Skip to content

Commit

Permalink
CSI Inline Volumes: add example use cases
Browse files Browse the repository at this point in the history
  • Loading branch information
dobsonj committed Aug 19, 2022
1 parent 4deaa6f commit 53c6ce9
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions content/en/blog/_posts/2022-08-29-csi-inline-volumes-ga.md
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,14 @@ If the driver supports any volume attributes, these may also be provided as part
foo: bar
```

## Example Use Cases

Two existing CSI drivers that support the `Ephemeral` volume lifecycle mode are the Secrets Store CSI Driver and the Cert-Manager CSI Driver.

The [Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows users to mount secrets from external secret stores into a pod as an inline volume. This can be useful when the secrets are stored in an external managed service or Vault instance.

The [Cert-Manager CSI Driver](https://github.com/cert-manager/csi-driver) works along with [cert-manager](https://cert-manager.io/) to seamlessly request and mount certificate key pairs into a pod. This allows the certificates to be renewed and updated in the application pod automatically.

## Security Considerations

Special consideration should be given to which CSI drivers may be used as inline volumes. `volumeAttributes` are typically controlled through the `StorageClass`, and may contain attributes that should remain restricted to the cluster administrator. Allowing a CSI driver to be used for inline ephmeral volumes means that any user with permission to create pods may also provide `volumeAttributes` to the driver through a pod spec.
Expand Down

0 comments on commit 53c6ce9

Please sign in to comment.