spec icon indicating copy to clipboard operation
spec copied to clipboard

Published 20 hours ago verified publisher icon container-storage-interface

Missing parameter during NodeUnStageVolume and NodeUnPublishVolume calls

Open hoyho opened this issue 5 years ago • 0 comments

According to the spec here https://github.com/container-storage-interface/spec/blob/master/spec.md#nodeunpublishvolume

This RPC is a reverse operation of NodePublishVolume. This RPC MUST undo the work by the corresponding NodePublishVolume

NodePublishVolumeRequest have include a optional parameter: map<string, string> secrets = 7 [(csi_secret) = true];

IMO, if we use secrets in NodeStageVolume and NodePublishVolume, in all likelihood, we need the secrets for NodeUnStageVolume and NodeUnPublishVolume too because This RPC is a reverse operation of NodePublishVolume and we may need it to undo something

Here is the user case for the secrets use in NodeStageVolume and NodePublishVolume. when mounting a volume, kubelet eventually call NodeStageVolume and NodePublishVolume. CSI driver probably need to verify with their storage backend , which required the secrets to authenticate or do something else. So does NodeUnStageVolume or NodeUnPublishVolume.

I also have a look at previous design, both CreateVolumeRequest & DeleteVolumeRequest and ControllerPublishVolumeRequest & ControllerUnpublishVolumeRequest have include secrets. So I think it should be reasonable to add secret to request of NodeUnStageVolume and NodeUnPublishVolume

hoyho avatar Dec 04 '19 07:12 hoyho