Details from the dev epic:

Why is this important?

• CSI volumes allow data to be mounted into containers via ephemeral CSI Volumes.
• Ephemeral CSI volumes are provided by CSI drivers that support this feature. Such drivers include:
  • The secret-store CSI driver, which allows access to sealed secrets in Vault and other cloud providers (GCP, Azure).
  • The projected resource CSI driver, which will be used to share RHEL content access certs across the cluster.
• When using sensitive credentials in a build, accessing secrets as a mounted volume ensure that these credentials are not present in the resulting container image.

Scenarios

1. Access private artifact repositories (Artifactory, jFrog, Mavein)
2. Download RHEL packages in a build

Acceptance Criteria

• Builds can mount a CSI volume in a build
• Content in the CSI volume is not present in the resulting container image.
• If SCCs do not support fine controls over CSI volumes, provide this feature on a TechPreview basis with a feature gate.

Note: Please confirm with Developers if this would land as a TP feature. If yes, we will need to add a TP note for this feature.

Previous Work (Optional):

BUILD-257 - Build Resource Volume Mounts

Notes: Explore if it makes sense to document this issue and the  https://issues.redhat.com/browse/RHDEVDOCS-3000 as two modules in one assembly.