This RPC is a reverse operation of NodePublishVolume. This RPC MUST undo the work by the corresponding NodePublishVolume
NodePublishVolumeRequest have include a optional parameter:
map<string, string> secrets = 7 [(csi_secret) = true];
IMO, if we use secrets in NodeStageVolume and NodePublishVolume, in all likelihood, we need the secrets for NodeUnStageVolume and NodeUnPublishVolume too because This RPC is a reverse operation of NodePublishVolume
and we may need it to undo something
Here is the user case for the secrets use in NodeStageVolume and NodePublishVolume.
when mounting a volume, kubelet eventually call NodeStageVolume and NodePublishVolume. CSI driver probably need to verify with their storage backend , which required the secrets to authenticate or do something else. So does NodeUnStageVolume or NodeUnPublishVolume.
I also have a look at previous design, both
CreateVolumeRequest & DeleteVolumeRequest
and ControllerPublishVolumeRequest & ControllerUnpublishVolumeRequest
have include secrets. So I think it should be reasonable to add secret to request of NodeUnStageVolume and NodeUnPublishVolume
According to the spec here https://github.com/container-storage-interface/spec/blob/master/spec.md#nodeunpublishvolume
NodePublishVolumeRequest have include a optional parameter:
map<string, string> secrets = 7 [(csi_secret) = true];
IMO, if we use secrets in
NodeStageVolume
andNodePublishVolume
, in all likelihood, we need the secrets forNodeUnStageVolume
andNodeUnPublishVolume
too because This RPC is a reverse operation of NodePublishVolume and we may need it to undo somethingHere is the user case for the secrets use in NodeStageVolume and NodePublishVolume. when mounting a volume, kubelet eventually call NodeStageVolume and NodePublishVolume. CSI driver probably need to verify with their storage backend , which required the secrets to authenticate or do something else. So does
NodeUnStageVolume
orNodeUnPublishVolume
.I also have a look at previous design, both CreateVolumeRequest & DeleteVolumeRequest and ControllerPublishVolumeRequest & ControllerUnpublishVolumeRequest have include secrets. So I think it should be reasonable to add secret to request of
NodeUnStageVolume
andNodeUnPublishVolume