Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NFS CSI Driver is recommended over NFS in-tree Driver #873

Open
LSuDavidd opened this issue Mar 6, 2025 · 10 comments
Open

NFS CSI Driver is recommended over NFS in-tree Driver #873

LSuDavidd opened this issue Mar 6, 2025 · 10 comments

Comments

@LSuDavidd
Copy link

To configure NFS storage, you can use the in-tree driver or the NFS CSI driver for Kubernetes (recommended).

My questions are:

  1. Why the NFS CSI driver is recommended over the NFS in-tree driver?
  2. Is there any known plan of deprecating the NFS in-tree driver ?
  3. If I don't need dynamic storage provisioning is there any advantage of using the NFS CSI driver over the NFS in-tree driver?

Why it is recommended I am not exactly getting. Can Anyone Support me by giving proper answer.
@niranjandarshann
Copy link

According to my investigation
The CSI helps Kubernetes replace built-in storage drivers, especially vendor-specific ones. Since Kubernetes v1.13, CSI has made it easier to add and manage storage integrations.

CSI improves maintainability by allowing storage driver developers to control their updates and support. It also enhances security by reducing built-in code, lowering risks, and letting cluster operators choose only the needed storage drivers.
NFS CSI Driver reduce risk with less in-tree code, the risks of a mistake are reduced, and cluster operators can select only the storage drivers that their cluster requires

@niranjandarshann
Copy link

3. If I don't need dynamic storage provisioning is there any advantage of using the NFS CSI driver over the NFS in-tree driver?

Yes, even if you don't need dynamic storage provisioning, using the NFS CSI driver has advantages over the NFS in-tree driver. As CSI drivers are safer because they include only the necessary drivers, reducing security risks. So, it's recommended to use CSI drivers instead of in-tree drivers.

@niranjandarshann
Copy link

Documentation NFS Driver https://github.com/kubernetes-csi/csi-driver-nfs
https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/#why-are-we-migrating-in-tree-plugins-to-csi
I think it will be helpful for your concern.

@LSuDavidd
Copy link
Author

Thank you for your answer @niranjandarshann . Moving drivers out of the tree increases the security of the Kubernetes codebase because less code means fewer bugs. However, I cannot see how this implies that CSI drivers are more secure than in-tree drivers.
But Opposite can also be True. Isnt it?

What Do You Think On it.

@LSuDavidd
Copy link
Author

  • Is there any known plan of deprecating the NFS in-tree driver ?

Do We have any? @niranjandarshann

@niranjandarshann
Copy link

Thank you for your answer @niranjandarshann . Moving drivers out of the tree increases the security of the Kubernetes codebase because less code means fewer bugs. However, I cannot see how this implies that CSI drivers are more secure than in-tree drivers. But Opposite can also be True. Isnt it?

What Do You Think On it.

What I think is after CSI drivers came , the kubernetes code became less vulnerable, and since every vendor can have separate release cycles the frequency for updating the driver related changes became independent which in turn can make CSI drivers less vulnerable. Though what you said also might be correct depending on how quick the vendor fixes their code.

@niranjandarshann
Copy link

  • Is there any known plan of deprecating the NFS in-tree driver ?

Do We have any? @niranjandarshann

Refer this #873 (comment) It will help you in getting response for this .

@LSuDavidd
Copy link
Author

LSuDavidd commented Mar 6, 2025
edited
Loading

What I think is after CSI drivers came , the kubernetes code became less vulnerable, and since every vendor can have separate release cycles the frequency for updating the driver related changes became independent which in turn can make CSI drivers less vulnerable. Though what you said also might be correct depending on how quick the vendor fixes their code.

Ok Understood. Tks! for your investigation

@LSuDavidd
Copy link
Author

Refer this #873 (comment) It will help you in getting response for this .

Got You Tks (thanks) @niranjandarshann

@sean-freeman
Copy link

@niranjandarshann @LSuDavidd Of relevance, this NFS CSI Driver is positioned as generic / vendor-agnostic for native NFS storage protocol connectivity (by virtue of it's name and description) but is not - see #736

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sean-freeman @niranjandarshann @LSuDavidd