Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-746

CSI Inline Volume Support with admission plugin

    XMLWordPrintable

Details

    • Storage: CSI Inline Volume Support
    • 3
    • Storage
    • Green
    • In Progress
    • OCPSTRAT-514 - Ephemeral in-line volumes
    • OCPSTRAT-514Ephemeral in-line volumes
    • 100
    • 100% 100%

    Description

      Goal: 

      The goal is to provide inline volume support (also known as Ephemeral volumes) via a CSI driver/operator. This epic also track the dev of the new admission plugin required to make inline volumes safe.

       

      Problem: 

      • The only practical way to extend pods such that node local integrations can happen is with inline volumes. So if we want to integrate with IAM for per pod credentials, we need inline csi volumes. If we want to do better build cache integration, we need inline csi. 

       

      Why is this important: 

      • (from https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html) Traditionally, volumes that are backed by CSI drivers can only be used with a PersistentVolume and PersistentVolumeClaim object combination. This feature will support ephemeral storage use cases and allows CSI volumes to be specified directly in the pod specification. At runtime, nested inline volumes follow the ephemeral lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed.
      • Vault integration can be implemented via in-line volumes (see https://github.com/deislabs/secrets-store-csi-driver/blob/master/README.md).
      • Inline volumes would allow us to give out tokens for cloud integration and nuke cloud credential operator’s use of secrets.
      • In OpenShift we already have Shared Resource CSI driver, which uses in-line CSI volumes to distribute cluster-wide secrets and/or config maps.

       

      Dependencies (internal and external):

      • CSI API

       

      Prioritized epics + deliverables (in scope / not in scope):

      • In Scope
        • A working CSI based inline volume
        • Documentation
        • Admision plugin
      • Not in Scope
        • Implementing the use cases for inline volumes (i.e. integration with IAM)

      Estimate (XS, S, M, L, XL, XXL):

       

      Previous Work:

      Customers:

      Open questions:

       

      Notes:

       

      Attachments

        Issue Links

          blocks

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. BUILD-389 Shared Resources: Validate Resource Admission

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. STOR-1054 CSI Inline Volume Support (GA)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is depended on by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. STOR-1054 CSI Inline Volume Support (GA)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPSTRAT-475 Enable sharing ConfigMaps and Secrets across namespaces [Tech Preview]

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is duplicated by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. BUILD-354 Secure Ephemeral CSI Volume Mounts

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          GitHub openshift/openshift-docs#47603: OSDOCS-3788:CSI inline ephemeral vols TP-> GA

          GitHub openshift/openshift-tests-private#8024: Auto: OCP-60915

          Activity

            People

              jdobson@redhat.com Jonathan Dobson
              rhn-engineering-jsafrane Jan Safranek
              Penghao Wang Penghao Wang
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 3 weeks
                  3w
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 week Time Not Required
                  1w