KEP-3314: CSI Changed Block Tracking (#4082)

* Add draft of CSI CBT KEP

Signed-off-by: Ivan Sim <[email protected]>

* Update KEP status

Signed-off-by: Ivan Sim <[email protected]>

* Initial structure.
Filled in the Proposal, Caveats and Risks.
Put in the CSI spec in the Details section.

* Removed distracting links to common K8s definitions.
Clarified the proposal.

* More caveats.  Better grammar.

* Use "snapshot access session".

* addressed most of the feedback in the PR.

* Updated role figure.

* More refinements.

* Session figure. Renamed figure files.

* Fix background of session figure.

* Updated figures and roles.

* Propose a new role for session data.

* GRPC spec

* Don't propose roles.

* Add user stories in the proposal (#2)

* Add user stories in the proposal

Signed-off-by: Prasad Ghangal <[email protected]>

* Remove acceptance criteria for the user stories

* Make changes suggested by Carl

---------

Signed-off-by: Prasad Ghangal <[email protected]>

* Added details to the manager, sidecar and SP service sections.
Fixed session figure errors and rewrote the client gRPC
description in the risks section.

* Called out UNRESOLVED issues.
More on the SP service and sidecar.

* Resolved issues with expiry and advertising.

* Updated TOC

* Fixed typo and svg space rendering.

* Fixed typo in perms figure.

* Typo in session figure. More detail in user stories.

* Add SnapshotSession CRDs (#5)

* Add SnapshotSession CRDs

* Add CR descriptions

* Address review comments

* Address review comments

* Remove typo

* Remove unnecessary new line

* Added image of the flow when the TokenRequest and TokenReview APIs are used.

* Fixed figure spacing

* Updated permissions svg; removed session.

* Updated figures. Removed session figure.

* Added explanation of permissions.

* Updated overview and risks.

* Updated RPC and components.

* Completed remaining rewrite.

* Updated to CSI spec to reflect container-storage-interface/spec#551

* Removed the security_token and namespace from the gRPC spec.
Pass the security token via the metadata authorization key.
Pass the namespace as part of the K8s snapshot id string.

* Update sections on test plan, PRR and graduation criteria

Signed-off-by: Ivan Sim <[email protected]>

* More neutral language on passing the auth token.

* Updated to reflect changes in the CSI spec PR.

* Use a separate gRPC API for the sidecar.

* Replaced authorization gRPC metadata with a security_token field in request messages.

* Fixed typo.

* Updated CSI spec; downplayed similarity between the K8s and CSI gRPC services.

* Add beta and GA graduation criteria

Signed-off-by: Ivan Sim <[email protected]>

* Updated CSI spec again - no unsigned numbers used.

* Update KEP milestone to v1.30

Signed-off-by: Ivan Sim <[email protected]>

* Update 'Scalability' section

Signed-off-by: Ivan Sim <[email protected]>

* Add sig-auth as participating sigs

Signed-off-by: Ivan Sim <[email protected]>

* Require that the CR be named for the driver.

* Removed the label requirement for the CR.

* Replaced johnbelamaric with soltysh for PRR approver.

* Bump up milestone to v1.31

* Change KEP status to implementable

---------

Signed-off-by: Ivan Sim <[email protected]>
Signed-off-by: Prasad Ghangal <[email protected]>
Signed-off-by: Ivan Sim <[email protected]>
Co-authored-by: Carl Braganza <[email protected]>
Co-authored-by: Prasad Ghangal <[email protected]>

keps/prod-readiness/sig-storage/3314.yaml

@@ -0,0 +1,3 @@
+kep-number: 3314
+alpha:
+  approver: "@soltysh"