Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update secrets documentation with new keys and template variables #168

Merged
merged 1 commit into from
Jun 4, 2019
Merged

Update secrets documentation with new keys and template variables #168

merged 1 commit into from
Jun 4, 2019

Conversation

ggriffiths
Copy link
Member

@ggriffiths ggriffiths commented Jun 1, 2019
edited
Loading

Fixes #150

Release notes:

NONE

@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Jun 1, 2019
@k8s-ci-robot k8s-ci-robot requested review from lpabon and saad-ali June 1, 2019 00:33
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 1, 2019
@ggriffiths
Copy link
Member Author

/assign @msau42

msau42
msau42 reviewed Jun 3, 2019
View reviewed changes
book/src/secrets-and-credentials.md
The value of `csi.storage.k8s.io/provisioner-secret-name` also supports the following template variables which are automatically replaced by the `external-provisioner` at provision time:

* `${pvc.name}`
* Automatically replaced with the name of the `PersistentVolumeClaim` object being provisioned.

If specified, the CSI `external-provisioner` will attempt to fetch the secret before provisioning and deletion.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also add a note here that for deletion, if the entire namespace was deleted (including the secret needed for deletion), then no secret will be passed to the delete call. If the driver requires a deletion secret and this happens, then the volume and the PV may need to be manually cleaned up.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a note for this 👍

@ggriffiths ggriffiths force-pushed the ggriffiths-patch-2 branch from 3bb1056 to da7492c Compare June 3, 2019 17:58
msau42
msau42 reviewed Jun 3, 2019
View reviewed changes
book/src/secrets-and-credentials.md Outdated
If the entire namespace was deleted, including the secret needed for deletion, then no secret will be passed to the
delete call. If this happens when the driver requires a secret for deletion, then the volume and PV may need to be
manually cleaned up.

If no such secret exists in the Kubernetes API, or the provisioner is unable to fetch it, the provision or delete operation fails.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence also has to be updated :-)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated this and moved the sentence about manually cleaning up to be after this.

@ggriffiths ggriffiths force-pushed the ggriffiths-patch-2 branch from da7492c to c1606c6 Compare June 4, 2019 00:31
@ggriffiths
Update secrets documentation with supported keys
6ea8817 
- there was a typo for NodePublish and NodeStage docs
- added a new example with secret provided for multiple operations.
- updated the provisioner secrets based on recent changes allowing pvc.name and pvc.namespace.
@ggriffiths ggriffiths force-pushed the ggriffiths-patch-2 branch from c1606c6 to 6ea8817 Compare June 4, 2019 00:34
@msau42
Copy link
Collaborator

msau42 commented Jun 4, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 4, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ggriffiths, msau42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 4, 2019
@k8s-ci-robot k8s-ci-robot merged commit 7cd9b70 into kubernetes-csi:master Jun 4, 2019
@ggriffiths ggriffiths mentioned this pull request Oct 18, 2019
Closed
6 tasks
@ggriffiths ggriffiths mentioned this pull request Dec 11, 2019
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msau42 msau42 msau42 left review comments

@lpabon lpabon Awaiting requested review from lpabon

@saad-ali saad-ali Awaiting requested review from saad-ali

Assignees

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add more examples for secret templating
3 participants
@ggriffiths @msau42 @k8s-ci-robot