Summary

I was looking at the executor plugins spec definition, which is basically subset of the containers definition. I was wondering if we should also extend the spec with the Volumes definition or is there an security issue with that? I am mostly after a way how I could mount secrets/config maps volumes inside the plugin(s).

Use Cases

apiVersion: argoproj.io/v1alpha1
kind: ExecutorPlugin
metadata:
  name: hello
spec:
  sidecar:
    volumes:
      - name: secret-volume
        secret:
          secretName: dotfile-secret
    container:
      ...
      volumeMounts:
      - name: secret-volume
        readOnly: true
        mountPath: "/etc/secret-volume"
      ...

I believe there is value in having access to secret volumes, which can be managed through ESO for specific use cases where you want to dynamically manage secrets for plugins.

Message from the maintainers:

Love this feature request? Give it a 👍. We prioritise the proposals with the most 👍.

If no disagreement happy to provide the code implementation.