So let's take each part of the CSIVolumeSource:
- for the
Driver
string field, it needs to be "csi-driver-projected-resource.openshift.io". - for the
VolumeAttributes
map, this driver currently adds the "share" key (which maps the theShare
instance yourPod
wants to use) in addition to the elements of thePod
the kubelet stores when contacting the driver to provision theVolume
. See this list. - the
ReadOnly
field is ignored, as the this driver's controller actively updates theVolume
as the underlyingSecret
orConfigMap
change, or as theShare
or the RBAC related to theShare
change. NOTE: we are looking at providingReadOnly
volume support in future updates. - the
FSType
field is ignored. This driver by design only supportstmpfs
, with a different mount performed for eachVolume
, in order to defer all SELinux concerns to the kubelet. - the
NodePublishSecretRef
field is ignored. The CSINodePublishVolume
andNodeUnpublishVolume
flows gate the permission evaluation required for theVolume
by performingSubjectAccessReviews
against the referenceShare
instance, using theserviceAccount
of thePod
as the subject.