search

container-storage-interface / spec

Container Storage Interface (CSI) Specification.
Apache License 2.0
1.34k stars 373 forks source link

Is possible to add Secret to NodeUnpublishVolume? #400

Open zhucan opened 4 years ago

zhucan commented 4 years ago

https://kubernetes-csi.github.io/docs/secrets-and-credentials-storage-class.html

Our node plugin doesn't implement ControllerPublishVolume and ControllerPublishVolume, But we want to make connection with backend storage with username and password(the storage username and password has been stored in the secret) @saad-ali

jdef commented 4 years ago

This has come up before and has been rejected. Can you explain your use case in more detail?

On Fri, Nov 22, 2019 at 4:21 AM Louis Koo notifications@github.com wrote:

https://kubernetes-csi.github.io/docs/secrets-and-credentials-storage-class.html

Our node plugin doesn't implement ControllerPublishVolume and ControllerPublishVolume, But we want to make connection with backend storage with username and password(the storage username and password has been stored in the secret)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/container-storage-interface/spec/issues/400?email_source=notifications&email_token=AAR5KLF7LU34NJPEYRIM5RDQU6QA3A5CNFSM4JQN6R4KYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H3KTTEQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAR5KLEVH6ZSN2ZIUDYUK4TQU6QA3ANCNFSM4JQN6R4A .

-- James DeFelice 585.241.9488 (voice) 650.649.6071 (fax)

zhucan commented 4 years ago

@jdef When deleting pod, need to disconnect from storage, we want to know the url、username、password about the backend storage, but there is no other params in the NodeUnpublishVolume function.

zhucan commented 4 years ago

@jdef @saad-ali Is it possible to add the Secret to the NodeUnpublishVolume?

jdef commented 4 years ago

We've been down this road before. I don't see any new, compelling reason to add secrets here. It should always be possible to unpublish/unstage regardless of secrets. If you need a token for such operations, the plugin should save it a priori in the stage RPC.

On Wed, Jan 15, 2020, 5:18 AM Louis Koo notifications@github.com wrote:

@jdef https://github.com/jdef @saad-ali https://github.com/saad-ali Is it possible to add the Secret to the NodeUnpublishVolume?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/container-storage-interface/spec/issues/400?email_source=notifications&email_token=AAR5KLFN5BNQWSIXRRKXNWDQ53PF7A5CNFSM4JQN6R4KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEI7ZNNA#issuecomment-574592692, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAR5KLDB5E3XGWAQEBONMS3Q53PF7ANCNFSM4JQN6R4A .