Kubernetes 1.29: CSI Storage Resizing Authenticated and Generally Available in v1.29

Kubernetes v1.29 introduces generally available authentication for CSI storage resizing. This allows CSI drivers to require credentials for expanding volumes, addressing limitations for node-level expansion and validation of backend storage size. The feature is enabled by default and integrated into the CSI external-provisioner sidecar controller. To use it, ensure your controller is v3.3.0 or above and provide credentials via a Kubernetes Secret in the StorageClass. Credentials can be specified as a Secret with username and password data, and referenced in the StorageClass using the `csi.storage.k8s.io/node-expand-secret-name` and `csi.storage.k8s.io/node-expand-secret-namespace` parameters. Use cases for authenticated resizing include expanding encrypted block storage and validating the actual size of backend storage before node-level filesystem expansion. The enhancement proposal provides detailed information about the feature's history and implementation. Kubernetes v1.29 also allows CSI drivers to validate the actual size of backend block storage before node-level filesystem expansion. For encrypted block storage, a passphrase is required to expand the device and grow the filesystem. The Kubernetes Storage SIG encourages contributions and welcomes feedback on this feature. Documentation for StorageClass-based dynamic provisioning and PersistentVolumes is available. Contributors are encouraged to join the Kubernetes Storage SIG to participate in shaping the future of Kubernetes storage.