A single "default" storage class secret

[lpabon]

Current Issue

Currently storage classes have each operation have a reference to the secret:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: fast-storage-all
provisioner: csi-driver.team.example.com
parameters:
  type: pd-ssd
  csi.storage.k8s.io/provisioner-secret-name: ${pvc.name}
  csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace}-fast-storage
  csi.storage.k8s.io/node-publish-secret-name: ${pvc.name}-${pvc.annotations['team.example.com/key']}
  csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}-fast-storage

See Docs

Proposal

To have a default that can be overridden by the specific operation secret references, that way as new operations are supported, we do not need to have a large set of repeating information for each operation. The new storageClass would look like this:

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: fast-storage-all
provisioner: csi-driver.team.example.com
parameters:
  type: pd-ssd
  csi.storage.k8s.io/secret-name: ${pvc.name}
  csi.storage.k8s.io/secret-namespace: ${pvc.namespace}-fast-storage
  csi.storage.k8s.io/node-publish-secret-name: ${pvc.name}-${pvc.annotations['team.example.com/key']}
  csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}-fast-storage

Where

  csi.storage.k8s.io/secret-name: ${pvc.name}
  csi.storage.k8s.io/secret-namespace: ${pvc.namespace}-fast-storage

Are the new default secrets if none are specified.

[zhucan]

@lpabon +1 I think all of the operation can use the secret.

[msau42]

#245

[taaraora]

I've started working on this feature.