Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-406

Enhancement Proposal - Validating Webhook for Shared Resource CSI Driver


    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • Sprint 215, Sprint 216

      Spike User Stories

      As a developer using the Shared Resource CSI Driver
      I want a webhook that ensures `readOnly: true` is set on volumes for the Shared Resource CSI Driver
      So that pods are not stuck in "Creating" state waiting for a mount that will never succeed.

      As an OpenShift operator maintainer or cluster administrator
      I want to reserve the `openshift-` prefix for SharedSecrets and SharedConfigMaps
      So that future OpenShift operators can create system-level shared resources.

      As an OpenShift operator maintainer or cluster administrator
      I want to ensure that the content in a SharedSecret or SharedConfigMap is valid
      So that consumers of shared resources consume valid content.

      Acceptance Criteria

      • OpenShift Enhancement Proposal addressing spike user stories
      • Agreed to design as to how we are going to deploy this component:
        • Validating webhook managed by the cluster storage operator?
        • Admission plugin inside openshift-apiserver?
      • Ensure proposal meets "Tech Preview" requirements for new OCP components, especially wrt observability ("operate first").


      David Eads and Jan Safranek should be assigned as approvers to this proposal (Auth and Storage representatives). Unclear if any other individuals/teams should be included. Perhaps review from Monitoring for observability bits (ex - questions about metrics and alerting).

            gmontero@redhat.com Gabe Montero
            adkaplan@redhat.com Adam Kaplan
            0 Vote for this issue
            2 Start watching this issue