csi: add nodeExpandSecret KEP details

humblec · humblec · commit bbc868092682 · 2022-07-25T13:50:55.000+05:30
Ref# KEP: kubernetes/enhancements#3173 Implementation: kubernetes/kubernetes#105963 Blog: kubernetes#33979 Signed-off-by: Humble Chirammal <hchiramm@redhat.com>
diff --git a/content/en/docs/concepts/storage/volumes.md b/content/en/docs/concepts/storage/volumes.md
@@ -1218,16 +1218,28 @@ persistent volume:
   `ControllerPublishVolume` and `ControllerUnpublishVolume` calls. This field is
   optional, and may be empty if no secret is required. If the Secret
   contains more than one secret, all secrets are passed.
-* `nodeStageSecretRef`: A reference to the secret object containing
-  sensitive information to pass to the CSI driver to complete the CSI
-  `NodeStageVolume` call. This field is optional, and may be empty if no secret
-  is required. If the Secret contains more than one secret, all secrets
-  are passed.
+`nodeExpandSecretRef`: A reference to the secret containing sensitive
+  information to pass to the CSI driver to complete the CSI
+  `NodeExpandVolume` call. This field is optional, and may be empty if no
+  secret is required. If the object contains more than one secret, all
+  secrets are passed.  When you have configured secret data for node-initiated
+  volume expansion, the kubelet passes that data via the `NodeExpandVolume()`
+  call to the CSI driver. In order to use the `nodeExpandSecretRef` field, your
+  cluster should be running Kubernetes version 1.25 or later and you must enable
+  the [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/)
+  named `CSINodeExpandSecret` for each kube-apiserver and for the kubelet on every
+  node. You must also be using a CSI driver that supports or requires secret data during
+  node-initiated storage resize operations.
 * `nodePublishSecretRef`: A reference to the secret object containing
   sensitive information to pass to the CSI driver to complete the CSI
   `NodePublishVolume` call. This field is optional, and may be empty if no
   secret is required. If the secret object contains more than one secret, all
   secrets are passed.
+* `nodeStageSecretRef`: A reference to the secret object containing
+  sensitive information to pass to the CSI driver to complete the CSI
+  `NodeStageVolume` call. This field is optional, and may be empty if no secret
+  is required. If the Secret contains more than one secret, all secrets
+  are passed.
 
 #### CSI raw block volume support
 
diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md
@@ -86,6 +86,7 @@ different Kubernetes components.
 | `CSIMigrationvSphere` | `false` | Beta | 1.19 | |
 | `CSIMigrationPortworx` | `false` | Alpha | 1.23 | |
 | `csiMigrationRBD` | `false` | Alpha | 1.23 | |
+| `CSINodeExpandSecret` | `false` | Alpha | 1.25 | |
 | `CSIVolumeHealth` | `false` | Alpha | 1.21 | |
 | `ContextualLogging` | `false` | Alpha | 1.24 | |
 | `CustomCPUCFSQuotaPeriod` | `false` | Alpha | 1.12 | |
@@ -761,6 +762,7 @@ Each feature gate is designed for enabling/disabling a specific feature:
   from the Portworx in-tree plugin to Portworx CSI plugin.
   Requires Portworx CSI driver to be installed and configured in the cluster.
 - `CSINodeInfo`: Enable all logic related to the CSINodeInfo API object in `csi.storage.k8s.io`.
+- `CSINodeExpandSecret`: Enable SecretRef to be passed to CSI driver for NodeExpandVolume CSI operation. 
 - `CSIPersistentVolume`: Enable discovering and mounting volumes provisioned through a
   [CSI (Container Storage Interface)](https://git.k8s.io/design-proposals-archive/storage/container-storage-interface.md)
   compatible volume plugin.
