@@ -854,13 +854,19 @@ message VolumeCapability {
854854 message MountVolume {
855855 // The filesystem type. This field is OPTIONAL.
856856 // An empty string is equal to an unspecified field value.
857+ // If SP has DEFER_FS_OPS node capability and CO specifies
858+ // fs_defer_ops = true then SP MUST pass this field
859+ // to the container runtime that will mount the file system.
857860 string fs_type = 1;
858861
859862 // The mount options that can be used for the volume. This field is
860863 // OPTIONAL. `mount_flags` MAY contain sensitive information.
861864 // Therefore, the CO and the Plugin MUST NOT leak this information
862865 // to untrusted entities. The total size of this repeated field
863866 // SHALL NOT exceed 4 KiB.
867+ // If SP has DEFER_FS_OPS node capability and CO specifies
868+ // fs_defer_ops = true then SP MUST pass this field
869+ // to the container runtime that will mount the file system.
864870 repeated string mount_flags = 2;
865871
866872 // If SP has VOLUME_MOUNT_GROUP node capability and CO provides
@@ -874,7 +880,32 @@ message VolumeCapability {
874880 // manner, unless otherwise modified by a workload, that they are
875881 // both readable and writable by said mount group identifier.
876882 // This is an OPTIONAL field.
883+ <<<<<<< HEAD
877884 string volume_mount_group = 3;
885+ =======
886+ string volume_mount_group = 3 [(alpha_field) = true];
887+
888+ // If SP has DEFER_FS_OPS_WITH_SUPPLEMENTAL_GROUP node capability
889+ // and CO provides this field then SP MUST ensure that the
890+ // volume_supplemental_group parameter is passed as a supplemental
891+ // Group ID that owns the file system after it has been mounted by
892+ // the container runtime handler.
893+ // A CO MUST NOT populate this field if defer_fs_ops is empty
894+ // This is an OPTIONAL field.
895+ string volume_supplemental_group = 4 [(alpha_field) = true];
896+
897+ // If SP has DEFER_FS_OPS_WITH_SUPPLEMENTAL_GROUP_CHANGE_POLICY node
898+ // capability and CO provides this field then SP MUST ensure that
899+ // the volume_supplemental_group_change_policy parameter is passed
900+ // as the policy through which ownership by a supplemental Group ID
901+ // is set after it has been mounted by the container runtime
902+ // handler.
903+ // A CO MUST NOT populate this field if defer_fs_ops or
904+ // volume_supplemental_group is empty
905+ // This is an OPTIONAL field.
906+ string volume_supplemental_group_change_policy = 5
907+ [(alpha_field) = true];
908+ >>>>>>> 6f051a7 (Runtime Assisted Mount and Manamgent enhancements)
878909 }
879910
880911 // Specify how a volume can be accessed.
@@ -2349,6 +2380,13 @@ message NodePublishVolumeRequest {
23492380 // This field is OPTIONAL and MUST match the volume_context of the
23502381 // volume identified by `volume_id`.
23512382 map<string, string> volume_context = 8;
2383+
2384+ // Indicates SP MUST defer file system mount and any post-mount
2385+ // configuration operations (such as application of file system
2386+ // ownership by a supplemental group, if supported) to
2387+ // a container runtime handler.
2388+ // This field is OPTIONAL.
2389+ bool defer_fs_ops = 9;
23522390}
23532391
23542392message NodePublishVolumeResponse {
@@ -2399,6 +2437,11 @@ message NodeUnpublishVolumeRequest {
23992437 // system/filesystem, but, at a minimum, SP MUST accept a max path
24002438 // length of at least 128 bytes.
24012439 string target_path = 2;
2440+
2441+ // Indicates SP MUST defer file system dismount and cleanup
2442+ // to a container runtime handler.
2443+ // This field is OPTIONAL.
2444+ bool defer_fs_ops = 3;
24022445}
24032446
24042447message NodeUnpublishVolumeResponse {
@@ -2455,6 +2498,11 @@ message NodeGetVolumeStatsRequest {
24552498 // system/filesystem, but, at a minimum, SP MUST accept a max path
24562499 // length of at least 128 bytes.
24572500 string staging_target_path = 3;
2501+
2502+ // Indicates SP MUST obtain file system stats from a
2503+ // container runtime handler (that has mounted the file system).
2504+ // This field is OPTIONAL.
2505+ bool defer_fs_ops = 4;
24582506}
24592507
24602508message NodeGetVolumeStatsResponse {
@@ -2571,6 +2619,22 @@ message NodeServiceCapability {
25712619 // with provided volume group identifier during node stage
25722620 // or node publish RPC calls.
25732621 VOLUME_MOUNT_GROUP = 6;
2622+
2623+ // Indicates that Node service supports deferring file system
2624+ // mount and management operations to a container runtime handler.
2625+ DEFER_FS_OPS = 7 [(alpha_enum_value) = true];
2626+
2627+ // Indicates that Node service supports passing a supplemental
2628+ // Group ID as a post mount configuration when deferring
2629+ // file system mount to a container runtime handler.
2630+ DEFER_FS_OPS_WITH_SUPPLEMENTAL_GROUP = 8
2631+ [(alpha_enum_value) = true];
2632+
2633+ // Indicates that Node service supports passing a supplemental
2634+ // Group ID change policy as a post mount configuration when
2635+ // deferring file system mount to a container runtime handler.
2636+ DEFER_FS_OPS_WITH_SUPPLEMENTAL_GROUP_CHANGE_POLICY = 9
2637+ [(alpha_enum_value) = true];
25742638 }
25752639
25762640 Type type = 1;
@@ -2640,6 +2704,13 @@ message NodeGetInfoResponse {
26402704 // Indicates the node exists within the "region" "R1" and the "zone"
26412705 // "Z2".
26422706 Topology accessible_topology = 3;
2707+
2708+ // If SP has DEFER_FS_OPS node capability, a plugin MUST populate
2709+ // this field with the list of file systems that it supports. A CO
2710+ // SHOULD use this to match the deferral capabilities of a plugin
2711+ // with a container runtime handler for a workload.
2712+ // This field is OPTIONAL.
2713+ repeated string supported_file_systems = 4;
26432714}
26442715```
26452716
@@ -2717,6 +2788,11 @@ message NodeExpandVolumeRequest {
27172788 // section on how to use this field.
27182789 map<string, string> secrets = 6
27192790 [(csi_secret) = true, (alpha_field) = true];
2791+
2792+ // Indicates SP MUST defer file system expansion to a
2793+ // container runtime handler (that has mounted the file system).
2794+ // This field is OPTIONAL.
2795+ bool defer_fs_ops = 7 [(alpha_enum_value) = true];
27202796}
27212797
27222798message NodeExpandVolumeResponse {
@@ -2785,6 +2861,13 @@ message NodeExpandVolumeResponse {
27852861* Plugins SHALL NOT create additional files or directories adjacent to the UNIX socket specified by ` CSI_ENDPOINT ` ; violations of this requirement constitute "abuse".
27862862 * The Plugin Supervisor is the ultimate authority of the directory in which the UNIX socket endpoint is created and MAY enforce policies to prevent and/or mitigate abuse of the directory by Plugins.
27872863
2864+ #### Deferring Filesystem Mount and Management to a Container Runtime Handler
2865+ A Plugin may have the capability to defer file system mount and management operations to a container runtime handler.
2866+ The CO SHOULD populate ` defer_fs_ops ` as ` True ` in CSI Node APIs when the following conditions are fulfilled:
2867+ - The container runtime handler (associated with a workload) supports deferral of file system mount and management operations from a CSI plugin.
2868+ - The CSI plugin is able to support deferral of file system mount and management operations to a container runtime handler.
2869+ - Both container runtime handler and CSI plugin is compatible around support for mounting specific file systems and applying post-mount configuration based on the workload spec (e.g. supplemental group ownership)
2870+
27882871### Supervised Lifecycle Management
27892872
27902873* For Plugins packaged in software form:
0 commit comments