Open
Description
As we've discussed this in sig-storage meeting, we would like to propose a meaningful feature to CSI spec, which aims at leveraging hypervisor based container runtimes e.g. (KataContainers, virtlet, KubeVirt etc) to use CSI in the future.
- The aim is to make it possible for runtimes like KataContainers to bypass the attach phase and go to mount phase directly, and then, Kata will mount a block device (UPDATE: and other cases as well) to the VM-based-pod directly, instead of doing bind mount which is much slower in hypervisor case.
- Currently, we (Miratis, Hyper etc) are using flexvolume as workaround, e.g. https://github.com/kubernetes/frakti/blob/master/pkg/flexvolume/flexvolume.go While this patch is not portable and can not serve general purpose since it should be bound with specific plugin (e.g. Cinder etc).
- This feature is also in the scope of Secure Runtime feature in sig-node's Q1 plan (p0). We already integrated Kata with CRI and CNI. And CSI will help us a lot to integrate Kata with containerd cri-o etc.
To serve the minimal purpose, only a minor change is expected from CSI side, please refer this slides for details:
https://docs.google.com/presentation/d/1kPeia7wLqoKQI0oX4pvVdH1UpcPx3lpmFK4P_E6oiIc/edit#slide=id.p
The pseudo code of CSI change is here: https://github.com/bergwolf/spec/tree/detached_volume
We can of course schedule meeting or talk in next sync for future discussion, while this issue can be used as feature tracker.
CC:
Kata maintainers @bergwolf @sameo @gnawux
sig-storage @saad-ali @jingxu97
CSI @jieyu
RH: @rootfs Miratis: @ivan4th