controllerserver: using storageclass secrets instead of mounting secret

- Following the suggestions in the CSI spec (https://kubernetes-csi.github.io/docs/secrets-and-credentials.html) and referencing other CSI driver implementations, change the previous approach of directly mounting the k8s secret to the controller server to follow CSI spec and use CSI sidecar to pass it. - Integrate the CSIControllerConfig and SpdkSecrets into the config.go file. Signed-off-by: Xin Yang <[email protected]> Change-Id: I482a5ec439905830560dc651758574571d34fa2e Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk-csi/+/19060 Tested-by: SPDK CI Jenkins <[email protected]> Reviewed-by: Jim Harris <[email protected]> Reviewed-by: Yibo Cai <[email protected]>
spdk · Nov 2, 2023 · 0875a00 · 0875a00
1 parent 729574c
commit 0875a00
Show file tree

Hide file tree

Showing 8 changed files with 210 additions and 138 deletions.
diff --git a/charts/spdk-csi/templates/controller.yaml b/charts/spdk-csi/templates/controller.yaml
@@ -54,9 +54,6 @@ spec:
         - name: spdkcsi-config
           mountPath: /etc/spdkcsi-config/
           readOnly: true
-        - name: spdkcsi-secret
-          mountPath: /etc/spdkcsi-secret/
-          readOnly: true
       - name: spdkcsi-snapshotter
         image: "{{ .Values.image.csiSnapshotter.repository }}:{{ .Values.image.csiSnapshotter.tag }}"
         args:
@@ -78,6 +75,3 @@ spec:
       - name: spdkcsi-config
         configMap:
           name: spdkcsi-cm
-      - name: spdkcsi-secret
-        secret:
-          secretName: spdkcsi-secret
diff --git a/charts/spdk-csi/templates/storageclass.yaml b/charts/spdk-csi/templates/storageclass.yaml
@@ -11,6 +11,8 @@ metadata:
 provisioner: csi.spdk.io
 parameters:
   fsType: ext4
+  csi.storage.k8s.io/provisioner-secret-name: spdkcsi-secret
+  csi.storage.k8s.io/provisioner-secret-namespace: default
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
 {{- end -}}
diff --git a/deploy/kubernetes/controller.yaml b/deploy/kubernetes/controller.yaml
@@ -62,16 +62,10 @@ spec:
         - name: spdkcsi-config
           mountPath: /etc/spdkcsi-config/
           readOnly: true
-        - name: spdkcsi-secret
-          mountPath: /etc/spdkcsi-secret/
-          readOnly: true
       volumes:
       - name: socket-dir
         emptyDir:
           medium: "Memory"
       - name: spdkcsi-config
         configMap:
           name: spdkcsi-cm
-      - name: spdkcsi-secret
-        secret:
-          secretName: spdkcsi-secret
diff --git a/deploy/kubernetes/snapshotclass.yaml b/deploy/kubernetes/snapshotclass.yaml
@@ -10,4 +10,6 @@ metadata:
 driver: csi.spdk.io
 parameters:
   fsType: ext4
+  csi.storage.k8s.io/snapshotter-secret-name: spdkcsi-secret
+  csi.storage.k8s.io/snapshotter-secret-namespace: default
 deletionPolicy: Delete
diff --git a/deploy/kubernetes/storageclass.yaml b/deploy/kubernetes/storageclass.yaml
@@ -9,5 +9,7 @@ metadata:
 provisioner: csi.spdk.io
 parameters:
   fsType: ext4
+  csi.storage.k8s.io/provisioner-secret-name: spdkcsi-secret
+  csi.storage.k8s.io/provisioner-secret-namespace: default
 reclaimPolicy: Delete
 volumeBindingMode: Immediate