - holds only the immutable fields we care about
2. effectiveImmutable() helper (lines 631-661) - extracts immutable fields from a DeviceClass and applies defaults (so nil -> WaitForFirstConsumer, nil -> Delete, etc.)
3. verifyImmutableStorageClassFields() rewrite (lines 663-693) - now compares old CR spec vs new CR spec only, not cluster objects:

[qJkee]

Why do we need this? Why do we need to store additional labels in annotation?

[Neilhamza]

he annotation tracks which labels were added by LVMS via additionalLabels so they
can be safely pruned when removed from the spec, without touching user's own labels.

Example scenario:

1. User adds label "env=prod" via additionalLabels then annotation stores "env"
2. User removes "env=prod" from spec then we check annotation, see "env" was LVMS-managed
3. We safely delete "env" label from StorageClass
4. Any labels NOT in the annotation (user's own labels) are left untouched

This prevents orphaned labels when users modify their additionalLabels configuration.
See applyAdditionalLabels() lines 258-263 for pruning logic.

[qJkee]

if annotation LVMS managed - user is unable to modify it. It's our object, we manage it, and we allow user to modify only certain fields

[Neilhamza]

Right now (current implemntation) LVMS uses a partial ownership model for StorageClass labels: we only manage the keys coming from additionalLabels, and the annotation tracks which keys LVMS previously applied so we can safely prune them when removed from the spec without touching unrelated labels added by admins or external tooling.

The alternative (to implement your suggestion) would be strict ownership, where LVMS overwrites the entire labels map from the CR on every reconcile (no annotation tracking needed), but that would drop any non-LVMS labels set directly on the StorageClass.
The first approach keeps day-2 reconciliation safe while avoiding unintended deletion of user/policy-applied labels.

can i have your suggestion on how to proceed?

[Neilhamza]

/retest

[Neilhamza]

/retest Red Hat Konflux / lvm-operator-integration-tests-4-21 / lvm-operator-4-21

[Neilhamza]

/test Red Hat Konflux / lvm-operator-integration-tests-4-21 / lvm-operator-4-21

[Neilhamza]

/retest

[Neilhamza]

/retest

[qJkee]

what if they were exist and now deleted? Will values be defaulted and operator might try to change immutable parameters and fail?

[Neilhamza]

Added effectiveImmutable() helper that applies defaults to both old and new specs before comparison, catching nil -> defaults immutability violations.

[qJkee]

But it can be created during this webhook call. Basically we need to check old and new CR configuration, not with existing objects. The cluster will be reconciled later accordingly

[qJkee]

you need to check if deletion timestamp is not nil, otherwise delete will return error

[Neilhamza]

Added if !pv.DeletionTimestamp.IsZero() { continue } check before attempting delete in cleanup function.

[qJkee]

topolvm logical volumes managed by topolvm controllers and will be deleted automatically when lvmcluster is being deleted

[Neilhamza]

this is the most tricky part, this function is only called when we are in retain policy. if we dont manually delete LogicalVolumes the user cannot delete lvm cluster because it will simply hang - since there will be LV's leftover (which is retain..)

i can either go with the option to leave the code as is, or block the user from deleting lvm-cluster and send a message that he must manually delete retained volumes (and finalizes)

[Neilhamza]

i updated code by adding multiple gates that checks if we are in/touching retain related
Kept LV deletion scoped only to Retain deviceClasses with bounded wait. Without this, LV finalizers block deletion after TopoLVM controller is removed.

[qJkee]

btw, do we need this? We do query actual StorageClass in s.getTopolvmStorageClasses. Can't we check for immutable fields there so we won't override them using actual StorageClass? This would also reduce this function size and avoid duplication in construction of StorageClass

[Neilhamza]

We still need this guard because getTopolvmStorageClasses() builds the desired spec, but CreateOrUpdate will re-run the mutate function on every reconcile, without the ResourceVersion == "" check we could accidentally try to update immutable SC fields. This makes sure immutable fields are only set on create, so we don’t accidentally try to change them on later reconciles

[qJkee]

if annotation LVMS managed - user is unable to modify it. It's our object, we manage it, and we allow user to modify only certain fields

[Neilhamza]

/retest

[openshift-ci]

@Neilhamza: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/snyk-deps	0e4a655	link	false	/test snyk-deps

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.