From 53c6ce99e506116b4cb63c3d97181c87a2380f35 Mon Sep 17 00:00:00 2001 From: Jonathan Dobson Date: Fri, 19 Aug 2022 16:11:50 -0600 Subject: [PATCH] CSI Inline Volumes: add example use cases --- .../en/blog/_posts/2022-08-29-csi-inline-volumes-ga.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/en/blog/_posts/2022-08-29-csi-inline-volumes-ga.md b/content/en/blog/_posts/2022-08-29-csi-inline-volumes-ga.md index f3eeae5e507e9..3c627e9cdd8b3 100644 --- a/content/en/blog/_posts/2022-08-29-csi-inline-volumes-ga.md +++ b/content/en/blog/_posts/2022-08-29-csi-inline-volumes-ga.md @@ -81,6 +81,14 @@ If the driver supports any volume attributes, these may also be provided as part foo: bar ``` +## Example Use Cases + +Two existing CSI drivers that support the `Ephemeral` volume lifecycle mode are the Secrets Store CSI Driver and the Cert-Manager CSI Driver. + +The [Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows users to mount secrets from external secret stores into a pod as an inline volume. This can be useful when the secrets are stored in an external managed service or Vault instance. + +The [Cert-Manager CSI Driver](https://github.com/cert-manager/csi-driver) works along with [cert-manager](https://cert-manager.io/) to seamlessly request and mount certificate key pairs into a pod. This allows the certificates to be renewed and updated in the application pod automatically. + ## Security Considerations Special consideration should be given to which CSI drivers may be used as inline volumes. `volumeAttributes` are typically controlled through the `StorageClass`, and may contain attributes that should remain restricted to the cluster administrator. Allowing a CSI driver to be used for inline ephmeral volumes means that any user with permission to create pods may also provide `volumeAttributes` to the driver through a pod spec.