[manila-csi-plugin] Support for `cloud-config` secret

kubernetes / cloud-provider-openstack

Apache License 2.0

613 stars 599 forks source link

[manila-csi-plugin] Support for `cloud-config` secret #2532

Open GlassOfWhiskey opened 7 months ago

GlassOfWhiskey commented 7 months ago

/kind feature

What happened: All the other OpenStack-related plugins support a cloud-config secret that contains credentials for authentication with the keystone. Conversely, Manila CSI Plugin wants its own format for auth secrets, making it difficult to integrate it with existing Kubernetes-on-Openstack environments (e.g., the Charmed Kubernetes Distribution.

What you expected to happen: it would be easier to mount the same cloud-config secret in all the OpenStack plugins ecosystem, instead of having a different integration path just for Manila. Is it something feasible?

jichenjc commented 7 months ago

I don't know detail of Manila about its secret mgmt if what you said apply to it I agree it's reasonable to update and Manila used to be done by @gman0 before @GlassOfWhiskey do you want to work on this by submit PR ?

k8s-triage-robot commented 4 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

GlassOfWhiskey commented 4 months ago

/remove-lifecycle stale

k8s-triage-robot commented 3 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle rotten
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

gouthampacha commented 3 months ago

/remove-lifecycle rotten

mkjpryor commented 2 months ago

+1 for this.

When we deploy Kubernetes, we create one secret containing a clouds.yaml with an application credential inside, then mount that into the Cinder CSI and OCCM pods. I was hoping to do the same for Manila, but this has scuppered me.

It would be less of a problem if Manila didn't require the region to be specified, which should be implicit in the application credential (it is for the other components), although still irritating.

mdbooth commented 2 months ago

I'm also interested in this feature. Without having looked, I doubt Manila genuinely needs Region, btw.