Tommy Murphy
Tommy Murphy
Originally proposed in #460, the gRPC interface has been expanded to allow providers to [return a view of the filesystem in the RPC response](https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/e2f85d3a3a8d3c87fd24170e213284aa70f61e07/provider/v1alpha1/service.proto#L64-L69), making the driver responsible for writing...
**Describe the solution you'd like** Providers return a `MountResponse` with a view of the filesystem and each file has a [`mode`](https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/b8312d1d07918cba0be825f1dbab97c250146c3b/provider/v1alpha1/service.proto#L80-L82) property. This allows providers to control the file permissions...
A possible implementation/fix for: https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/948 This would allow the GCP secret provider class to write some static non-secret data to a file next to the actual secret. This type of...
SecretVersions created after July 2021 all have a checksum either generated by the end user when calling AddSecretVersion or server side by the Secret Manager API when initially written. https://cloud.google.com/secret-manager/docs/data-integrity...
### TL;DR The design outlined in #11 is problematic because it gives broad permissions to the CSI Driver `DaemonSet`, specifically `serviceaccounts/token`. This may break/conflict with the users' ability to use...
https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-cluster-windows
### TL;DR Include documentation for: * requirements for installing the driver + plugin * process for installing the driver + plugin * how to mount secrets into pods and the...
an example round tripper that parses & adds headers to storage to learn pins
rules applied by droplan seem to be pre-empted by docker iptable rules (at least on coreos)
Following a reboot it may take up to 5 minutes (if using the cron method) for iptable rules to be applied, leaving the droplet unprotected. This may not be obvious...