As a developer building applications with OpenShift
I want to mount CSI volumes into my build
So that I can use the projected resource CSI driver to access RHEL content access certs
And add RHEL content to my application via `yum install`
- Builds can mount a `csi` volume, and the contents of the volume do not appear in the resulting image.
- Clusters must have the TechPreviewNoUpgrade feature gate enabled to mount these volumes.
- If the build controller doesn't have the CSI volume feature enabled, then builds should fail if they need a `csi` volume to run.
Documentation for builds will need to be updated to enable this feature. This will include examples on how to add `csi` volumes to builds.
Our documentation for using entitlements in builds should also be updated to reference this as an example. Note that we can't replace the current guidance as CSI volumes in builds will be a tech preview feature. We can start with a shared Google Doc here, but we should try to adhere to "no feature freeze" process and submit docs PRs before anything merges.
QE can verify by testing the RHEL entitlement experience end to end - as specified in
No additional PX needed beyond documentation at present.
openshift/api would need to be updated to include the new volume type
openshift/openshift-apiserver would need to have its "internal" API regenerated, and the validations for build volumes would need to be updated.
openshift/openshift-controller-manager would need to add logic to add CSI volume mounts in builds.
openshift/origin will need new tests added to the build suite.
We would need a separate `e2e-builds` suite which enables tech preview features. On a normal cluster, we need an e2e test which verifies that builds which reference CSI volumes fails.
Feature gating this capability will be addressed in
BUILD-280 and BUILD-281.
Openshift-controller-manager must allow the feature gate to be wired through to the build controller. With respect to this, if you search for "
BUILD-275" in the master branch of the OCM repo, you'll see these two hits:
./pkg/build/controller/strategy/util.go: //TODO for
BUILD-275, if csiVolumesEnabled, then we can honor req's to mount CSI volumes to leverage SharedConfigMaps and SharedSecrets
./pkg/build/controller/strategy/util_test.go: //TODO for
BUILD-275, add tests with buildCSIVolumes == true when we pull in csi volumes to leverage SharedConfigMaps and SharedSecrets
e2e test for build CSI volumes will need to utilize the Shared Resource CSI driver. This test should use the simplest form of the API to get either a SharedSecret or SharedConfigMap injected into a build.