csi.md

Current status with respect to the Kubernetes CSIVolumeSource API

So let's take each part of the CSIVolumeSource:

• for the Driver string field, it needs to be "csi-driver-projected-resource.openshift.io".
• for the VolumeAttributes map, this driver currently adds the "share" key (which maps the the Share instance your Pod wants to use) in addition to the elements of the Pod the kubelet stores when contacting the driver to provision the Volume. See this list.
• the ReadOnly field is ignored, as the this driver's controller actively updates the Volume as the underlying Secret or ConfigMap change, or as the Share or the RBAC related to the Share change. NOTE: we are looking at providing ReadOnly volume support in future updates.
• the FSType field is ignored. This driver by design only supports tmpfs, with a different mount performed for each Volume, in order to defer all SELinux concerns to the kubelet.
• the NodePublishSecretRef field is ignored. The CSI NodePublishVolume and NodeUnpublishVolume flows gate the permission evaluation required for the Volume by performing SubjectAccessReviews against the reference Share instance, using the serviceAccount of the Pod as the subject.