Add ability in KafkaConnect to use secrets provided by Secrets Store CSI Driver

[jshaptic]

Is your feature request related to a problem? Please describe. At the moment there is no nice way to use secrets for Kafka Connect, which are fetched from cloud key vaults (in our case it is Azure) using Secrets Store CSI Driver project. This CSI driver integrates with cloud key vaults and automatically creates corresponding Kubernetes secrets, but the problem is that it's doing this only when it's mounted as a volume. Detailed behaviour is described in CSI documentation. And at the moment there is no option to specify custom volume mounts in KafkaConnect Strimizi resource neither using KafkaConnectTemplate spec, nor using ExternalConfiguration spec.

Describe the solution you'd like a) Extend externalConfiguration spec, add ability to specify CSI secret provider b) Add ability to manually specifiy volume mounts in KafkaConnect deployment

Describe alternatives you've considered At the moment the only option to use secrets provided by Secrets Store CSI Driver is to run separate dummy pod, which must be started before KafkaConnect, and which will initiate secret syncronization.

[scholzj]

Triaged on 28.4.2022: This makes sense on the functional level. I wonder if the code implementation really differs from #3693 which is about generic volumes. I guess it can be implemented in two ways:

• Add support for the Secret CSI drived to external configuration specifically (next to Kube Secrets and ConfigMaps)
• Add support for it through a general feature for mounting any volumes into the pods.

[lknite]

Is the answer to this on this reddit post? https://www.reddit.com/r/kubernetes/comments/n78d3v/how_to_get_the_deployment_crd_configuration/