cloud-provider-openstack icon indicating copy to clipboard operation
cloud-provider-openstack copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

[manila-csi-plugin] Support for `cloud-config` secret

Open GlassOfWhiskey opened this issue 1 year ago • 11 comments

/kind feature

What happened: All the other OpenStack-related plugins support a cloud-config secret that contains credentials for authentication with the keystone. Conversely, Manila CSI Plugin wants its own format for auth secrets, making it difficult to integrate it with existing Kubernetes-on-Openstack environments (e.g., the Charmed Kubernetes Distribution.

What you expected to happen: it would be easier to mount the same cloud-config secret in all the OpenStack plugins ecosystem, instead of having a different integration path just for Manila. Is it something feasible?

GlassOfWhiskey avatar Feb 03 '24 10:02 GlassOfWhiskey

I don't know detail of Manila about its secret mgmt if what you said apply to it I agree it's reasonable to update and Manila used to be done by @gman0 before @GlassOfWhiskey do you want to work on this by submit PR ?

jichenjc avatar Feb 07 '24 08:02 jichenjc

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar May 07 '24 08:05 k8s-triage-robot

/remove-lifecycle stale

GlassOfWhiskey avatar May 07 '24 09:05 GlassOfWhiskey

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Jun 06 '24 10:06 k8s-triage-robot

/remove-lifecycle rotten

gouthampacha avatar Jun 06 '24 22:06 gouthampacha

+1 for this.

When we deploy Kubernetes, we create one secret containing a clouds.yaml with an application credential inside, then mount that into the Cinder CSI and OCCM pods. I was hoping to do the same for Manila, but this has scuppered me.

It would be less of a problem if Manila didn't require the region to be specified, which should be implicit in the application credential (it is for the other components), although still irritating.

mkjpryor avatar Jun 18 '24 15:06 mkjpryor

I'm also interested in this feature. Without having looked, I doubt Manila genuinely needs Region, btw.

mdbooth avatar Jun 19 '24 09:06 mdbooth