Retrieve secrets from a kubernetes secret rather than keeping passwords in the pv's yaml.

[Patricol]

Is your feature request related to a problem?/Why is this needed Using CHAP authentication requires putting all passwords in plaintext in the kubernetes yaml of the persistent_volume resource.

Describe the solution you'd like in detail Instead of having users specify a JSON-encoded-string of various usernames and passwords for CHAP authentication; have them provide a "namespace/secret-name" string and retrieve that JSON-encoded-string from some documented key in the secret.

Describe alternatives you've considered Could also have 8 documented keys for the secret; and pull regular strings (though ofc they will be base64 encoded at rest) from each one.

[Patricol]

Just realized the current design is intended to use CSIPersistentVolumeSource.ControllerPublishSecretRef etc.