Update KEP to remove reference to mount option fsgroup for now

Author: gnufied

keps/sig-storage/695-skip-permission-change/README.md

@@ -10,7 +10,6 @@
   - [Non-Goals](#non-goals)
 - [Proposal](#proposal)
   - [Implementation Details/Notes/Constraints [optional]](#implementation-detailsnotesconstraints-optional)
-    - [Handling of volume types that apply gid as a mount option](#handling-of-volume-types-that-apply-gid-as-a-mount-option)
   - [Risks and Mitigations](#risks-and-mitigations)
 - [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
   - [Feature enablement and rollback](#feature-enablement-and-rollback)
@@ -106,37 +105,6 @@ type PodSecurityContext struct {
 }
 ```
 
-#### Handling of volume types that apply gid as a mount option
-
-Handling of volume types that use fsGroup as a mount option is out of scope for 1.20 beta, but following section still describes the general mechanism that will be used.
-
-We propose following API change to `CSIDriver` type to allow drivers to declare support for applying fsGroup during mount time.
-
-```go
-const (
-    ReadWriteOnceWithFSTypeFSGroupPolicy FSGroupPolicy = "ReadWriteOnceWithFSType"
-    FileFSGroupPolicy FSGroupPolicy = "File"
-
-    // OnMountFSGroupPolicy indicates that CSI driver supports changing volume ownership via
-    // mount flags and hence fsgroup of pod should be made available to CSI driver in nodePublish
-    // and nodeStage CSI RPC calls.
-    OnMountFSGroupPolicy FSGroupPolicy = "Mount" <--- new change
-
-    NoneFSGroupPolicy FSGroupPolicy = "None"
-)
-```
-
-If `CSIDriver.Spec.FSGroupPolicy` is set to `Mount` then pod's fsGroup will be supplied to the CSI driver in nodeStage/nodePublish driver RPC
-calls. `FSGroupChangePolicy` of pod will not have any effect because no recursive ownership and permission change is necessary.
-The exact mechanism of supplying `fsGroup` to CSI driver is still being worked out and is not part of 1.20 beta milestone for this feature.
-
-We are currently considering three alternatives for supplying fsGroup to `NodeStage` and `NodePublish` RPC calls:
-
-- Update CSI spec to have explicit field for supplying gid during `NodeStage` and `NodePublish` RPC call. This is being discussed in - https://github.com/container-storage-interface/spec/issues/449
-- We could supply fsGroup of the pod to CSI driver via volume attributes of the form - `csi.storage.k8s.io/pod.fsGroup: 1234`. The problem with this option is - this would make create a coupling between CSI driver and Kubernetes.
-- A third option is to supply fsGroup as existing mount flag support. The problem with this approach is - CO(Kubernetes) does not know how to format gid mount option string and choosing one particular way of formatting it, would stop us from supporting different CSI drivers which need similar parameters.
-
-
 ### Risks and Mitigations
 
 - One of the risks is if user volume's permission was previously changed using old algorithm(which changes permission of top level directory first) and user opts in for `OnRootMismatch` `FSGroupChangePolicy` then we can't distinguish if the volume was previously only partially recursively chown'd.

keps/sig-storage/695-skip-permission-change/kep.yaml

@@ -15,6 +15,7 @@ creation-date: 2020-01-20
 last-updated: 2020-01-20
 status: implementable
 see-also:
+  - https://github.com/kubernetes/enhancements/issues/1682
 replaces:
 superseded-by:
 
@@ -28,3 +29,4 @@ feature-gates:
     components:
       - kube-apiserver
       - kubelet
+