@@ -132,15 +132,21 @@ type NodeConfig struct {

 	IPTablesSyncPeriod string

 	// VolumeConfig contains options for configuring volumes on the node.

-	VolumeConfig VolumeConfig

+	VolumeConfig NodeVolumeConfig

 }

-// VolumeConfig contains options for configuring volumes on the node.

-type VolumeConfig struct {

+// NodeVolumeConfig contains options for configuring volumes on the node.

+type NodeVolumeConfig struct {

 	// LocalQuota contains options for controlling local volume quota on the node.

 	LocalQuota LocalQuota

 }

+// MasterVolumeConfig contains options for configuring volume plugins in the master node.

+type MasterVolumeConfig struct {

+	// DynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true

+	DynamicProvisioningEnabled bool

+}

+

 // LocalQuota contains options for controlling local volume quota on the node.

 type LocalQuota struct {

 	// PerFSGroup can be specified to enable a quota on local storage use per unique FSGroup ID.

@@ -279,6 +285,9 @@ type MasterConfig struct {

 	// NetworkConfig to be passed to the compiled in network plugin

 	NetworkConfig MasterNetworkConfig

+

+	// VolumeConfig contains options for configuring volumes on the node.

+	VolumeConfig MasterVolumeConfig

 }

 type ImagePolicyConfig struct {

@@ -307,6 +307,15 @@ func addConversionFuncs(scheme *runtime.Scheme) {

 			out.Location = in.Location

 			return nil

 		},

+		func(in *MasterVolumeConfig, out *internal.MasterVolumeConfig, s conversion.Scope) error {

+			out.DynamicProvisioningEnabled = (in.DynamicProvisioningEnabled == nil) || (*in.DynamicProvisioningEnabled)

+			return nil

+		},

+		func(in *internal.MasterVolumeConfig, out *MasterVolumeConfig, s conversion.Scope) error {

+			enabled := in.DynamicProvisioningEnabled

+			out.DynamicProvisioningEnabled = &enabled

+			return nil

+		},

 		api.Convert_resource_Quantity_To_resource_Quantity,

 	)

 	if err != nil {

@@ -408,6 +408,7 @@ var map_MasterConfig = map[string]string{

 	"projectConfig":          "ProjectConfig holds information about project creation and defaults",

 	"routingConfig":          "RoutingConfig holds information about routing and route generation",

 	"networkConfig":          "NetworkConfig to be passed to the compiled in network plugin",

+	"volumeConfig":           "MasterVolumeConfig contains options for configuring volume plugins in the master node.",

 }

 func (MasterConfig) SwaggerDoc() map[string]string {

@@ -427,6 +428,15 @@ func (MasterNetworkConfig) SwaggerDoc() map[string]string {

 	return map_MasterNetworkConfig

 }

+var map_MasterVolumeConfig = map[string]string{

+	"": "MasterVolumeConfig contains options for configuring volume plugins in the master node.",

+	"dynamicProvisioningEnabled": "DynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true",

+}

+

+func (MasterVolumeConfig) SwaggerDoc() map[string]string {

+	return map_MasterVolumeConfig

+}

+

 var map_NamedCertificate = map[string]string{

 	"":      "NamedCertificate specifies a certificate/key, and the names it should be served for",

 	"names": "Names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.",

@@ -484,6 +494,15 @@ func (NodeNetworkConfig) SwaggerDoc() map[string]string {

 	return map_NodeNetworkConfig

 }

+var map_NodeVolumeConfig = map[string]string{

+	"":           "NodeVolumeConfig contains options for configuring volumes on the node.",

+	"localQuota": "LocalQuota contains options for controlling local volume quota on the node.",

+}

+

+func (NodeVolumeConfig) SwaggerDoc() map[string]string {

+	return map_NodeVolumeConfig

+}

+

 var map_OAuthConfig = map[string]string{

 	"":                            "OAuthConfig holds the necessary configuration options for OAuth authentication",

 	"masterCA":                    "MasterCA is the CA for verifying the TLS connection back to the MasterURL.",

@@ -762,12 +781,3 @@ var map_UserAgentMatchingConfig = map[string]string{

 func (UserAgentMatchingConfig) SwaggerDoc() map[string]string {

 	return map_UserAgentMatchingConfig

 }

-

-var map_VolumeConfig = map[string]string{

-	"":           "VolumeConfig contains options for configuring volumes on the node.",

-	"localQuota": "LocalQuota contains options for controlling local volume quota on the node.",

-}

-

-func (VolumeConfig) SwaggerDoc() map[string]string {

-	return map_VolumeConfig

-}

@@ -71,15 +71,21 @@ type NodeConfig struct {

 	IPTablesSyncPeriod string `json:"iptablesSyncPeriod"`

 	// VolumeConfig contains options for configuring volumes on the node.

-	VolumeConfig VolumeConfig `json:"volumeConfig"`

+	VolumeConfig NodeVolumeConfig `json:"volumeConfig"`

 }

-// VolumeConfig contains options for configuring volumes on the node.

-type VolumeConfig struct {

+// NodeVolumeConfig contains options for configuring volumes on the node.

+type NodeVolumeConfig struct {

 	// LocalQuota contains options for controlling local volume quota on the node.

 	LocalQuota LocalQuota `json:"localQuota"`

 }

+// MasterVolumeConfig contains options for configuring volume plugins in the master node.

+type MasterVolumeConfig struct {

+	// DynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true

+	DynamicProvisioningEnabled *bool `json:"dynamicProvisioningEnabled"`

+}

+

 // LocalQuota contains options for controlling local volume quota on the node.

 type LocalQuota struct {

 	// FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID.

@@ -219,6 +225,9 @@ type MasterConfig struct {

 	// NetworkConfig to be passed to the compiled in network plugin

 	NetworkConfig MasterNetworkConfig `json:"networkConfig"`

+

+	// MasterVolumeConfig contains options for configuring volume plugins in the master node.

+	VolumeConfig MasterVolumeConfig `json:"volumeConfig"`

 }

 // ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images

@@ -459,6 +459,8 @@ servingInfo:

     keyFile: ""

     names: null

   requestTimeoutSeconds: 0

+volumeConfig:

+  dynamicProvisioningEnabled: false

 `

 )

@@ -665,6 +667,9 @@ func TestMasterConfig(t *testing.T) {

 			},

 			PluginOrderOverride: []string{"plugin"}, // explicitly set this field because it's omitempty

 		},

+		VolumeConfig: internal.MasterVolumeConfig{

+			DynamicProvisioningEnabled: false,

+		},

 	}

 	serializedConfig, err := writeYAML(config)

 	if err != nil {

@@ -116,7 +116,7 @@ func ValidateKubeletExtendedArguments(config api.ExtendedArguments, fldPath *fie

 	return ValidateExtendedArguments(config, kubeletoptions.NewKubeletServer().AddFlags, fldPath)

 }

-func ValidateVolumeConfig(config api.VolumeConfig, fldPath *field.Path) field.ErrorList {

+func ValidateVolumeConfig(config api.NodeVolumeConfig, fldPath *field.Path) field.ErrorList {

 	allErrs := field.ErrorList{}

 	if config.LocalQuota.PerFSGroup != nil && config.LocalQuota.PerFSGroup.Value() < 0 {

@@ -66,7 +66,7 @@ func TestFailingKubeletArgs(t *testing.T) {

 func TestInvalidProjectEmptyDirQuota(t *testing.T) {

 	negQuota := resource.MustParse("-1000Mi")

 	nodeCfg := configapi.NodeConfig{

-		VolumeConfig: configapi.VolumeConfig{

+		VolumeConfig: configapi.NodeVolumeConfig{

 			LocalQuota: configapi.LocalQuota{

 				PerFSGroup: &negQuota,

 			},

@@ -253,6 +253,10 @@ func (args MasterArgs) BuildSerializeableMasterConfig() (*configapi.MasterConfig

 			HostSubnetLength:   args.NetworkArgs.HostSubnetLength,

 			ServiceNetworkCIDR: args.NetworkArgs.ServiceNetworkCIDR,

 		},

+

+		VolumeConfig: configapi.MasterVolumeConfig{

+			DynamicProvisioningEnabled: true,

+		},

 	}

 	if args.ListenArg.UseTLS() {

@@ -607,7 +607,9 @@ func startControllers(oc *origin.MasterConfig, kc *kubernetes.MasterConfig) erro

 		kc.RunEndpointController()

 		kc.RunNamespaceController(namespaceControllerClientSet, namespaceControllerClientPool)

 		kc.RunPersistentVolumeClaimBinder(binderClient)

-		kc.RunPersistentVolumeProvisioner(provisionerClient)

+		if oc.Options.VolumeConfig.DynamicProvisioningEnabled {

+			kc.RunPersistentVolumeProvisioner(provisionerClient)

+		}

 		kc.RunPersistentVolumeClaimRecycler(oc.ImageFor("recycler"), recyclerClient, oc.Options.PolicyConfig.OpenShiftInfrastructureNamespace)

 		kc.RunGCController(gcClient)