mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-11 06:02:18 +00:00
Merge pull request #54013 from vladimirvivien/scaleio-secret-multi-tenancy
Automatic merge from submit-queue (batch tested with PRs 49865, 53731, 54013, 54513, 51502). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. ScaleIO - Ability to specify Secret's name and namespace **What this PR does / why we need it**: This PR is to decouple the ScaleIO secret from the same namespace as that of the StorageClass/PVC/PV that uses it (#53619). Currently, authorized non-admin k8s user, who creates volumes, may end up having unauthorized access to ScaleIO secret information. This PR introduces secret parameter that allows specification of secret's namespace. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #53619 **Release note**: ```release-note ScaleIO persistent volumes now support referencing a secret in a namespace other than the bound persistent volume claim's namespace; this is controlled during provisioning with the `secretNamespace` storage class parameter; StoragePool and ProtectionDomain attributes no longer defaults to the value `default` ```
This commit is contained in:
Kubernetes Submit Queue
GitHub
@@ -68785,7 +68785,7 @@
|
||||
},
|
||||
"scaleIO": {
|
||||
"description": "ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.",
|
||||
"$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource"
|
||||
"$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource"
|
||||
},
|
||||
"storageClassName": {
|
||||
"description": "Name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.",
|
||||
@@ -69839,6 +69839,56 @@
|
||||
}
|
||||
}
|
||||
},
|
||||
"io.k8s.api.core.v1.ScaleIOPersistentVolumeSource": {
|
||||
"description": "ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume",
|
||||
"required": [
|
||||
"gateway",
|
||||
"system",
|
||||
"secretRef"
|
||||
],
|
||||
"properties": {
|
||||
"fsType": {
|
||||
"description": "Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.",
|
||||
"type": "string"
|
||||
},
|
||||
"gateway": {
|
||||
"description": "The host address of the ScaleIO API Gateway.",
|
||||
"type": "string"
|
||||
},
|
||||
"protectionDomain": {
|
||||
"description": "The name of the ScaleIO Protection Domain for the configured storage.",
|
||||
"type": "string"
|
||||
},
|
||||
"readOnly": {
|
||||
"description": "Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"secretRef": {
|
||||
"description": "SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.",
|
||||
"$ref": "#/definitions/io.k8s.api.core.v1.SecretReference"
|
||||
},
|
||||
"sslEnabled": {
|
||||
"description": "Flag to enable/disable SSL communication with Gateway, default false",
|
||||
"type": "boolean"
|
||||
},
|
||||
"storageMode": {
|
||||
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.",
|
||||
"type": "string"
|
||||
},
|
||||
"storagePool": {
|
||||
"description": "The ScaleIO Storage Pool associated with the protection domain.",
|
||||
"type": "string"
|
||||
},
|
||||
"system": {
|
||||
"description": "The name of the storage system as configured in ScaleIO.",
|
||||
"type": "string"
|
||||
},
|
||||
"volumeName": {
|
||||
"description": "The name of a volume already created in the ScaleIO system that is associated with this volume source.",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"io.k8s.api.core.v1.ScaleIOVolumeSource": {
|
||||
"description": "ScaleIOVolumeSource represents a persistent ScaleIO volume",
|
||||
"required": [
|
||||
@@ -69856,7 +69906,7 @@
|
||||
"type": "string"
|
||||
},
|
||||
"protectionDomain": {
|
||||
"description": "The name of the Protection Domain for the configured storage (defaults to \"default\").",
|
||||
"description": "The name of the ScaleIO Protection Domain for the configured storage.",
|
||||
"type": "string"
|
||||
},
|
||||
"readOnly": {
|
||||
@@ -69872,11 +69922,11 @@
|
||||
"type": "boolean"
|
||||
},
|
||||
"storageMode": {
|
||||
"description": "Indicates whether the storage for a volume should be thick or thin (defaults to \"thin\").",
|
||||
"description": "Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.",
|
||||
"type": "string"
|
||||
},
|
||||
"storagePool": {
|
||||
"description": "The Storage Pool associated with the protection domain (defaults to \"default\").",
|
||||
"description": "The ScaleIO Storage Pool associated with the protection domain.",
|
||||
"type": "string"
|
||||
},
|
||||
"system": {
|
||||
|
||||
Reference in New Issue
Block a user