-
Story
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
BU Product Work
-
5
-
False
-
False
-
OCPSTRAT-201 - Enable sharing ConfigMaps and Secrets across namespaces [GA]
-
-
Sprint 215, Sprint 216
Spike User Stories
As a developer using the Shared Resource CSI Driver
I want a webhook that ensures `readOnly: true` is set on volumes for the Shared Resource CSI Driver
So that pods are not stuck in "Creating" state waiting for a mount that will never succeed.
As an OpenShift operator maintainer or cluster administrator
I want to reserve the `openshift-` prefix for SharedSecrets and SharedConfigMaps
So that future OpenShift operators can create system-level shared resources.
As an OpenShift operator maintainer or cluster administrator
I want to ensure that the content in a SharedSecret or SharedConfigMap is valid
So that consumers of shared resources consume valid content.
Acceptance Criteria
- OpenShift Enhancement Proposal addressing spike user stories
- Agreed to design as to how we are going to deploy this component:
- Validating webhook managed by the cluster storage operator?
- Admission plugin inside openshift-apiserver?
- Ensure proposal meets "Tech Preview" requirements for new OCP components, especially wrt observability ("operate first").
Notes
David Eads and Jan Safranek should be assigned as approvers to this proposal (Auth and Storage representatives). Unclear if any other individuals/teams should be included. Perhaps review from Monitoring for observability bits (ex - questions about metrics and alerting).