diff --git a/content/v1/_index.md b/content/v1/_index.md index aacc25bd27..0570d6316b 100644 --- a/content/v1/_index.md +++ b/content/v1/_index.md @@ -1,14 +1,25 @@ + --- -title: "Documentation" -linkTitle: "Documentation" +title: "Container Storage Modules" +linkTitle: "Container Storage Modules" +weight: 20 +menu: + main: + weight: 20 +no_list: true --- {{% pageinfo color="primary" %}} -This document version is no longer actively maintained. The site that you are currently viewing is an archived snapshot. For up-to-date documentation, see the [latest version](/csm-docs/) -The CSM Authorization RPM will be deprecated in a future release. It is highly recommended that you use CSM Authorization Helm deployment or CSM Operator going forward. +1. Dell CSM Volume Group Snapshotter will be deprecated in CSM 1.14 (May 2025) and will no longer be supported. + +2. {{< message text="1" >}} + +3. {{< message text="5" >}} {{% /pageinfo %}} -The Dell Technologies (Dell) Container Storage Modules (CSM) enables simple and consistent integration and automation experiences, extending enterprise storage capabilities to Kubernetes for cloud-native stateful applications. It reduces management complexity so developers can independently consume enterprise storage with ease and automate daily operations such as provisioning, snapshotting, replication, observability, authorization, application mobility, encryption, and resiliency. + + +The Dell Technologies (Dell) Container Storage Modules (CSM) enables simple and consistent integration and automation experiences, extending enterprise storage capabilities to Kubernetes for cloud-native stateful applications. It reduces management complexity so developers can independently consume enterprise storage with ease and automate daily operations such as provisioning, snapshotting, replication, observability, authorization, application mobility and resiliency. CSM Hex Diagram @@ -41,22 +52,8 @@ CSM is made up of multiple components including modules (enterprise capabilities {{< /card >}} {{% /cardpane %}} {{% cardpane %}} -{{< card header="[**Application Mobility**](applicationmobility/)" - footer="Supports [PowerFlex](csidriver/features/powerflex/) via Apex Navigator for Kubernetes">}} +{{< card header="[**Application Mobility**](applicationmobility/)">}} Container Storage Modules for Application Mobility provide Kubernetes administrators the ability to clone their stateful application workloads and application data to other clusters in the cloud. [...Learn more](applicationmobility/) {{< /card >}} - {{< card header="[**Encryption**](secure/encryption)" - footer="Supports PowerScale">}} - Encryption provides the capability to encrypt user data residing on volumes created by Dell CSI Drivers. - [...Learn more](secure/encryption/) - {{< /card >}} {{% /cardpane %}} -{{% cardpane %}} - {{< card header="[License](support/license/)" - footer="Required for [Encryption](secure/encryption/)">}} - The tech-preview releases of Encryption require a license. - Request a license using the [Container Storage Modules License Request](https://app.smartsheet.com/b/form/5e46fad643874d56b1f9cf4c9f3071fb) by providing the requested details. - [...Learn more](support/license/) - {{< /card >}} -{{% /cardpane %}} \ No newline at end of file diff --git a/content/v1/applicationmobility/_index.md b/content/v1/applicationmobility/_index.md index bc5913b636..66c5f768ea 100644 --- a/content/v1/applicationmobility/_index.md +++ b/content/v1/applicationmobility/_index.md @@ -7,7 +7,7 @@ Description: > --- {{% pageinfo color="primary" %}} -Application Mobility is available with [APEX Navigator for Kubernetes](https://www.dell.com/en-ca/dt/apex/storage/public-cloud/navigator.htm#kubernetes) +We are pleased to announce that Application Mobility will be available with Container Storage Modules starting early next year (2025). {{% /pageinfo %}} Container Storage Modules for Application Mobility provide Kubernetes administrators the ability to clone their stateful application workloads and application data to other clusters, either on-premise or in the cloud. diff --git a/content/v1/applicationmobility/release/_index.md b/content/v1/applicationmobility/release/_index.md index 75bbfe9842..c887b070cc 100644 --- a/content/v1/applicationmobility/release/_index.md +++ b/content/v1/applicationmobility/release/_index.md @@ -6,21 +6,18 @@ Description: > Release Notes --- {{% pageinfo color="primary" %}} -Application Mobility is available with [APEX Navigator for Kubernetes](https://www.dell.com/en-ca/dt/apex/storage/public-cloud/navigator.htm#kubernetes) +We are pleased to announce that Application Mobility will be available with Container Storage Modules starting early next year (2025). {{% /pageinfo %}} -## Release Notes - CSM Application Mobility v1.1.0 +## Release Notes - CSM Application Mobility v1.2.0 ### New Features/Changes -- [#1359 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.16 ](https://github.com/dell/csm/issues/1359) -- [#1400 - [FEATURE]: Support for Kubernetes 1.30](https://github.com/dell/csm/issues/1400) +- [#1472 - [FEATURE]: Support for Kubernetes 1.31](https://github.com/dell/csm/issues/1472) ### Fixed Issues -- [#1299 - [BUG]: Images of application mobility velero plugin and controller is not setting the correct image to the latest ](https://github.com/dell/csm/issues/1299) - ### Known Issues There are no known issues in this release. diff --git a/content/v1/authorization/Migration guide from v1 to v2/_index.md b/content/v1/authorization/Migration guide from v1 to v2/_index.md new file mode 100644 index 0000000000..823f559ad7 --- /dev/null +++ b/content/v1/authorization/Migration guide from v1 to v2/_index.md @@ -0,0 +1,184 @@ +--- +title: Authorization - v2 Migration guide +linktitle: Migration Guide From v1 to v2 +weight: 1 +description: > + CSM for Authorization v1 to v2 Migration Guide +--- +CSM for Authorization v2 has significant architectural changes that prevent a user from upgradng CSM for Authorization v1 to CSM for Authorization v2. This page provides a reference guide for migrating v1 to v2 using Powerflex as an example. + +**Before migration please note following points** + - CSM for Authorization v2 calculates the actual usage of capacity provisioned by syncing with the array. + - Volumes belonging to a tenant are identified using the **Volume Prefix** configured in csmtenant custom resource. + - Volumes without the **Volume Prefix** will not be accounted for in usage capacity calculation as ownership of the volume is unknown without the volume prefix. + - User should rename all volumes that are needed to be accounted for with the **Volume Prefix** before migration to v2. See the [Prerequisites](#prerequisites). + +## Prerequisites +### On the storage array, rename the volumes owned by each tenant with a tenant prefix. +Use [dellctl](../../support/cli/) to list the volumes owned by the tenant. +``` +# dellctl volume get --proxy --namespace +NAME VOLUME ID SIZE POOL SYSTEM ID PV NAME PV STATUS STORAGE CLASS PVC NAME NAMESPACE SNAPSHOT COUNT +k8s-4cfa97ba5d c6cfdfe000000229 8.000000 pool1 3000000000011111 k8s-4cfa97ba5d Bound vxflexos vol-create-test-vndq8 test 0 +k8s-519bb230c5 c6cfdfe20000022b 8.000000 pool1 3000000000011111 k8s-519bb230c5 Bound vxflexos vol-create-test-wc45j test 0 +k8s-ecc8381e08 c6cfdfe300000231 8.000000 pool1 3000000000011111 k8s-ecc8381e08 Bound vxflexos vol-create-test-r8ptv test 0 +k8s-cc47d7a61e c6cfdfe10000022a 8.000000 pool1 3000000000011111 k8s-cc47d7a61e Bound vxflexos vol-create-test-k8szc test 0 +k8s-76914ae62b c6cfdfdf00000223 8.000000 pool1 3000000000011111 k8s-76914ae62b Bound vxflexos vol-create-test-8sbtl test 0 +``` + +On the storage array, rename each volume with your chosen tenant prefix. For example, if you've chosen the prefix `tn1`, volume `k8s-4cfa97ba5d` should be renamed to `tn1-k8s-4cfa97ba5d`. + +## Storage Systems + +In CSM for Authorization v1 setup, list the storage to get all the storage systems configured in the environment. +Example: + +``` +karavictl storage list --admin-token admintoken.yaml --addr csm-authorization.host.com + +{ + "storage": { + "powerflex": { + "3000000000011111": { + "Endpoint": "https://1.1.1.1", + "Insecure": true, + "Password": "(omitted)", + "User": "admin" + } + } + } +} +``` +In CSM for Authorization v2, storage is created using custom resources. For each Storage in a v1 environment, create using the CR, example: + +``` +kubectl create -f controller/config/samples/csm-authorization_v1_storage.yaml +``` +```yaml +apiVersion: csm-authorization.storage.dell.com/v1 +kind: Storage +metadata: + name: powerflex +spec: + # Type of the storage system. Example: powerflex, powermax, powerscale + type: powerflex + endpoint: https://1.1.1.1 + # System ID of the backend storage array + systemID: 3000000000011111 + # Vault is the credential manager for storage arrays + vault: + identifier: vault0 + kvEngine: secret + path: csm-authorization/powerflex/3000000000011111 + # SkipCertificateValidation is the flag to skip certificate validation + skipCertificateValidation: true + # PollInterval is the polling frequency to test the storage connectivity + pollInterval: 30s +``` + +## Role and Role Binding + +In CSM for Authorization v2, role creation is simpler. User will not be required to bind the role, only thing user needs to do is create roles that are needed. + +List all the roles that are created in CSM for Authorization v1 setup. +Example: +``` +karavictl role list --admin-token admintoken.yaml --addr csm-authorization.host.com +``` +``` +{ + "CSIGold": [ + { + "storage_system_id": "3000000000011111", + "pool_quotas": [ + { + "pool": "mypool", + "quota": 32000000 + } + ] + } + ], + "CSISilver": [ + { + "storage_system_id": "3000000000011111", + "pool_quotas": [ + { + "pool": "mypool", + "quota": 16000000 + } + ] + } + ] +} +``` +In CSM for Authorization v2, roles are created using custom resources. For each role in a v1 environment, create using the CR, example: +``` +kubectl create -f controller/config/samples/csm-authorization_v1_csmrole.yaml +``` +```yaml +apiVersion: csm-authorization.storage.dell.com/v1 +kind: CSMRole +metadata: + name: CSIGold +spec: + quota: 3200GiB + systemID: 3000000000011111 + systemType: powerflex + pool: pool1 +``` +```yaml +apiVersion: csm-authorization.storage.dell.com/v1 +kind: CSMRole +metadata: + name: CSISilver +spec: + quota: 1600GiB + systemID: 3000000000011111 + systemType: powerflex + pool: pool2 +``` + +## Tenant + +List all the tenants in v1 setup and all those tenants should be created in v2 setup. +List tenants in v1 setup, example: +``` +karavictl tenant list --admin-token admintoken.yaml --addr csm-authorization.host.com +``` +``` +{ + "tenants": [ + { + "name": "Alice" + } + ] +} +``` +Get detail of each tenant, example: +``` +karavictl tenant get --name Alice --admin-token admintoken.yaml --addr csm-authorization.host.com +``` +``` +{ + "name": "Alice" + "roles": "CSIGold,CSISilver" + "approvesdc": true +} +``` +In CSM for Authorization v2, tenants are created using custom resources. The `spec.volumePrefix` field must be the prefix used in the prerequisite step of renaming the storage array volumes. For each tenant in a v1 environment, create using the CR, example: +``` +kubectl create -f controller/config/samples/csm-authorization_v1_csmtenant.yaml +``` +csm-authorization_v1_csmtenant.yaml file will look like following example: +```yaml +apiVersion: csm-authorization.storage.dell.com/v1 +kind: CSMTenant +metadata: + name: Alice +spec: + # Roles defines a comma separated list of Roles for this tenant + roles: CSIGold,CSISilver + approveSdc: true + revoke: false + volumePrefix: tn1 +``` \ No newline at end of file diff --git a/content/v1/authorization/_index.md b/content/v1/authorization/_index.md index a1b5c26051..52b88d8c1c 100644 --- a/content/v1/authorization/_index.md +++ b/content/v1/authorization/_index.md @@ -6,7 +6,7 @@ Description: > Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization --- -[Container Storage Modules](https://github.com/dell/csm) (CSM) for Authorization is part of the open-source suite of Kubernetes storage enablers for Dell products. +[Container Storage Modules](https://github.com/dell/csm) (CSM) for Authorization is part of the open-source suite of Kubernetes storage enablers for Dell products. CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell CSI Drivers. It does this by deploying a proxy between the CSI driver and the storage system to enforce role-based access and usage rules. @@ -14,4 +14,6 @@ Storage administrators of compatible storage platforms will be able to apply quo Kubernetes administrators will have an interface to create, delete, and manage roles/groups that storage rules may be applied. Administrators and/or users may then generate authentication tokens that may be used by tenants to use storage with proper access policies being automatically enforced. -Currently, we have two versions of Authorization, **v1.x GA** and **v2.0 Tech Preview**. \ No newline at end of file +Currently, we have two versions of Authorization, **v1.x** and **v2.x**. **v2.x is not backward compatible with v1.x versions**. + +**Deprecation Notice Pre-Wire: Starting with CSM 1.13, Authorization v1.x will be deprecated and will be officially discontinued by CSM 1.15 in September 2025. Please migrate to Authorization v2.0 before then to avoid any issues using the v2 Migration guide linked below.** diff --git a/content/v1/authorization/v1.x GA/Backup and Restore/_index.md b/content/v1/authorization/v1.x/Backup and Restore/_index.md similarity index 100% rename from content/v1/authorization/v1.x GA/Backup and Restore/_index.md rename to content/v1/authorization/v1.x/Backup and Restore/_index.md diff --git a/content/v2/authorization/Backup and Restore/helm/_index.md b/content/v1/authorization/v1.x/Backup and Restore/helm/_index.md similarity index 96% rename from content/v2/authorization/Backup and Restore/helm/_index.md rename to content/v1/authorization/v1.x/Backup and Restore/helm/_index.md index e4ecfec456..dacb0b7919 100644 --- a/content/v2/authorization/Backup and Restore/helm/_index.md +++ b/content/v1/authorization/v1.x/Backup and Restore/helm/_index.md @@ -4,6 +4,9 @@ linktitle: Helm description: > Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization Helm backup and restore --- +{{% pageinfo color="primary" %}} +{{< message text="5" >}} +{{% /pageinfo %}} ## Roles @@ -117,4 +120,4 @@ volumes: claimName: redis-backup ``` -Once saved, Redis will now use the backup volume. \ No newline at end of file +Once saved, Redis will now use the backup volume. diff --git a/content/v2/authorization/Backup and Restore/rpm/_index.md b/content/v1/authorization/v1.x/Backup and Restore/rpm/_index.md similarity index 94% rename from content/v2/authorization/Backup and Restore/rpm/_index.md rename to content/v1/authorization/v1.x/Backup and Restore/rpm/_index.md index 8a2ff7ebfd..ca2b044b08 100644 --- a/content/v2/authorization/Backup and Restore/rpm/_index.md +++ b/content/v1/authorization/v1.x/Backup and Restore/rpm/_index.md @@ -6,7 +6,7 @@ description: > --- {{% pageinfo color="primary" %}} -The CSM Authorization RPM is no longer actively maintained or supported. It will be deprecated in a future release. It is highly recommended that you use CSM Authorization Helm deployment or CSM Operator going forward. +{{< message text="5" >}} {{% /pageinfo %}} ## Roles diff --git a/content/v1/authorization/v1.x/_index.md b/content/v1/authorization/v1.x/_index.md new file mode 100644 index 0000000000..bbbd4fa0f5 --- /dev/null +++ b/content/v1/authorization/v1.x/_index.md @@ -0,0 +1,66 @@ +--- +title: Authorization - v1.x +linktitle: v1.x +weight: 4 +Description: > + Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization v1.x. +tags: + - csm-authorization +--- + +{{% pageinfo color="primary" %}} +{{< message text="5" >}} +{{% /pageinfo %}} + +The following diagram shows a high-level overview of CSM for Authorization with a `tenant-app` that is using a CSI driver to perform storage operations through the CSM for Authorization `proxy-server` to access the a Dell storage system. All requests from the CSI driver will contain the token for the given tenant that was granted by the Storage Administrator. + +![CSM for Authorization](./karavi-authorization-example.png "CSM for Authorization") + +## CSM for Authorization Capabilities +{{}} +| Feature | PowerFlex | PowerMax | PowerScale | Unity XT | PowerStore | +| - | - | - | - | - | - | +| Ability to set storage quota limits to ensure k8s tenants are not overconsuming storage | Yes | Yes | No (natively supported) | No | No | +| Ability to create access control policies to ensure k8s tenant clusters are not accessing storage that does not belong to them | Yes | Yes | No (natively supported) | No | No | +| Ability to shield storage credentials from Kubernetes administrators ensuring credentials are only handled by storage admins | Yes | Yes | Yes | No | No | +{{
}} + +**NOTE:** PowerScale OneFS implements its own form of Role-Based Access Control (RBAC). CSM for Authorization does not enforce any role-based restrictions for PowerScale. To configure RBAC for PowerScale, refer to the PowerScale OneFS [documentation](https://www.dell.com/support/home/en-us/product-support/product/isilon-onefs/docs). + +## Authorization Components Support Matrix +CSM for Authorization consists of 2 components - The authorization sidecar, bundled with the driver, communicates with the Authorization proxy server to validate access to Storage platforms. The authorization sidecar is backward compatible with older Authorization proxy server versions. However, it is highly recommended to have the Authorization proxy server and sidecar installed from the same release of CSM. + +**NOTE:** If the deployed CSI driver has a number of controller pods equal to the number of schedulable nodes in your cluster, CSM for Authorization may not be able to inject properly into the driver's controller pod. +To resolve this, please refer to our [troubleshooting guide](./troubleshooting) on the topic. + +## Roles and Responsibilities + +The CSM for Authorization CLI can be executed in the context of the following roles: +- Storage Administrators +- Kubernetes Tenant Administrators + +### Storage Administrators + +Storage Administrators can perform the following operations within CSM for Authorization + +- Tenant Management (create, get, list, delete, bind roles, unbind roles) +- Token Management (generate, revoke) +- Storage System Management (create, get, list, update, delete) +- Storage Access Roles Management (assign to a storage system with an optional quota) + +### Tenant Administrators + +Tenants of CSM for Authorization can use the token provided by the Storage Administrators in their storage requests. + +### Workflow + +1) Tenant Admin requests storage from a Storage Admin. +2) Storage Admin uses CSM Authorization CLI to:
+ a) Create a tenant resource.
+ b) Create a role permitting desired storage access.
+ c) Assign the role to the tenant and generate a token.
+3) Storage Admin returns a token to the Tenant Admin. +4) Tenant Admin inputs the Token into their Kubernetes cluster as a Secret. +5) Tenant Admin updates CSI driver with CSM Authorization sidecar module. + +![CSM for Authorization Workflow](./design2.png "CSM for Authorization Workflow") diff --git a/content/v2/authorization/cli.md b/content/v1/authorization/v1.x/cli.md similarity index 99% rename from content/v2/authorization/cli.md rename to content/v1/authorization/v1.x/cli.md index 8f13774355..62823c8ca6 100644 --- a/content/v2/authorization/cli.md +++ b/content/v1/authorization/v1.x/cli.md @@ -7,7 +7,7 @@ description: > --- {{% pageinfo color="primary" %}} -The CSM Authorization karavictl CLI is no longer actively maintained or supported. It will be deprecated in CSM 2.0. +{{< message text="5" >}} {{% /pageinfo %}} karavictl is a command-line interface (CLI) used to interact with and manage your Container Storage Modules (CSM) Authorization deployment. @@ -1089,4 +1089,4 @@ karavictl tenant update [flags] karavictl tenant update --name Alice --approvesdc=false --admin-token admintoken.yaml --addr csm-authorization.host.com ``` -On success, there will be no output. You may run `karavictl tenant get --name ` to confirm the update was persisted. \ No newline at end of file +On success, there will be no output. You may run `karavictl tenant get --name ` to confirm the update was persisted. diff --git a/content/v1/authorization/v1.x GA/configuration/_index.md b/content/v1/authorization/v1.x/configuration/_index.md similarity index 100% rename from content/v1/authorization/v1.x GA/configuration/_index.md rename to content/v1/authorization/v1.x/configuration/_index.md diff --git a/content/v2/authorization/configuration/powerflex/_index.md b/content/v1/authorization/v1.x/configuration/powerflex/_index.md similarity index 80% rename from content/v2/authorization/configuration/powerflex/_index.md rename to content/v1/authorization/v1.x/configuration/powerflex/_index.md index 06c0e803cc..f666291acd 100644 --- a/content/v2/authorization/configuration/powerflex/_index.md +++ b/content/v1/authorization/v1.x/configuration/powerflex/_index.md @@ -55,7 +55,7 @@ Given a setup where Kubernetes, a storage system, and the CSM for Authorization **Helm** - Refer to the [Install the Driver](../../../deployment/helm/drivers/installation/powerflex/#install-the-driver) section to edit the parameters in `samples/config.yaml` to configure the driver to communicate with the CSM Authorization sidecar. + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powerflex/#install-the-driver) section to edit the parameters in `samples/config.yaml` to configure the driver to communicate with the CSM Authorization sidecar. - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. @@ -78,7 +78,7 @@ Given a setup where Kubernetes, a storage system, and the CSM for Authorization **Operator** - Refer to the [Create Secret](../../../deployment/csmoperator/drivers/powerflex/#create-secret) section to prepare `secret.yaml` to configure the driver to communicate with the CSM Authorization sidecar. + Refer to the [Create Secret](../../../../deployment/csmoperator/drivers/powerflex/#create-secret) section to prepare `secret.yaml` to configure the driver to communicate with the CSM Authorization sidecar. - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. @@ -102,7 +102,7 @@ Given a setup where Kubernetes, a storage system, and the CSM for Authorization **Helm** - Refer to the [Install the Driver](../../../deployment/helm/drivers/installation/powerflex/#install-the-driver) section to edit the parameters in `myvalues.yaml` to enable CSM Authorization. + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powerflex/#install-the-driver) section to edit the parameters in `myvalues.yaml` to enable CSM Authorization. - Update `authorization.enabled` to `true`. @@ -119,8 +119,8 @@ Given a setup where Kubernetes, a storage system, and the CSM for Authorization enabled: true # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.10.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.10.0 + # Default value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 # proxyHost: hostname of the csm-authorization server # Default value: None @@ -136,7 +136,7 @@ Given a setup where Kubernetes, a storage system, and the CSM for Authorization **Operator** - Refer to the [Install Driver](../../../deployment/csmoperator/drivers/powerflex/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. + Refer to the [Install Driver](../../../../deployment/csmoperator/drivers/powerflex/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. Under `modules`, enable the module named `authorization`: @@ -156,10 +156,10 @@ Given a setup where Kubernetes, a storage system, and the CSM for Authorization - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -170,6 +170,9 @@ Given a setup where Kubernetes, a storage system, and the CSM for Authorization value: "true" ``` + Alternatively, you can use the minimal sample files provided + [here](https://github.com/dell/csm-operator/tree/main/samples/minimal-samples) and install the module using default values + 6. Install the Dell CSI PowerFlex driver following the appropriate documenation for your installation method. -7. (Optional) Install [dellctl](../../../support/cli/#installation-instructions) to perform Kubernetes administrator commands for additional capabilities (e.g., list volumes). Please refer to the [dellctl documentation page](../../../support/cli) for the installation steps and command list. \ No newline at end of file +7. (Optional) Install [dellctl](../../../../support/cli/#installation-instructions) to perform Kubernetes administrator commands for additional capabilities (e.g., list volumes). Please refer to the [dellctl documentation page](../../../../support/cli) for the installation steps and command list. diff --git a/content/v2/authorization/configuration/powermax/_index.md b/content/v1/authorization/v1.x/configuration/powermax/_index.md similarity index 71% rename from content/v2/authorization/configuration/powermax/_index.md rename to content/v1/authorization/v1.x/configuration/powermax/_index.md index 4003f65efd..1295bb508c 100644 --- a/content/v2/authorization/configuration/powermax/_index.md +++ b/content/v1/authorization/v1.x/configuration/powermax/_index.md @@ -55,17 +55,17 @@ Create the karavi-authorization-config secret using this command: **Helm** - Refer to the [Install the Driver](../../../deployment/helm/drivers/installation/powermax/#install-the-driver) section where you edit `samples/secret/secret.yaml` with the credentials of the PowerMax. Leave `username` and `password` with the default values as they will be ignored. + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powermax/#install-the-driver) section where you edit `samples/secret/secret.yaml` with the credentials of the PowerMax. Leave `username` and `password` with the default values as they will be ignored. **Operator** - Refer to the [Install the Driver](../../../deployment/csmoperator/drivers/powermax/#install-driver) section to prepare `powermax-creds.yaml`. Leave `username` and `password` with the default values as they will be ignored. + Refer to the [Install the Driver](../../../../deployment/csmoperator/drivers/powermax/#install-driver) section to prepare `powermax-creds.yaml`. Leave `username` and `password` with the default values as they will be ignored. 5. Enable CSM Authorization in the driver installation applicable to your installation method. **Helm** - Refer to the [Install the Driver](../../../deployment/helm/drivers/installation/powermax/#install-the-driver) section to edit the parameters in `my-powermax-settings.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powermax/#install-the-driver) section to edit the parameters in `my-powermax-settings.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. - Update `global.storageArrays.endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. @@ -79,6 +79,8 @@ Create the karavi-authorization-config secret using this command: - Update `authorization.skipCertificateValidation` to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + - Update `csireverseproxy.deployAsSidecar` to `true`. + Example: ```yaml @@ -89,12 +91,20 @@ Create the karavi-authorization-config secret using this command: managementServers: - endpoint: https://localhost:9400 + csireverseproxy: + # Set enabled to true if you want to deploy csireverseproxy as sidecar + # Allowed values: + # "true" - CSI reverse proxy will be deployed as a sidecar + # "false" - CSI reverse proxy will be deployed along with driver + # Default value: "true" + deployAsSidecar: true + authorization: enabled: true # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.10.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.10.0 + # Default value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 # proxyHost: hostname of the csm-authorization server # Default value: None @@ -110,7 +120,7 @@ Create the karavi-authorization-config secret using this command: **Operator** - Refer to the [Install Driver](../../../deployment/csmoperator/drivers/powermax/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. + Refer to the [Install Driver](../../../../deployment/csmoperator/drivers/powermax/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. Under `modules`, enable the module named `authorization`: @@ -122,18 +132,30 @@ Create the karavi-authorization-config secret using this command: - Update the `SKIP_CERTIFICATE_VALIDATION` environment value to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + - Update the `DeployAsSidecar` environment variable for the `csipowermax-reverseproxy` component to `true`. + Example: ```yaml modules: + - name: csireverseproxy + # enabled: Always set to true + enabled: true + forceRemoveModule: true + configVersion: v2.11.0 + components: + - name: csipowermax-reverseproxy + envs: + - name: "DeployAsSidecar" + value: "true" # Authorization: enable csm-authorization for RBAC - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -144,6 +166,9 @@ Create the karavi-authorization-config secret using this command: value: "true" ``` + Alternatively, you can use the minimal sample files provided + [here](https://github.com/dell/csm-operator/tree/main/samples/minimal-samples) and install the module using default values + 5. Install the Dell CSI PowerMax driver following the appropriate documenation for your installation method. -6. (Optional) Install [dellctl](../../../support/cli/#installation-instructions) to perform Kubernetes administrator commands for additional capabilities (e.g., list volumes). Please refer to the [dellctl documentation page](../../../support/cli) for the installation steps and command list. \ No newline at end of file +6. (Optional) Install [dellctl](../../../../support/cli/#installation-instructions) to perform Kubernetes administrator commands for additional capabilities (e.g., list volumes). Please refer to the [dellctl documentation page](../../../../support/cli) for the installation steps and command list. diff --git a/content/v2/authorization/configuration/powerscale/_index.md b/content/v1/authorization/v1.x/configuration/powerscale/_index.md similarity index 80% rename from content/v2/authorization/configuration/powerscale/_index.md rename to content/v1/authorization/v1.x/configuration/powerscale/_index.md index 58c0f19c91..142491b30c 100644 --- a/content/v2/authorization/configuration/powerscale/_index.md +++ b/content/v1/authorization/v1.x/configuration/powerscale/_index.md @@ -56,7 +56,7 @@ kubectl -n isilon create secret generic karavi-authorization-config --from-file= **Helm** - Refer to the [Install the Driver](../../../deployment/helm/drivers/installation/isilon/#install-the-driver) section to edit the parameters to prepare the `samples/secret/secret.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/isilon/#install-the-driver) section to edit the parameters to prepare the `samples/secret/secret.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. @@ -82,7 +82,7 @@ kubectl -n isilon create secret generic karavi-authorization-config --from-file= **Operator** - Refer to the [Prerequisite](../../../deployment/csmoperator/drivers/powerscale/#prerequisite) section to prepare the `secret.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. + Refer to the [Prerequisite](../../../../deployment/csmoperator/drivers/powerscale/#prerequisite) section to prepare the `secret.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. @@ -110,7 +110,7 @@ kubectl -n isilon create secret generic karavi-authorization-config --from-file= **Helm** - Refer to the [Install the Driver](../../../deployment/helm/drivers/installation/isilon/#install-the-driver) section to edit the parameters in `my-isilon-settings.yaml` file to enable CSM Authorization. + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/isilon/#install-the-driver) section to edit the parameters in `my-isilon-settings.yaml` file to enable CSM Authorization. - Update `authorization.enabled` to `true`. @@ -127,8 +127,8 @@ kubectl -n isilon create secret generic karavi-authorization-config --from-file= enabled: true # sidecarProxyImage: the container image used for the csm-authorization-sidecar. - # Default value: dellemc/csm-authorization-sidecar:v1.10.0 - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.10.0 + # Default value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 # proxyHost: hostname of the csm-authorization server # Default value: None @@ -144,7 +144,7 @@ kubectl -n isilon create secret generic karavi-authorization-config --from-file= **Operator** - Refer to the [Install Driver](../../../deployment/csmoperator/drivers/powerscale/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. + Refer to the [Install Driver](../../../../deployment/csmoperator/drivers/powerscale/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. Under `modules`, enable the module named `authorization`: @@ -162,10 +162,10 @@ kubectl -n isilon create secret generic karavi-authorization-config --from-file= - name: authorization # enable: Enable/Disable csm-authorization enabled: true - configVersion: v1.10.0 + configVersion: v1.12.0 components: - name: karavi-authorization-proxy - image: dellemc/csm-authorization-sidecar:v1.10.0 + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.12.0 envs: # proxyHost: hostname of the csm-authorization server - name: "PROXY_HOST" @@ -176,6 +176,9 @@ kubectl -n isilon create secret generic karavi-authorization-config --from-file= value: "true" ``` + Alternatively, you can use the minimal sample files provided + [here](https://github.com/dell/csm-operator/tree/main/samples/minimal-samples) and install the module using default values + 6. Install the Dell CSI PowerScale driver following the appropriate documenation for your installation method. -7. (Optional) Install [dellctl](../../../support/cli/#installation-instructions) to perform Kubernetes administrator commands for additional capabilities (e.g., list volumes). Please refer to the [dellctl documentation page](../../../support/cli) for the installation steps and command list. \ No newline at end of file +7. (Optional) Install [dellctl](../../../../support/cli/#installation-instructions) to perform Kubernetes administrator commands for additional capabilities (e.g., list volumes). Please refer to the [dellctl documentation page](../../../../support/cli) for the installation steps and command list. diff --git a/content/v1/authorization/v1.x GA/configuration/proxy-server/_index.md b/content/v1/authorization/v1.x/configuration/proxy-server/_index.md similarity index 100% rename from content/v1/authorization/v1.x GA/configuration/proxy-server/_index.md rename to content/v1/authorization/v1.x/configuration/proxy-server/_index.md diff --git a/content/v1/authorization/v1.x GA/design.md b/content/v1/authorization/v1.x/design.md similarity index 100% rename from content/v1/authorization/v1.x GA/design.md rename to content/v1/authorization/v1.x/design.md diff --git a/content/v1/authorization/v1.x GA/design1.png b/content/v1/authorization/v1.x/design1.png similarity index 100% rename from content/v1/authorization/v1.x GA/design1.png rename to content/v1/authorization/v1.x/design1.png diff --git a/content/v1/authorization/v1.x GA/design2.png b/content/v1/authorization/v1.x/design2.png similarity index 100% rename from content/v1/authorization/v1.x GA/design2.png rename to content/v1/authorization/v1.x/design2.png diff --git a/content/v1/authorization/v1.x GA/karavi-authorization-example.png b/content/v1/authorization/v1.x/karavi-authorization-example.png similarity index 100% rename from content/v1/authorization/v1.x GA/karavi-authorization-example.png rename to content/v1/authorization/v1.x/karavi-authorization-example.png diff --git a/content/v1/authorization/v1.x/release/_index.md b/content/v1/authorization/v1.x/release/_index.md new file mode 100644 index 0000000000..5b44bd05fe --- /dev/null +++ b/content/v1/authorization/v1.x/release/_index.md @@ -0,0 +1,21 @@ +--- +title: "Release notes" +linkTitle: "Release notes" +weight: 6 +Description: > + Dell Container Storage Modules (CSM) release notes for authorization +--- + +## Release Notes - CSM Authorization 1.12.0 + +{{% pageinfo color="primary" %}} +{{< message text="5" >}} +{{% /pageinfo %}} + +### New Features/Changes + +### Fixed Issues + +### Known Issues +| Issue | Workaround | +|-------|------------| diff --git a/content/v2/authorization/troubleshooting.md b/content/v1/authorization/v1.x/troubleshooting.md similarity index 98% rename from content/v2/authorization/troubleshooting.md rename to content/v1/authorization/v1.x/troubleshooting.md index 08a6c6aa3d..e3ac1f18c4 100644 --- a/content/v2/authorization/troubleshooting.md +++ b/content/v1/authorization/v1.x/troubleshooting.md @@ -7,7 +7,7 @@ Description: > --- {{% pageinfo color="primary" %}} -The CSM Authorization RPM will be deprecated in a future release. It is highly recommended that you use CSM Authorization Helm deployment or CSM Operator going forward. +{{< message text="5" >}} {{% /pageinfo %}} ## RPM Deployment @@ -208,4 +208,4 @@ If you are applying a new token in an existing driver installation, restart the ```bash kubectl -n rollout restart deploy/-controller kubectl -n rollout restart ds/-node -``` \ No newline at end of file +``` diff --git a/content/v1/authorization/v2.x/_index.md b/content/v1/authorization/v2.x/_index.md new file mode 100644 index 0000000000..44b8634921 --- /dev/null +++ b/content/v1/authorization/v2.x/_index.md @@ -0,0 +1,74 @@ +--- +title: Authorization - v2.x +linktitle: v2.x +weight: 4 +Description: > + Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization v2.x. +tags: + - csm-authorization +--- + +The following diagram shows a high-level overview of CSM for Authorization with a `tenant-app` that is using a CSI driver to perform storage operations through the CSM for Authorization `proxy-server` to access the a Dell storage system. All requests from the CSI driver will contain the token for the given tenant that was granted by the Storage Administrator. + +![Alt text](image.png) + +This is the introduction to a Stateless Architecture for Authorization. The creation of storage, roles, and tenants is done through Custom Resources (CRs) which are tracked and contained within CSM Authorization. The underlying communication is consistent with the previous architecture which makes the creation of volumes and snapshots seamless. + +## CSM for Authorization Capabilities +{{}} +| Feature | PowerFlex | PowerMax | PowerScale | +| ------------------------------------------------------------------------------------------------------------------------------ | --------- | -------- | ---------- | +| Ability to set storage quota limits to ensure k8s tenants are not overconsuming storage | Yes | Yes | No | +| Ability to create access control policies to ensure k8s tenant clusters are not accessing storage that does not belong to them | Yes | Yes | No | +| Ability to shield storage credentials from Kubernetes administrators by storing them in vault | Yes | Yes | Yes | +| Ability to create snapshots from owned volumes that consume the storage quota | Yes | Yes | Yes | +| Ability to periodically query storage array to keep quota consumption in sync | Yes | Yes | No | +{{
}} + +### Snapshot Support + +As stated above, all snapshot requests that are associated with a volume that has been approved and created will go through a similar authorization processes ensuring that the snapshot fits within the allotted quota. + +```yaml +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: vol1-snapshot +spec: + volumeSnapshotClassName: vxflexos-snapclass + source: + persistentVolumeClaimName: vol1 +``` + +This will take a snapshot of the `persistent volume claim` named `vol1`. CSM Authorization will verify ownership with Redis to ensure that the tenant who is attempting to create the snapshot owns the `vol1` volume. If the tenant does own the volume, authorization will proceed to check to see if the snapshot fits within the allotted quota and add a record if it does. + +### Backend Storage Polling + +A configurable polling mechanism has been introduced to ensure that the tenant and Redis are always in sync with the backend storage configured. This is determined by the [volumePrefix](configuration#configuring-tenants) specified for the `tenant`. During polling, for each of the tenants and roles, the storage service will ensure that nothing has been removed or added by the storage admin which would lead to Redis being out of sync. + +If a volume is created with the matching `volumePrefix`, the new entry will be added to Redis and the available quota will be consumed accordingly. Similarly, if a snapshot is created from a volume that is owned by the tenant in the backend storage array, that will be added to Redis. + +Lastly, if there is any deletion on the backend storage array of a volume or snapshot that is owned by the tenant, that entry will be deleted from Redis and the available capacity will reflect accordingly. + +## Roles and Responsibilities + +The Stateless CSM Authorization contains the following roles: +- Storage Administrators +- Kubernetes Tenant Administrators + +### Storage Administrators + +Storage Administrators perform the following: + +- Storage System Management (create, get, delete) +- Role Management (create, get, delete) +- Tenant Management (create, get, delete) +- Token Management (create, revoke) + +For more information on the configuration of the above, see the configuration of the [Proxy Server](../v2.x/configuration/#configuring-storage). + +### Tenant Administrators + +Tenants of CSM for Authorization can use the token provided by the Storage Administrators in their storage requests. + +For more information on how to use the token and configuration, see configuration for the [PowerFlex driver](../v2.x/configuration/powerflex), [PowerMax driver](../v2.x/configuration/powermax), or the [PowerScale driver](../v2.x/configuration/powerscale). \ No newline at end of file diff --git a/content/v1/authorization/v2.0 Tech Preview/authorization-ha-example.png b/content/v1/authorization/v2.x/authorization-ha-example.png similarity index 100% rename from content/v1/authorization/v2.0 Tech Preview/authorization-ha-example.png rename to content/v1/authorization/v2.x/authorization-ha-example.png diff --git a/content/v1/authorization/v2.x/configuration/_index.md b/content/v1/authorization/v2.x/configuration/_index.md new file mode 100644 index 0000000000..f8f990b81a --- /dev/null +++ b/content/v1/authorization/v2.x/configuration/_index.md @@ -0,0 +1,197 @@ +--- +title: Configuration +linktitle: Configuration +weight: 2 +description: Configure CSM Authorization Proxy Server +--- +{{% pageinfo color="primary" %}} +{{< message text="1" >}} +{{% /pageinfo %}} +This section provides the details and instructions on how to configure CSM Authorization. + +## Configuring the CSM for Authorization Proxy Server + +Run `kubectl -n authorization get ingress` and `kubectl -n authorization get service` to see the Ingress rules for these services and the exposed port for accessing these services via the LoadBalancer. For example: + +```bash +kubectl -n authorization get ingress +``` +``` +NAME CLASS HOSTS ADDRESS PORTS AGE +proxy-server nginx csm-authorization.com 00, 000 86s +``` +```bash +kubectl -n authorization get service +``` +``` +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +authorization-cert-manager ClusterIP 00.000.000.000 000/TCP 28s +authorization-cert-manager-webhook ClusterIP 00.000.000.000 000/TCP 27s +authorization-ingress-nginx-controller LoadBalancer 00.000.000.000 00:00000/TCP,000:00000/TCP 27s +authorization-ingress-nginx-controller-admission ClusterIP 00.000.000.000 000/TCP 27s +proxy-server ClusterIP 00.000.000.000 000/TCP 28s +redis-csm ClusterIP 00.000.000.000 000/TCP 28s +rediscommander ClusterIP 00.000.000.000 000/TCP 27s +role-service ClusterIP 00.000.000.000 000/TCP 27s +sentinel ClusterIP 00.000.000.000 000/TCP 27s +storage-service ClusterIP 00.000.000.000 000/TCP 27s +tenant-service ClusterIP 00.000.000.000 000/TCP 28s +``` + +On the machine running `dellctl`, if the Ingress host is left default (`csm-authorization.com`) during installation or any of the hostnames don't resolve, the hostnames needs to be add to the `/etc/hosts` file. For example: + +```bash + csm-authorization.com +``` + +Afterwards, the storage administrator can configure Authorization with the following via Customer Resources (CRs): +- Storage systems +- Tenants +- Roles + +### Configuring Storage + +The storage types supported are `powerflex`, `powermax`, and `powerscale`. During the creation of a storage system and role, the storage type must be one of the supported types. + +A `storage` entity in CSM Authorization consists of the storage type (`powerflex`, `powermax` or `powerscale`), the system ID, the API endpoint, and the vault credentials path. Edit these parameters in the manifest: + + | Parameter | Description | Required | Default | + | ------------------------- | ------------------------------------------------------------------------------------ | -------- | ------- | + | type | The type of the stoage array. | Yes | - | + | endpoint | HTTPS REST API endpoint of the backend storage array. | Yes | - | + | systemID | System ID of the backend storage array. | Yes | - | + | vault.identifier | The identifier of the Vault to be used that was configured in the Authorization CR. | Yes | - | + | vault.kvEngine | The path to the KV secrets engine. | Yes | secret | + | vault.path | The location within the store that the credentials for the array are stored. | Yes | - | + | skipCertificateValidation | A boolean that enables/disables certificate validation of the backend storage array. | No | true | + | pollInterval | PollInterval is the polling frequency to test the storage connectivity. | No | 30s | + +For example, to create PowerFlex storage: + +```yaml +apiVersion: csm-authorization.storage.dell.com/v1 +kind: Storage +metadata: + name: powerflex +spec: + type: powerflex + endpoint: https://10.0.0.1 + systemID: 1000000000000000 + vault: + identifier: vault0 + kvEngine: secret + path: csm-authorization/powerflex/1000000000000000 + skipCertificateValidation: true + pollInterval: 30s +``` + +>__Note__: +> - The `systemID` can vary from storage type to storage type. Please contact the storage administrator for more details on how to obtain it. + +### Configuring Roles + +A `role` consists of a name, the storage array to use, and the quota limit for the storage pool to be used. Edit these parameters in the manifest: + + | Parameter | Description | Required | Default | + | ---------- | --------------------------------------------------------------- | -------- | ------- | + | name | The name of the role that will be used to bind with the tenant. | Yes | - | + | quota | The amount of allocated space for the specified role. | Yes | - | + | systemID | System ID of the backend storage array. | Yes | - | + | systemType | The type of the stoage array. | Yes | - | + | pool | The storage pool name. | Yes | - | + +For example, to create a role named `role1` using the PowerFlex storage created above with a quota limit of 128iB in storage pool `myStoragePool`: + +```yaml +apiVersion: csm-authorization.storage.dell.com/v1 +kind: CSMRole +metadata: + labels: + app.kubernetes.io/name: role + app.kubernetes.io/instance: role-sample + app.kubernetes.io/part-of: csm-authorization + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: csm-authorization + name: role1 +spec: + quota: 128GiB + systemID: 1000000000000000 + systemType: powerflex + pool: myStoragePool +``` + +>__Note__: +> - The `quota` must be set with iB (TiB/GiB etc). Example: 10 TiB or 512 GiB. If it is not, the quota enforcement will be inaccurate + +### Configuring Tenants + +A `tenant` is a Kubernetes cluster that a role will be bound to. Edit these parameters in the manifest: + + | Parameter | Description | Required | Default | + | ------------ | ------------------------------------------------------------------------------------------------------------------------------ | -------- | ------- | + | roles | A comma seperate list of roles that the tenant can be associated with. | Yes | - | + | approveSdc | ApproveSdc is used to enable an SDC to access the MDM while the SDC is in restricted access mode. | Yes | false | + | revoke | Revoke is a boolean to indicate whether tenant is revoked. Set to `true` to revoke the tenant but keep it in CSM Auth. | Yes | false | + | volumePrefix | The prefix that all volumes and snapshots will contain to show association with the tenant. It should not exceed 3 characters. | Yes | - | + +For example, to create a tenant named `csmtenant-sample`: + +```yaml +apiVersion: csm-authorization.storage.dell.com/v1 +kind: CSMTenant +metadata: + labels: + app.kubernetes.io/name: csmtenant + app.kubernetes.io/instance: csmtenant-sample + app.kubernetes.io/part-of: csm-authorization + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/created-by: csm-authorization + name: csmtenant-sample +spec: + roles: role1 + approveSdc: false + revoke: false + volumePrefix: tn1 + +``` + +### Generate a Token + +Once the tenant is created, an access/refresh token pair can be created for the tenant. The storage admin is responsible for generating and sending the token to the Kubernetes tenant admin. + +Generate an administrator token: + +```bash +dellctl admin token -n --access-token-expiration 1m30s --refresh-token-expiration 720h --jwt-signing-secret > admin.yaml +``` + +You can also pass in the `jwt-signing-secret` via terminal prompt by not supplying the `--jwt-signing-secret` argument: + +```bash +dellctl admin token -n --access-token-expiration 1m30s --refresh-token-expiration 720h > admin.yaml +``` + +```bash + dellctl generate token --admin-token admin.yaml --addr csm-authorization.com: --insecure true --tenant --access-token-expiration 30m0s --refresh-token-expiration 1480h0m0s > token.yaml +``` + +`token.yaml` will have a Kubernetes secret manifest that looks like this: + +```yaml +apiVersion: v1 +data: + access: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKamMyMGlMQ0psZUhBaU9qRTNNVFkwTURRd016UXNJbWR5YjNWd0lqb2lZM050ZEdWdVlXNTBMWE5oYlhCc1pTSXNJbWx6Y3lJNkltTnZiUzVrWld4c0xtTnpiU0lzSW5KdmJHVnpJam9pY205c1pURWlMQ0p6ZFdJaU9pSmpjMjB0ZEdWdVlXNTBJbjAuRmtVTGotT01mSW9rN3ZWNmFKQURXR1dva1Bsd1huT2tZeWxSclZjN2F5Zw== + refresh: ZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKamMyMGlMQ0psZUhBaU9qRTNNakUzTXpBeU16UXNJbWR5YjNWd0lqb2lZM050ZEdWdVlXNTBMWE5oYlhCc1pTSXNJbWx6Y3lJNkltTnZiUzVrWld4c0xtTnpiU0lzSW5KdmJHVnpJam9pY205c1pURWlMQ0p6ZFdJaU9pSmpjMjB0ZEdWdVlXNTBJbjAudWRYSFZ3MGg1dTdoTjZaVGJlNHgyYXRMWWhIamQta1ZtTFBVUHpXOHNIaw== +kind: Secret +metadata: + creationTimestamp: null + name: proxy-authz-tokens +type: Opaque +``` + +This secret must be applied in the driver namespace. + +>__Note__: +> - The `insecure` flag specifies to skip certificate validation when connecting to the Authorization proxy-server. +> - The `addr` flag is the address of the Authorization proxy-server. +> - The `tenant` flag specifies which tenant to generate the token for. diff --git a/content/v1/authorization/v2.x/configuration/powerflex/_index.md b/content/v1/authorization/v2.x/configuration/powerflex/_index.md new file mode 100644 index 0000000000..e484344c1a --- /dev/null +++ b/content/v1/authorization/v2.x/configuration/powerflex/_index.md @@ -0,0 +1,178 @@ +--- +title: PowerFlex +linktitle: PowerFlex +description: > + Enabling CSM Authorization for PowerFlex CSI Driver +--- +{{% pageinfo color="primary" %}} +{{< message text="1" >}} +{{% /pageinfo %}} +## Configuring PowerFlex CSI Driver with CSM for Authorization + +Given a setup where Kubernetes, a storage system, and the CSM for Authorization Proxy Server are deployed, follow these steps to configure the CSI Drivers to work with the Authorization sidecar: + +1. Apply the secret containing the tenant token data into the driver namespace. It's assumed that the Kubernetes administrator has the token secret manifest, generated by your storage administrator via [Generate a Token](../#generate-a-token), saved in `/tmp/token.yaml`. + + ```bash + kubectl apply -f /tmp/token.yaml -n vxflexos + ``` + + This takes the assumption that Powerflex will be installed in the `vxflexos` namespace. + +2. Edit these parameters in `samples/secret/karavi-authorization-config.json` file in the [CSI PowerFlex](https://github.com/dell/csi-powerflex/tree/main/samples) driver and update/add connection information for one or more backend storage arrays. In an instance where multiple CSI drivers are configured on the same Kubernetes cluster, the port range in the *endpoint* parameter must be different for each driver. + + | Parameter | Description | Required | Default | + | ------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------ | + | username | Username for connecting to the backend storage array. This parameter is ignored. | No | - | + | password | Password for connecting to to the backend storage array. This parameter is ignored. | No | - | + | intendedEndpoint | HTTPS REST API endpoint of the backend storage array. | Yes | - | + | endpoint | HTTPS localhost endpoint that the authorization sidecar will listen on. | Yes | https://localhost:9400 | + | systemID | System ID of the backend storage array. | Yes | " " | + | skipCertificateValidation | A boolean that enables/disables certificate validation of the backend storage array. This parameter is not used. | No | true | + | isDefault | A boolean that indicates if the array is the default array. This parameter is not used. | No | default value from values.yaml | + + Create the karavi-authorization-config secret using this command: + + ```bash + + kubectl -n vxflexos create secret generic karavi-authorization-config --from-file=config=samples/secret/karavi-authorization-config.json -o yaml --dry-run=client | kubectl apply -f - + ``` + +3. Create the proxy-server-root-certificate secret. + + If running in *insecure* mode, create the secret with empty data: + + ```bash + + kubectl -n vxflexos create secret generic proxy-server-root-certificate --from-literal=rootCertificate.pem= -o yaml --dry-run=client | kubectl apply -f - + ``` + + Otherwise, create the proxy-server-root-certificate secret with the appropriate file: + + ```bash + + kubectl -n vxflexos create secret generic proxy-server-root-certificate --from-file=rootCertificate.pem=/path/to/rootCA -o yaml --dry-run=client | kubectl apply -f - + ``` + +4. Prepare the driver configuration secret, applicable to your driver installation method, to communicate with the CSM Authorization sidecar. + + **Operator** + + Refer to the [Create Secret](../../../../deployment/csmoperator/drivers/powerflex/#create-secret) section to prepare `secret.yaml` to configure the driver to communicate with the CSM Authorization sidecar. + + - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. + + - Update `skipCertificateValidation` to `true`. + + - The `username` and `password` can be any value since they will be ignored. + + Example: + + ```yaml + - username: "ignored" + password: "ignored" + systemID: "ID2" + endpoint: "https://localhost:9400" + skipCertificateValidation: true + isDefault: true + mdm: "10.0.0.3,10.0.0.4" + ``` + + **Helm** + + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powerflex/#install-the-driver) section to edit the parameters in `samples/config.yaml` to configure the driver to communicate with the CSM Authorization sidecar. + + - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. + + - Update `skipCertificateValidation` to `true`. + + - The `username` and `password` can be any value since they will be ignored. + + Example: + + ```yaml + - username: "ignored" + password: "ignored" + systemID: "ID2" + endpoint: "https://localhost:9400" + skipCertificateValidation: true + isDefault: true + mdm: "10.0.0.3,10.0.0.4" + ``` + +5. Enable CSM Authorization in the driver installation applicable to your installation method. + Alternatively, you can use the minimal sample files provided [here](https://github.com/dell/csm-operator/tree/main/samples/minimal-samples) and install the module using default value. + + **Operator** + + Refer to the [Install Driver](../../../../deployment/csmoperator/drivers/powerflex/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. + + Under `modules`, enable the module named `authorization`: + + - Update the `enabled` field to `true.` + + - Update the `image` to the image of the CSM Authorization sidecar. In most cases, you can leave the default value. + + - Update the `PROXY_HOST` environment value to the hostname of the CSM Authorization Proxy Server. `csm-authorization.com` is a placeholder for the proxyHost. See the administrator of CSM for Authorization for the correct value. + + - Update the `SKIP_CERTIFICATE_VALIDATION` environment value to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + + - Do not update the `configVersion`. You will notice in the example that it is set to v1.12.0, this ensures that Operator checks on version support do not prevent deployment of the v2.0.0 version of authorization. + + Example: + + ```yaml + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v1.12.0 + components: + - name: karavi-authorization-proxy + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + ``` + + **Helm** + + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powerflex/#install-the-driver) section to edit the parameters in `myvalues.yaml` to enable CSM Authorization. + + - Update `authorization.enabled` to `true`. + + - Update `images.authorization` to the image of the CSM Authorization sidecar. In most cases, you can leave the default value. + + - Update `authorization.proxyHost` to the hostname of the CSM Authorization Proxy Server. `csm-authorization.com` is a placeholder for the proxyHost. See the administrator of CSM for Authorization for the correct value. + + - Update `authorization.skipCertificateValidation` to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + + Example: + + ```yaml + authorization: + enabled: true + + # sidecarProxyImage: the container image used for the csm-authorization-sidecar. + # Default value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + + # proxyHost: hostname of the csm-authorization server + # Default value: None + proxyHost: csm-authorization.com + + # skipCertificateValidation: certificate validation of the csm-authorization server + # Allowed Values: + # "true" - TLS certificate verification will be skipped + # "false" - TLS certificate will be verified + # Default value: "true" + skipCertificateValidation: true + ``` + +1. Install the Dell CSI PowerFlex driver following the appropriate documenation for your installation method. diff --git a/content/v1/authorization/v2.x/configuration/powermax/_index.md b/content/v1/authorization/v2.x/configuration/powermax/_index.md new file mode 100644 index 0000000000..0a7d1bbd21 --- /dev/null +++ b/content/v1/authorization/v2.x/configuration/powermax/_index.md @@ -0,0 +1,210 @@ +--- +title: PowerMax +linktitle: PowerMax +description: > + Enabling CSM Authorization for PowerMax CSI Driver +--- +{{% pageinfo color="primary" %}} +{{< message text="1" >}} +{{% /pageinfo %}} +## Configuring PowerMax CSI Driver with CSM for Authorization + +Given a setup where Kubernetes, a storage system, and the CSM for Authorization Proxy Server are deployed, follow these steps to configure the CSI Drivers to work with the Authorization sidecar: + +1. Apply the secret containing the tenant token data into the driver namespace. It's assumed that the Kubernetes administrator has the token secret manifest, generated by your storage administrator via [Generate a Token](../#generate-a-token), saved in `/tmp/token.yaml`. + + ```bash + kubectl apply -f /tmp/token.yaml -n powermax + ``` + + This takes the assumption that PowerMax will be installed in the `powermax` namespace. + +2. Edit these parameters in `samples/secret/karavi-authorization-config.json` file in the [CSI PowerMax](https://github.com/dell/csi-powermax/tree/main/samples) driver and update/add connection information for one or more backend storage arrays. In an instance where multiple CSI drivers are configured on the same Kubernetes cluster, the port range in the *endpoint* parameter must be different for each driver. + + | Parameter | Description | Required | Default | + | --------- | ----------- | -------- |-------- | + | username | Username for connecting to the backend storage array. This parameter is ignored. | No | - | + | password | Password for connecting to to the backend storage array. This parameter is ignored. | No | - | + | intendedEndpoint | HTTPS REST API endpoint of the backend storage array. | Yes | - | + | endpoint | HTTPS localhost endpoint that the authorization sidecar will listen on. | Yes | https://localhost:9400 | + | systemID | System ID of the backend storage array. | Yes | " " | + | skipCertificateValidation | A boolean that enables/disables certificate validation of the backend storage array. This parameter is not used. | No | true | + | isDefault | A boolean that indicates if the array is the default array. This parameter is not used. | No | default value from values.yaml | + + Create the karavi-authorization-config secret using this command: + + ```bash + + kubectl -n powermax create secret generic karavi-authorization-config --from-file=config=samples/secret/karavi-authorization-config.json -o yaml --dry-run=client | kubectl apply -f - + ``` + +3. Create the proxy-server-root-certificate secret. + + If running in *insecure* mode, create the secret with empty data: + + ```bash + + kubectl -n powermax create secret generic proxy-server-root-certificate --from-literal=rootCertificate.pem= -o yaml --dry-run=client | kubectl apply -f - + ``` + + Otherwise, create the proxy-server-root-certificate secret with the appropriate file: + + ```bash + + kubectl -n powermax create secret generic proxy-server-root-certificate --from-file=rootCertificate.pem=/path/to/rootCA -o yaml --dry-run=client | kubectl apply -f - + ``` + +4. Prepare the driver configuration secret, applicable to your driver installation method, to communicate with the CSM Authorization sidecar. + + **Operator** + + Refer to the [Install Driver](../../../../deployment/csmoperator/drivers/powermax/#install-driver) section to prepare `powermax-creds.yaml` to configure the driver to communicate with the CSM Authorization sidecar. + + Leave `username` and `password` with the default values as they will be ignored. + + **Helm** + + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powermax/#install-the-driver) section where you edit `samples/secret/secret.yaml` with the credentials of the PowerMax. + + Leave `username` and `password` with the default values as they will be ignored. + +5. **Operator Only**: Prepare the reverse proxy configmap using sample [here](https://github.com/dell/csm-operator/blob/main/samples/csireverseproxy/config.yaml). Fill in the appropriate values for driver configuration. + Example: config.yaml + ```yaml + mode: StandAlone # Mode for the reverseproxy, should not be changed + port: 2222 + logLevel: debug + logFormat: text + standAloneConfig: + storageArrays: + - storageArrayId: "000000000001" # arrayID + primaryURL: "https://localhost:9400" # primary unisphere for arrayID + proxyCredentialSecrets: + - powermax-creds # credential secret for primary unisphere, e.g., powermax-creds + managementServers: + - url: "https://localhost:9400" # primary unisphere endpoint + arrayCredentialSecret: powermax-creds # credential secret, e.g., powermax-creds + skipCertificateValidation: true + ``` + +6. Enable CSM Authorization in the driver installation applicable to your installation method. + Alternatively, you can use the minimal sample files provided + [here](https://github.com/dell/csm-operator/tree/main/samples/minimal-samples) and install the module using default values + + **Operator** + + Refer to the [Install Driver](../../../../deployment/csmoperator/drivers/powermax/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. + + Under `modules`, enable the module named `authorization`: + + - Update the `enabled` field to `true.` + + - Update the `image` to the image of the CSM Authorization sidecar. In most cases, you can leave the default value. + + - Update the `PROXY_HOST` environment value to the hostname of the CSM Authorization Proxy Server. `csm-authorization.com` is a placeholder for the proxyHost. See the administrator of CSM for Authorization for the correct value. + + - Update the `SKIP_CERTIFICATE_VALIDATION` environment value to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + + - Do not update the `configVersion`. You will notice in the example that it is set to v1.12.0, this ensures that Operator checks on version support do not prevent deployment of the v2.0.0-alpha authorization tech preview. + + Example: + + ```yaml + modules: + # CSI Powermax Reverseproxy is a mandatory module for Powermax + - name: csireverseproxy + # enabled: Always set to true + enabled: true + forceRemoveModule: true + configVersion: v2.11.0 + components: + - name: csipowermax-reverseproxy + # image: Define the container images used for the reverse proxy + # Default value: None + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.11.0 + envs: + # "tlsSecret" defines the TLS secret that is created with certificate + # and its associated key + # Default value: None + # Example: "tls-secret" + - name: X_CSI_REVPROXY_TLS_SECRET + value: "csirevproxy-tls-secret" + - name: X_CSI_REVPROXY_PORT + value: "2222" + - name: X_CSI_CONFIG_MAP_NAME + value: "powermax-reverseproxy-config" + # deployAsSidecar defines the way reversproxy is installed with the driver + # set it true, if csm-auth is enabled / you want it as a sidecar container + # set it false, if you want it as a deployment + - name: "DeployAsSidecar" + value: "true" + + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v1.12.0 + components: + - name: karavi-authorization-proxy + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + ``` + + **Helm** + + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/powermax/#install-the-driver) section to edit the parameters in `my-powermax-settings.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. + + - Update `global.storageArrays.endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. + + - Update `global.managementServers.endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. + + - Update `authorization.enabled` to `true`. + + - Update `images.authorization` to the image of the CSM Authorization sidecar. In most cases, you can leave the default value. + + - Update `authorization.proxyHost` to the hostname of the CSM Authorization Proxy Server. `csm-authorization.com` is a placeholder for the proxyHost. See the administrator of CSM for Authorization for the correct value. + + - Update `authorization.skipCertificateValidation` to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + + - Update `csireverseproxy.deployAsSidecar` to `true`. + + Example: + + ```yaml + global: + storageArrays: + - storageArrayId: "123456789" + endpoint: https://localhost:9400 + managementServers: + - endpoint: https://localhost:9400 + csireverseproxy: + # Set enabled to true if you want to deploy csireverseproxy as sidecar + # Allowed values: + # "true" - CSI reverse proxy will be deployed as a sidecar + # "false" - CSI reverse proxy will be deployed along with driver + # Default value: "true" + deployAsSidecar: true + authorization: + enabled: true + # sidecarProxyImage: the container image used for the csm-authorization-sidecar. + # Default value: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + # proxyHost: hostname of the csm-authorization server + # Default value: None + proxyHost: csm-authorization.com + # skipCertificateValidation: certificate validation of the csm-authorization server + # Allowed Values: + # "true" - TLS certificate verification will be skipped + # "false" - TLS certificate will be verified + # Default value: "true" + skipCertificateValidation: true + ``` + +7. Install the Dell CSI PowerMax driver following the appropriate documenation for your installation method. diff --git a/content/v1/authorization/v2.x/configuration/powerscale/_index.md b/content/v1/authorization/v2.x/configuration/powerscale/_index.md new file mode 100644 index 0000000000..6f0cfcf0f2 --- /dev/null +++ b/content/v1/authorization/v2.x/configuration/powerscale/_index.md @@ -0,0 +1,181 @@ +--- +title: PowerScale +linktitle: PowerScale +description: > + Enabling CSM Authorization for PowerScale CSI Driver +--- +{{% pageinfo color="primary" %}} +{{< message text="1" >}} +{{% /pageinfo %}} +## Configuring PowerScale CSI Driver with CSM for Authorization + +Given a setup where Kubernetes, a storage system, and the CSM for Authorization Proxy Server are deployed, follow these steps to configure the CSI Drivers to work with the Authorization sidecar: + +1. Apply the secret containing the token data into the driver namespace. It's assumed that the Kubernetes administrator has the token secret manifest, generated by your storage administrator via [Generate a Token](../#generate-a-token), saved in `/tmp/token.yaml`. + + ```console + kubectl apply -f /tmp/token.yaml -n isilon + ``` + + This takes the assumption that PowerScale will be installed in the `isilon` namespace. + +2. Edit these parameters in `samples/secret/karavi-authorization-config.json` file in [CSI PowerScale](https://github.com/dell/csi-powerscale/tree/main/samples/secret) driver and update/add connection information for one or more backend storage arrays. In an instance where multiple CSI drivers are configured on the same Kubernetes cluster, the port range in the *endpoint* parameter must be different for each driver. + + | Parameter | Description | Required | Default | + | ------------------------- | ---------------------------------------------------------------------------------------------------------------- | -------- | ------------------------------ | + | username | Username for connecting to the backend storage array. This parameter is ignored. | No | - | + | password | Password for connecting to to the backend storage array. This parameter is ignored. | No | - | + | intendedEndpoint | HTTPS REST API endpoint of the backend storage array. | Yes | - | + | endpoint | HTTPS localhost endpoint that the authorization sidecar will listen on. | Yes | https://localhost:9400 | + | systemID | Cluster name of the backend storage array. | Yes | " " | + | skipCertificateValidation | A boolean that enables/disables certificate validation of the backend storage array. This parameter is not used. | No | true | + | isDefault | A boolean that indicates if the array is the default array. This parameter is not used. | No | default value from values.yaml | + + Create the karavi-authorization-config secret using this command: + + ```bash + kubectl -n isilon create secret generic karavi-authorization-config --from-file=config=samples/secret/karavi-authorization-config.json -o yaml --dry-run=client | kubectl apply -f - + ``` + +3. Create the proxy-server-root-certificate secret. + + If running in *insecure* mode, create the secret with empty data: + + ```bash + + kubectl -n isilon create secret generic proxy-server-root-certificate --from-literal=rootCertificate.pem= -o yaml --dry-run=client | kubectl apply -f - + ``` + + Otherwise, create the proxy-server-root-certificate secret with the appropriate file: + + ```bash + + kubectl -n isilon create secret generic proxy-server-root-certificate --from-file=rootCertificate.pem=/path/to/rootCA -o yaml --dry-run=client | kubectl apply -f - + ``` + +4. Prepare the driver configuration secret, applicable to your driver installation method, to communicate with the CSM Authorization sidecar. + + **Operator** + + Refer to the [Prerequisite](../../../../deployment/csmoperator/drivers/powerscale/#prerequisite) section to prepare the `secret.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. + + - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. + + - Update `mountEndpoint` to the PowerScale OneFS API server. For example, 10.0.0.1. + + - Update `skipCertificateValidation` to `true`. + + - The `username` and `password` can be any value since they will be ignored. + + Example: + + ```yaml + isilonClusters: + - clusterName: "cluster1" + username: "ignored" + password: "ignored" + isDefault: true + endpoint: localhost + endpointPort: 9400 + mountEndpoint: 10.0.0.1 + skipCertificateValidation: true + ``` + + **Helm** + + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/isilon/#install-the-driver) section to edit the parameters to prepare the `samples/secret/secret.yaml` file to configure the driver to communicate with the CSM Authorization sidecar. + + - Update `endpoint` to match the localhost endpoint in `samples/secret/karavi-authorization-config.json`. + + - Update `mountEndpoint` to the PowerScale OneFS API server. For example, 10.0.0.1. + + - Update `skipCertificateValidation` to `true`. + + - The `username` and `password` can be any value since they will be ignored. + + Example: + + ```yaml + isilonClusters: + - clusterName: "cluster1" + username: "ignored" + password: "ignored" + isDefault: true + endpoint: localhost + endpointPort: 9400 + mountEndpoint: 10.0.0.1 + skipCertificateValidation: true + ``` + +5. Enable CSM Authorization in the driver installation applicable to your installation method. + + **Operator** + + Refer to the [Install Driver](../../../../deployment/csmoperator/drivers/powerscale/#install-driver) section to edit the parameters in the Custom Resource to enable CSM Authorization. + + Under `modules`, enable the module named `authorization`: + + - Update the `enabled` field to `true.` + + - Update the `image` to the image of the CSM Authorization sidecar. In most cases, you can leave the default value. + + - Update the `PROXY_HOST` environment value to the hostname of the CSM Authorization Proxy Server. `csm-authorization.com` is a placeholder for the proxyHost. See the administrator of CSM for Authorization for the correct value. + + - Update the `SKIP_CERTIFICATE_VALIDATION` environment value to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + + - Do not update the `configVersion`. You will notice in the example that it is set to v1.12.0, this ensures that Operator checks on version support do not prevent deployment of the v2.0.0 version of authorization. + + ```yaml + modules: + # Authorization: enable csm-authorization for RBAC + - name: authorization + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v1.12.0 + components: + - name: karavi-authorization-proxy + image: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + envs: + # proxyHost: hostname of the csm-authorization server + - name: "PROXY_HOST" + value: "csm-authorization.com" + + # skipCertificateValidation: Enable/Disable certificate validation of the csm-authorization server + - name: "SKIP_CERTIFICATE_VALIDATION" + value: "true" + ``` + + **Helm** + + Refer to the [Install the Driver](../../../../deployment/helm/drivers/installation/isilon/#install-the-driver) section to edit the parameters in `my-isilon-settings.yaml` file to enable CSM Authorization. + + - Update `authorization.enabled` to `true`. + + - Update `images.authorization` to the image of the CSM Authorization sidecar. In most cases, you can leave the default value. + + - Update `authorization.proxyHost` to the hostname of the CSM Authorization Proxy Server. `csm-authorization.com` is a placeholder for the proxyHost. See the administrator of CSM for Authorization for the correct value. + + - Update `authorization.skipCertificateValidation` to `true` or `false` depending on if you want to disable or enable certificate validation of the CSM Authorization Proxy Server. + + Example: + + ```yaml + authorization: + enabled: true + + # sidecarProxyImage: the container image used for the csm-authorization-sidecar. + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v2.0.0 + + # proxyHost: hostname of the csm-authorization server + # Default value: None + proxyHost: csm-authorization.com + + # skipCertificateValidation: certificate validation of the csm-authorization server + # Allowed Values: + # "true" - TLS certificate verification will be skipped + # "false" - TLS certificate will be verified + # Default value: "true" + skipCertificateValidation: true + ``` + +6. Install the Dell CSI PowerScale driver following the appropriate documenation for your installation method. diff --git a/content/v1/authorization/v2.0 Tech Preview/image.png b/content/v1/authorization/v2.x/image.png similarity index 100% rename from content/v1/authorization/v2.0 Tech Preview/image.png rename to content/v1/authorization/v2.x/image.png diff --git a/content/v1/authorization/v2.x/release/_index.md b/content/v1/authorization/v2.x/release/_index.md new file mode 100644 index 0000000000..97b859b2f8 --- /dev/null +++ b/content/v1/authorization/v2.x/release/_index.md @@ -0,0 +1,13 @@ +--- +title: "Release notes" +linkTitle: "Release notes" +weight: 6 +Description: > + Dell Container Storage Modules (CSM) release notes for authorization +--- + +## Release Notes - CSM Authorization 2.0.0 + +### New Features/Changes + +- [#1281 - [FEATURE]: Stateless, GitOps, HA enabled deployment of the CSM Authorization proxy server ](https://github.com/dell/csm/issues/1281) diff --git a/content/v1/authorization/v2.x/troubleshooting.md b/content/v1/authorization/v2.x/troubleshooting.md new file mode 100644 index 0000000000..00a2acdeb1 --- /dev/null +++ b/content/v1/authorization/v2.x/troubleshooting.md @@ -0,0 +1,8 @@ +--- +title: "Troubleshooting" +linkTitle: "Troubleshooting" +weight: 5 +Description: > + Troubleshooting guide +--- + diff --git a/content/v1/cosidriver/_index.md b/content/v1/cosidriver/_index.md index 97c354c9d7..318729247f 100644 --- a/content/v1/cosidriver/_index.md +++ b/content/v1/cosidriver/_index.md @@ -51,6 +51,8 @@ Dell COSI Driver is a multi-backend driver, meaning that it can connect to multi | ObjectScale | 1.2.x | {{}} +> **NOTE:** Object Scale 1.2.x is planned for End of Standard Support on January 31st 2025. Please refer Dell Support documentation for more information. We plan to support COSI driver when a new version of ObjectScale is available. + ## Bucket Lifecycle Workflow 1. Create Bucket → Delete Bucket diff --git a/content/v1/csidriver/_index.md b/content/v1/csidriver/_index.md index c99154892f..323b4ccba2 100644 --- a/content/v1/csidriver/_index.md +++ b/content/v1/csidriver/_index.md @@ -16,7 +16,7 @@ The CSI Drivers by Dell implement an interface between [CSI](https://kubernetes- {{}} | Features | PowerMax | PowerFlex | Unity XT | PowerScale | PowerStore | |--------------------------|:--------:|:---------:|:---------:|:----------:|:----------:| -| CSI Driver version | 2.11.0 | 2.11.0 | 2.11.0 | 2.11.0 | 2.11.0 | +| CSI Driver version | 2.12.0 | 2.12.0 | 2.12.0 | 2.12.0 | 2.12.0 | | Static Provisioning | yes | yes | yes | yes | yes | | Dynamic Provisioning | yes | yes | yes | yes | yes | | Expand Persistent Volume | yes | yes | yes | yes | yes | @@ -25,7 +25,7 @@ The CSI Drivers by Dell implement an interface between [CSI](https://kubernetes- | Delete Snapshot | yes for LUN
no for NFS | yes | yes | yes | yes | | [Access Mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes) for [volumeMode: Filesystem](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode)| RWO, RWOP

ROX, RWX **with NFS ONLY**| RWO, ROX, RWOP

RWX **with NFS ONLY** | RWO, ROX, RWOP

RWX **with NFS ONLY** | RWO, RWX, ROX, RWOP | RWO, RWOP

ROX, RWX **with NFS ONLY** | | Access Mode for `volumeMode: Block`| RWX, ROX, RWOP | RWX, ROX, RWOP | RWO, RWX | Not Supported | RWO, RWX, ROX, RWOP | -| CSI Volume Cloning | yes for LUN
no for NFS | yes for LUN
no for NFS | yes | yes | yes | +| CSI Volume Cloning | yes for LUN
no for NFS | yes for LUN
no for NFS | yes | yes | yes | | CSI Raw Block Volume | yes | yes | yes | no | yes | | CSI Ephemeral Volume | no | yes | yes | yes | yes | | Topology | yes | yes | yes | yes | yes | diff --git a/content/v1/csidriver/features/powerflex.md b/content/v1/csidriver/features/powerflex.md index bae17d0682..e428297fee 100644 --- a/content/v1/csidriver/features/powerflex.md +++ b/content/v1/csidriver/features/powerflex.md @@ -385,6 +385,18 @@ The CSI PowerFlex driver version 1.3 and later support the automatic deployment Refer to https://hub.docker.com/r/dellemc/sdc for supported OS versions. - There is no automated uninstallation of the SDC kernel module. Follow PowerFlex SDC documentation to manually uninstall the SDC driver from the node. +From CSM 1.12.0, you can disable automatic SDC deployment. + +By default, SDC deployment is enabled. If you do not want to deploy `sdc` with PowerFlex, it can be disabled by setting the `sdc.enabled` field to `false`. + +``` +node: + ... + sdc: + # enabled: Enable/Disable SDC + enabled: true +``` + ## Multiarray Support The CSI PowerFlex driver version 1.4 added support for managing multiple PowerFlex arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. @@ -925,6 +937,38 @@ externalAccess: "10.0.0.0/24" This means that we allow for NFS Export created by driver to be consumed by address range `10.0.0.0-10.0.0.255`. +## Configuring NFS independent of SDC + +Starting from CSM 1.12.0, the CSI PowerFlex driver supports configuring NFS independent of SDC. This separation is helpful in scenarios where an SDC is not available in the cluster or additional network interfaces do not need to be deployed. + +To disable SDC deployment, update the values file and provide the interface names mapping for each of the nodes that are being used. + +**Helm** +``` +node: + ... + sdc: + # enabled: Enable/Disable SDC + enabled: false + ... + +interfaceNames: + # worker-1-jxsjoueeewabc.domain: "ens192" + # worker-2-jxsjoueeewabc.domain: "ens192" +``` + +**Operator** +``` +common: +... + - name: INTERFACE_NAMES: 'worker-1-jxsjoueeewabc.domain: "ens192", worker-2-jxsjoueeewabc.domain: "ens192"' +... +node: +... + - name: X_CSI_SDC_ENABLED + value: "false" +``` + ## Storage Capacity Tracking CSI-PowerFlex driver version 2.8.0 and above supports Storage Capacity Tracking. diff --git a/content/v1/csidriver/features/powermax.md b/content/v1/csidriver/features/powermax.md index d26823ebd7..dbfa143e0b 100644 --- a/content/v1/csidriver/features/powermax.md +++ b/content/v1/csidriver/features/powermax.md @@ -621,7 +621,10 @@ Without storage capacity tracking, pods get scheduled on a node satisfying the t Storage capacity can be tracked by setting the attribute `storageCapacity.enabled` to true in values.yaml (set to true by default) during driver installation. To configure how often driver checks for changed capacity, set the `storageCapacity.pollInterval` attribute (set to 5m by default). In case of driver installed via operator, this interval can be configured in the sample file provided [here.](https://github.com/dell/csm-operator/blob/main/samples) by editing the `--capacity-poll-interval` argument present in the provisioner sidecar. +## Metro support +The CSI PowerMax driver supports the provisioning of Metro volumes. The process and details of how to provision and use Metro volumes can be found [here](../../../replication/high-availability). +Please note that the Metro feature does not require the deployment of the replicator sidecar or the replication controller. ## Volume Limits diff --git a/content/v1/csidriver/features/powerscale.md b/content/v1/csidriver/features/powerscale.md index 7d2d429e23..37cddb9c49 100644 --- a/content/v1/csidriver/features/powerscale.md +++ b/content/v1/csidriver/features/powerscale.md @@ -1,684 +1,684 @@ ---- -title: PowerScale -Description: Code features for PowerScale Driver -weight: 1 ---- - -## Multicluster support - -You can connect a single CSI-PowerScale driver with multiple PowerScale clusters. - -**Pre-Requisites:** - -1. Creation of secret.yaml with credentials related to one or more Clusters. -2. Creation of (at least) one Storage class for each cluster. -3. Creation of custom-volumesnapshot classes with proper isiPath matching corresponding storage classes. -4. Inclusion of cluster name in volume handle, if you want to provision existing static volumes. - -## Consuming existing volumes with static provisioning - -You can use existing volumes from the PowerScale array as Persistent Volumes in your Kubernetes, perform the following steps: - -1. Open your volume in One FS, and take a note of volume-id. -2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs. -3. In the following example, the PowerScale cluster accessZone is assumed as 'System', storage class as 'isilon', cluster name as 'pscale-cluster' and volume's internal name as 'isilonvol'. The volume-handle should be in the format of `=_=_==_=_==_=_=` -4. If Quotas are enabled in the driver, it is required to add the Quota ID to the description of the NFS export in this format: - `CSI_QUOTA_ID:sC-kAAEAAAAAAAAAAAAAQEpVAAAAAAAA` -5. Quota ID can be identified by querying the PowerScale system. - -```yaml -apiVersion: v1 -kind: PersistentVolume -metadata: - name: isilonstaticpv - namespace: default -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - storageClassName: isilon - csi: - driver: csi-isilon.dellemc.com - volumeAttributes: - Path: "/ifs/data/csi/isilonvol" - Name: "isilonvol" - AzServiceIP: 'XX.XX.XX.XX' - volumeHandle: isilonvol=_=_=652=_=_=System=_=_=pscale-cluster - claimRef: - name: isilonstaticpvc - namespace: default -``` - -3. Create PersistentVolumeClaim to use this PersistentVolume. - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: isilonstaticpvc - namespace: default -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi - volumeName: isilonstaticpv - storageClassName: isilon -``` - -4. Then use this PVC as a volume in a pod. - -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: static-prov-pod -spec: - containers: - - name: test - image: docker.io/centos:latest - command: [ "/bin/sleep", "3600" ] - volumeMounts: - - mountPath: "/data0" - name: pvol - volumes: - - name: pvol - persistentVolumeClaim: - claimName: isilonstaticpvc -``` - -5. After the pod becomes `Ready` and `Running`, you can start to use this pod and volume. - -## PVC Creation Feature - -The following yaml content can be used to create a PVC without referring any PV. - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: testvolume - namespace: default -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi - storageClassName: isilon -``` - -## Volume Snapshot Feature - -The CSI PowerScale driver version 2.0 and later supports managing v1 snapshots. - -In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: - -- Kubernetes Volume Snapshot CRDs -- Volume Snapshot Controller - -> For general use, update the snapshot controller YAMLs with an appropriate namespace before installing. For -> example, on a Vanilla Kubernetes cluster, update the namespace from default to kube-system before issuing the -> kubectl create command. - -### Volume Snapshot Class - -During the installation of CSI PowerScale driver version 2.0 and higher, no default Volume Snapshot Class will get created. - -The following are the manifests for the Volume Snapshot Class: - -1. VolumeSnapshotClass - -```yaml - -apiVersion: snapshot.storage.k8s.io/v1 -kind: VolumeSnapshotClass -metadata: - name: "isilon-snapclass" -driver: csi-isilon.dellemc.com -#The deletionPolicy of a volume snapshot class can either be Retain or Delete -#If the deletionPolicy is Delete, then the underlying storage snapshot is deleted along with the VolumeSnapshotContent object. -#If the deletionPolicy is Retain, then both the underlying snapshot and VolumeSnapshotContent remain -deletionPolicy: Delete -parameters: - #IsiPath should match with respective storageClass IsiPath - IsiPath: "/ifs/data/csi" -``` - -The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs; The following snippet assumes that the persistent volume claim name is testvolume. - -```yaml -apiVersion: snapshot.storage.k8s.io/v1 -kind: VolumeSnapshot -metadata: - name: pvcsnap - namespace: default -spec: - volumeSnapshotClassName: isilon-snapclass - source: - persistentVolumeClaimName: testvolume -``` - -Once the VolumeSnapshot has been successfully created by the CSI PowerScale driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_ , it is available for use. - -The following is the relevant section of VolumeSnapshot object status: - -```yaml -status: - boundVolumeSnapshotContentName: snapcontent-xxxxxxxxxxxxx - creationTime: "2020-07-16T08:42:12Z" - readyToUse: true -``` - -### Creating PVCs with Volume Snapshots as Source - -The following is a sample manifest for creating a PVC with a VolumeSnapshot as a source: - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: createfromsnap - namespace: default -spec: - storageClassName: isilon - dataSource: - name: pvcsnap - kind: VolumeSnapshot - apiGroup: snapshot.storage.k8s.io - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi -``` - -> Starting from CSI PowerScale driver version 2.2, different isi paths can be used to create PersistentVolumeClaim from VolumeSnapshot.This means the isi paths of the new volume and the VolumeSnapshot can be different. - -## Volume Expansion - -CSI PowerScale driver version 1.2 and later supports the expansion of Persistent Volumes (PVs). This expansion can be done either online (for example, when a PVC is attached to a node) or offline (for example, when a PVC is not attached to any node). - -To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to true. - -The following is a sample manifest for a storage class that allows for Volume Expansion: - -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: isilon-expand-sc - annotations: - storageclass.kubernetes.io/is-default-class: "false" -provisioner: "csi-isilon.dellemc.com" -reclaimPolicy: Delete -parameters: - ClusterName: - AccessZone: System - isiPath: "/ifs/data/csi" - AzServiceIP : 'XX.XX.XX.XX' - rootClientEnabled: "true" -allowVolumeExpansion: true -volumeBindingMode: Immediate -``` - -To resize a PVC, edit the existing PVC spec and set spec.resources.requests.storage to the intended size. For example, if you have a PVC isilon-pvc-demo of size 3Gi, then you can resize it to 30Gi by updating the PVC. - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: isilon-pvc-expansion-demo -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 30Gi # Updated size from 3Gi to 30Gi - storageClassName: isilon-expand-sc -``` - ->The Kubernetes Volume Expansion feature can only be used to increase the size of a volume. It cannot be used to shrink a volume. - -## Volume Cloning Feature - -The CSI PowerScale driver version 1.3 and later supports volume cloning. This allows specifying existing PVCs in the _dataSource_ field to indicate a user would like to clone a Volume. - -Source and destination PVC must be in the same namespace and have the same Storage Class. - -To clone a volume, you must first have an existing PVC: - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: existing-pvc -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 5Gi - storageClassName: isilon -``` - -The following is a sample manifest for cloning: - -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: volume-from-volume - namespace: default -spec: - accessModes: - - ReadWriteMany - volumeMode: Filesystem - resources: - requests: - storage: 50Gi - storageClassName: isilon - dataSource: - kind: PersistentVolumeClaim - name: existing-pvc - apiGroup: "" -``` - -## Controller HA - -CSI PowerScale driver version 1.4.0 and later supports running multiple replicas of the controller pod. Leader election is only applicable for all sidecar containers and driver container will be running in all controller pods. In case of a failure, one of the standby pods becomes active and takes the position of leader. This is achieved by using native leader election mechanisms utilizing `kubernetes leases`. - -Additionally by leveraging `pod anti-affinity`, no two-controller pods are ever scheduled on the same node. - -To increase or decrease the number of controller pods, edit the following value in `myvalues.yaml` file: - -```yaml -controllerCount: 2 -``` - ->**NOTE:** The default value for controllerCount is 2. It is recommended to not change this unless really required. Also, if the controller count is greater than the number of available nodes (where the pods can be scheduled), some controller pods will remain in a Pending state. - -If you are using the Dell CSM Operator, the value to adjust is: - -```yaml -replicas: 2 -``` - -For more details about configuring Controller HA using the Dell CSM Operator, see the [Dell CSM Operator documentation](../../../deployment/csmoperator/#custom-resource-specification). - -## CSI Ephemeral Inline Volume - -The CSI PowerScale driver version 1.4.0 and later supports CSI ephemeral inline volumes. - -This feature serves as use cases for data volumes whose content and lifecycle are tied to a pod. For example, a driver might populate a volume with dynamically created secrets that are specific to the application running in the pod. Such volumes need to be created together with a pod and can be deleted as part of pod termination (ephemeral). They get defined as part of the pod spec (inline). - -At runtime, nested inline volumes follow the lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed. - -The following is a sample manifest for creating CSI ephemeral Inline Volume in pod manifest with CSI PowerScale driver. - -```yaml -kind: Pod -apiVersion: v1 -metadata: - name: my-csi-app-inline-volume -spec: - containers: - - name: my-frontend - image: busybox - command: [ "sleep", "100000" ] - volumeMounts: - - mountPath: "/data" - name: my-csi-volume - volumes: - - name: my-csi-volume - csi: - driver: csi-isilon.dellemc.com - volumeAttributes: - size: "2Gi" - ClusterName: "cluster1" -``` - -This manifest creates a pod in a given cluster and attaches a newly created ephemeral inline CSI volume to it. - -**Note**: Storage class is not supported in CSI ephemeral inline volumes and all parameters are driver specific. -CSI ephemeral volumes allow users to provide volumeAttributes directly to the CSI driver as part of the Pod spec. -These `volumeAttributes` are supported: size, ClusterName, AccessZone, IsiPath, IsiVolumePathPermissions, AzServiceIP. -For reference, check the description of parameters in the following example: [isilon.yaml](https://github.com/dell/csi-powerscale/blob/main/samples/storageclass/isilon.yaml) - -## Topology - -### Topology Support - -CSI PowerScale driver version 1.4.0 and later supports Topology by default which forces volumes to be placed on worker nodes that have connectivity to the backend storage. This results in nodes which have access to PowerScale Array being appropriately labeled. The driver leverages these labels to ensure that the driver components (controller, node) are spawned only on nodes wherein these labels exist. - -This covers use cases where: - -The CSI PowerScale driver may not be installed or running on some nodes where Users have chosen to restrict the nodes on accessing the PowerScale storage array. - -We support CustomTopology which enables users to apply labels for nodes - "csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com" and expect the labels to be honored by the driver. - -When “enableCustomTopology” is set to “true”, the CSI driver fetches custom labels “csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com” applied on worker nodes, and uses them to initialize node pod with custom PowerScale FQDN/IP. - -**Note:** Only a single cluster can be configured as part of secret.yaml for custom topology. - -### Topology Usage - -To utilize the Topology feature, create a custom `StorageClass` with `volumeBindingMode` set to `WaitForFirstConsumer` and specify the desired topology labels within `allowedTopologies` field of this custom storage class. This ensures that the Pod schedule takes advantage of the topology and the selected node has access to provisioned volumes. - -**Note:** Whenever a new storage cluster is being added in secret, even though it is dynamic, the new storage cluster IP address-related label is not added to worker nodes dynamically. The user has to spin off (bounce) driver-related pods (controller and node pods) in order to apply newly added information to be reflected in worker nodes. - -**Storage Class Example with Topology Support:** - -```yaml -# This is a sample manifest for utilizing the topology feature and mount options. -# PVCs created using this storage class will be scheduled -# only on the nodes with access to Isilon - -# Change all instances of to the IP of the PowerScale OneFS API server - -# Provide mount options through "mountOptions" attribute -# to create PVCs with mount options. - -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: isilon -provisioner: csi-isilon.dellemc.com -reclaimPolicy: Delete -allowVolumeExpansion: true -parameters: - AccessZone: System - IsiPath: "/ifs/data/csi" - # AccessZone groupnet service IP. Update AzServiceIP in values.yaml if different than isiIP. - #AzServiceIP : 192.168.2.1 - # When a PVC is being created, it takes the storage class' value of "storageclass.rootClientEnabled", - # which determines, when a node mounts the PVC, in NodeStageVolume, whether to add the k8s node to - # the "Root clients" field (when true) or "Clients" field (when false) of the NFS export - RootClientEnabled: "false" - # Name of PowerScale cluster where pv will be provisioned - # This name should match with name of one of the cluster configs in isilon-creds secret - # If this parameter is not specified, then default cluster config in isilon-creds secret will be considered if available - #ClusterName: "" - -# volumeBindingMode controls when volume binding and dynamic provisioning should occur. -# Immediate mode indicates that volume binding and dynamic provisioning occurs once the PersistentVolumeClaim is created -# WaitForFirstConsumer mode will delay the binding and provisioning of a PersistentVolume -# until a Pod using the PersistentVolumeClaim is created -volumeBindingMode: WaitForFirstConsumer -# allowedTopologies helps scheduling pod on worker nodes which match all of below expressions -# If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies -allowedTopologies: - - matchLabelExpressions: - - key: csi-isilon.dellemc.com/ - values: - - csi-isilon.dellemc.com -# specify additional mount options for when a Persistent Volume is being mounted on a node. -# To mount volume with NFSv4, specify mount option vers=4. Make sure NFSv4 is enabled on the Isilon Cluster. -mountOptions: ["", "", ..., ""] -``` - -For additional information, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). - -## Support custom networks for NFS I/O traffic - -When allowedNetworks is specified for using custom networks to handle NFS traffic, and a user already -has workloads scheduled, there is a possibility that it might lead to backward compatibility issues. For example, ControllerUnPublish might not be able to completely remove clients from the NFS exports of previously created pods. - -Also, the previous workload will still be using the default network and not custom networks. For previous workloads to use custom networks, the recreation of pods is required. - -When csi-powerscale driver creates an NFS export, the traffic flows through the client specified in the export. By default, the client is the network interface for Kubernetes -communication (same IP/fqdn as k8s node) by default. - -For a cluster with multiple network interfaces and if a user wants to segregate k8s traffic from NFS traffic; you can use the `allowedNetworks` option. -`allowedNetworks` takes CIDR addresses as a parameter to match the IPs to be picked up by the driver to allow and route NFS traffic. - -## Volume Limit - -The CSI Driver for Dell PowerScale allows users to specify the maximum number of PowerScale volumes that can be used in a node. - -The user can set the volume limit for a node by creating a node label `max-isilon-volumes-per-node` and specifying the volume limit for that node. -
`kubectl label node max-isilon-volumes-per-node=` - -The user can also set the volume limit for all the nodes in the cluster by specifying the same to `maxIsilonVolumesPerNode` attribute in values.yaml. - ->**NOTE:**
The default value of `maxIsilonVolumesPerNode` is 0.
If `maxIsilonVolumesPerNode` is set to zero, then CO shall decide how many volumes of this type can be published by the controller to the node.

The volume limit specified to `maxIsilonVolumesPerNode` attribute is applicable to all the nodes in the cluster for which node label `max-isilon-volumes-per-node` is not set. - -## Storage Capacity Tracking - -CSI for PowerScale driver version 2.8.0 and above supports Storage Capacity Tracking. - -This feature helps the scheduler to make more informed choices about where to schedule pods which depends on unbound volumes with late binding (aka "wait for first consumer"). Pods will be scheduled on a node (satisfying the topology constraints) only if the requested capacity is available on the storage array. -If such a node is not available, the pods stay in Pending state. This means pods are not scheduled. - -Without storage capacity tracking, pods get scheduled on a node satisfying the topology constraints. If the required capacity is not available, volume attachment to the pods fails, and pods remain in ContainerCreating state. Storage capacity tracking eliminates unnecessary scheduling of pods when there is insufficient capacity. - -The attribute `storageCapacity.enabled` in `values.yaml` can be used to enable/disable the feature during driver installation using helm. This is by default set to true. To configure how often driver checks for changed capacity set `storageCapacity.pollInterval` attribute. In case of driver installed via operator, this interval can be configured in the sample file provided [here.](https://github.com/dell/csm-operator/blob/main/samples/) by editing the `--capacity-poll-interval` argument present in the provisioner sidecar. - -## Node selector in helm template - -Now user can define in which worker node, the CSI node pod daemonset can run (just like any other pod in Kubernetes world).For more information, refer to - -Similarly, users can define the tolerations based on various conditions like memory pressure, disk pressure and network availability. Refer to for more information. - -## Usage of SmartQuotas to Limit Storage Consumption - -CSI driver for Dell Isilon handles capacity limiting using SmartQuotas feature. - -To use the SmartQuotas feature user can specify the boolean value 'enableQuota' in myvalues.yaml or my-isilon-settings.yaml. - -Let us assume the user creates a PVC with 3 Gi of storage and 'SmartQuotas' have already been enabled in PowerScale Cluster. - -- When 'enableQuota' is set to 'true' - - The driver sets the hard limit of the PVC to 3Gi. - - The user adds data of 2Gi to the above said PVC (by logging into POD). It works as expected. - - The user tries to add 2Gi more data. - - Driver doesn't allow the user to enter more data as total data to be added is 4Gi and PVC limit is 3Gi. - - The user can expand the volume from 3Gi to 6Gi. The driver allows it and sets the hard limit of PVC to 6Gi. - - User retries adding 2Gi more data (which has been errored out previously). - - The driver accepts the data. - -- When 'enableQuota' is set to 'false' - - Driver doesn't set any hard limit against the PVC created. - - The user adds data of 2Gi to the above said PVC, which is having the size 3Gi (by logging into POD). It works as expected. - - The user tries to add 2Gi more data. Now the total size of data is 4Gi. - - Driver allows the user to enter more data irrespective of the initial PVC size (since no quota is set against this PVC) - - The user can expand the volume from an initial size of 3Gi to 4Gi or more. The driver allows it. - -If SmartQuota feature is enabled, user can also set other quota parameters such as Soft Limit , Advisory Limit and -soft grace period using storage class yaml file or pvc yaml file. - -**Storage Class Example with Quota Limit Parameters:** - -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: isilon -provisioner: csi-isilon.dellemc.com -reclaimPolicy: Delete -allowVolumeExpansion: true -parameters: - # The name of the access zone a volume can be created in - # Optional: true - # Default value: default value specified in values.yaml - # Examples: System, zone1 - AccessZone: System - - # The base path for the volumes to be created on PowerScale cluster. - # Ensure that this path exists on PowerScale cluster. - # Allowed values: unix absolute path - # Optional: true - # Default value: value specified in values.yaml for isiPath - # Examples: /ifs/data/csi, /ifs/engineering - IsiPath: /ifs/data/csi - - #Parameter to set Advisory Limit to quota - #Optional: true - #Default value: Limit not Set - #AdvisoryLimit: "50" - - #Parameter to set soft limit to quota - #Optional: true - #Default value: Limit not Set - #SoftLimit: "80" - - #Parameter which must be mentioned along with Soft Limit - #Soft Limit can be exceeded until the grace period - #Optional: true - #Default value: Limit not Set - #SoftGracePrd: "86400" - - # The permissions for isi volume directory path - # This value overrides the isiVolumePathPermissions attribute of corresponding cluster config in secret, if present - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - #IsiVolumePathPermissions: "0777" - - # AccessZone groupnet service IP. Update AzServiceIP if different than endpoint. - # Optional: true - # Default value: endpoint of the cluster ClusterName - #AzServiceIP : 192.168.2.1 - - # When a PVC is being created, this parameter determines, when a node mounts the PVC, - # whether to add the k8s node to the "Root clients" field or "Clients" field of the NFS export - # Allowed values: - # "true": adds k8s node to the "Root clients" field of the NFS export - # "false": adds k8s node to the "Clients" field of the NFS export - # Optional: true - # Default value: "false" - RootClientEnabled: "false" - -``` - -**PVC Example with Quota Limit Parameters:** - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: test-pvc -#Uncomment below 4 lines to set quota limit parameters -# labels: -# pvcSoftLimit: "10" -# pvcAdvisoryLimit: "50" -# pvcSoftGracePrd : "85400" -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: isilon -``` - -Note - -- If quota limit values are specified in both storage class yaml and PVC yaml , then values mentioned in PVC yaml will get precedence. -- If few parameters are specified in storage class yaml and few in PVC yaml , then both will be combined and applied while quota creation - For Example: If advisory limit = 30 is mentioned in storage class yaml and soft limit = 50 and soft grace period = 86400 are mentioned in PVC yaml . - Then values set in quota will be advisory limit = 30, soft limit = 50 and soft grace period =86400. - -## Dynamic Logging Configuration - -This feature is introduced in CSI Driver for PowerScale version 1.6.0 and updated in version 2.0.0 - -### Helm based installation - -As part of driver installation, a ConfigMap with the name `isilon-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. - -Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. - -To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command - -```bash -cd dell-csi-helm-installer -./csi-install.sh --namespace isilon --values ./my-isilon-settings.yaml --upgrade -``` - -Note: here my-isilon-settings.yaml is a values.yaml file which user has used for driver installation. - -### Operator based installation - -As part of driver installation, a ConfigMap with the name `isilon-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. - -To update the log level dynamically user has to edit the ConfigMap `isilon-config-params` and update `CSI_LOG_LEVEL` to the desired log level. - -```bash -kubectl edit configmap -n isilon isilon-config-params -``` - ->Note: Prior to CSI Driver for PowerScale version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. - -## NAT Support - -CSI Driver for Dell PowerScale is supported in the NAT environment. - -## Configurable permissions for volume directory - -This feature is introduced in CSI Driver for PowerScale version 2.0.0 - -### Helm based installation - -The permissions for volume directory can now be configured in 3 ways: - -1. Through values.yaml -2. Through secrets -3. Through storage class - -```yaml - # isiVolumePathPermissions: The permissions for isi volume directory path - # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret - # Allowed values: valid octal mode number - # Default value: "0777" - # Examples: "0777", "777", "0755" - isiVolumePathPermissions: "0777" -``` - -The permissions present in values.yaml are the default for all cluster config. - -If the volume permission is not present in storage class then secrets are considered and if it is not present even in secrets then values.yaml is considered. - ->**Note:**
For volume creation from source (volume from snapshot/volume from volume) permissions are inherited from source.

Create myvalues.yaml/my-isilon-settings.yaml and storage class accordingly. - -### Operator based installation - -In the case of operator-based installation, default permission for powerscale directory is present in the samples file. - -Other ways of configuring powerscale volume permissions remain the same as helm-based installation. - -## PV/PVC Metrics - -CSI Driver for Dell PowerScale 2.1.0 and above supports volume health monitoring. This allows Kubernetes to report on the condition, status and usage of the underlying volumes. -For example, if a volume were to be deleted from the array, or unmounted outside of Kubernetes, Kubernetes will now report these abnormal conditions as events. - -### This feature can be enabled - -1. Alpha feature gate `CSIVolumeHealth` needs to be enabled for the node side monitoring to take effect. For more information, please refer to the [Kubernetes GitHub repository](https://github.com/kubernetes-csi/external-health-monitor/blob/master/README.md). -2. For controller plugin, by setting attribute `controller.healthMonitor.enabled` to `true` in `values.yaml` file. Also health monitoring interval can be changed through attribute `controller.healthMonitor.interval` in `values.yaml` file. -3. For node plugin, by setting attribute `node.healthMonitor.enabled` to `true` in `values.yaml` file. - -## Single Pod Access Mode for PersistentVolumes- ReadWriteOncePod - -Use `ReadWriteOncePod(RWOP)` access mode if you want to ensure that only one pod across the whole cluster can read that PVC or write to it. This is supported for CSI Driver for PowerScale 2.1.0+ and Kubernetes version 1.22+. - -### Creating a PersistentVolumeClaim -```yaml -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: single-writer-only -spec: - accessModes: - - ReadWriteOncePod # the volume can be mounted as read-write by a single pod across the whole cluster - resources: - requests: - storage: 1Gi -``` - -When this feature is enabled, the existing `ReadWriteOnce(RWO)` access mode restricts volume access to a single node and allows multiple pods on the same node to read from and write to the same volume. - -To migrate existing PersistentVolumes to use `ReadWriteOncePod`, please follow the instruction from [here](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-access-mode-readwriteoncepod/). +--- +title: PowerScale +Description: Code features for PowerScale Driver +weight: 1 +--- + +## Multicluster support + +You can connect a single CSI-PowerScale driver with multiple PowerScale clusters. + +**Pre-Requisites:** + +1. Creation of secret.yaml with credentials related to one or more Clusters. +2. Creation of (at least) one Storage class for each cluster. +3. Creation of custom-volumesnapshot classes with proper isiPath matching corresponding storage classes. +4. Inclusion of cluster name in volume handle, if you want to provision existing static volumes. + +## Consuming existing volumes with static provisioning + +You can use existing volumes from the PowerScale array as Persistent Volumes in your Kubernetes, perform the following steps: + +1. Open your volume in One FS, and take a note of volume-id. +2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs. +3. In the following example, the PowerScale cluster accessZone is assumed as 'System', storage class as 'isilon', cluster name as 'pscale-cluster' and volume's internal name as 'isilonvol'. The volume-handle should be in the format of `=_=_==_=_==_=_=` +4. If Quotas are enabled in the driver, it is required to add the Quota ID to the description of the NFS export in this format: + `CSI_QUOTA_ID:sC-kAAEAAAAAAAAAAAAAQEpVAAAAAAAA` +5. Quota ID can be identified by querying the PowerScale system. + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: isilonstaticpv + namespace: default +spec: + capacity: + storage: 5Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + storageClassName: isilon + csi: + driver: csi-isilon.dellemc.com + volumeAttributes: + Path: "/ifs/data/csi/isilonvol" + Name: "isilonvol" + AzServiceIP: 'XX.XX.XX.XX' + volumeHandle: isilonvol=_=_=652=_=_=System=_=_=pscale-cluster + claimRef: + name: isilonstaticpvc + namespace: default +``` + +3. Create PersistentVolumeClaim to use this PersistentVolume. + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: isilonstaticpvc + namespace: default +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + volumeName: isilonstaticpv + storageClassName: isilon +``` + +4. Then use this PVC as a volume in a pod. + +```yaml +apiVersion: v1 +kind: Pod +metadata: + name: static-prov-pod +spec: + containers: + - name: test + image: docker.io/centos:latest + command: [ "/bin/sleep", "3600" ] + volumeMounts: + - mountPath: "/data0" + name: pvol + volumes: + - name: pvol + persistentVolumeClaim: + claimName: isilonstaticpvc +``` + +5. After the pod becomes `Ready` and `Running`, you can start to use this pod and volume. + +## PVC Creation Feature + +The following yaml content can be used to create a PVC without referring any PV. + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: testvolume + namespace: default +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: isilon +``` + +## Volume Snapshot Feature + +The CSI PowerScale driver version 2.0 and later supports managing v1 snapshots. + +In order to use Volume Snapshots, ensure the following components have been deployed to your cluster: + +- Kubernetes Volume Snapshot CRDs +- Volume Snapshot Controller + +> For general use, update the snapshot controller YAMLs with an appropriate namespace before installing. For +> example, on a Vanilla Kubernetes cluster, update the namespace from default to kube-system before issuing the +> kubectl create command. + +### Volume Snapshot Class + +During the installation of CSI PowerScale driver version 2.0 and higher, no default Volume Snapshot Class will get created. + +The following are the manifests for the Volume Snapshot Class: + +1. VolumeSnapshotClass + +```yaml + +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshotClass +metadata: + name: "isilon-snapclass" +driver: csi-isilon.dellemc.com +#The deletionPolicy of a volume snapshot class can either be Retain or Delete +#If the deletionPolicy is Delete, then the underlying storage snapshot is deleted along with the VolumeSnapshotContent object. +#If the deletionPolicy is Retain, then both the underlying snapshot and VolumeSnapshotContent remain +deletionPolicy: Delete +parameters: + #IsiPath should match with respective storageClass IsiPath + IsiPath: "/ifs/data/csi" +``` + +The following is a sample manifest for creating a Volume Snapshot using the **v1** snapshot APIs; The following snippet assumes that the persistent volume claim name is testvolume. + +```yaml +apiVersion: snapshot.storage.k8s.io/v1 +kind: VolumeSnapshot +metadata: + name: pvcsnap + namespace: default +spec: + volumeSnapshotClassName: isilon-snapclass + source: + persistentVolumeClaimName: testvolume +``` + +Once the VolumeSnapshot has been successfully created by the CSI PowerScale driver, a VolumeSnapshotContent object is automatically created. Once the status of the VolumeSnapshot object has the _readyToUse_ field set to _true_ , it is available for use. + +The following is the relevant section of VolumeSnapshot object status: + +```yaml +status: + boundVolumeSnapshotContentName: snapcontent-xxxxxxxxxxxxx + creationTime: "2020-07-16T08:42:12Z" + readyToUse: true +``` + +### Creating PVCs with Volume Snapshots as Source + +The following is a sample manifest for creating a PVC with a VolumeSnapshot as a source: + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: createfromsnap + namespace: default +spec: + storageClassName: isilon + dataSource: + name: pvcsnap + kind: VolumeSnapshot + apiGroup: snapshot.storage.k8s.io + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi +``` + +> Starting from CSI PowerScale driver version 2.2, different isi paths can be used to create PersistentVolumeClaim from VolumeSnapshot.This means the isi paths of the new volume and the VolumeSnapshot can be different. + +## Volume Expansion + +CSI PowerScale driver version 1.2 and later supports the expansion of Persistent Volumes (PVs). This expansion can be done either online (for example, when a PVC is attached to a node) or offline (for example, when a PVC is not attached to any node). + +To use this feature, the storage class that is used to create the PVC must have the attribute `allowVolumeExpansion` set to true. + +The following is a sample manifest for a storage class that allows for Volume Expansion: + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: isilon-expand-sc + annotations: + storageclass.kubernetes.io/is-default-class: "false" +provisioner: "csi-isilon.dellemc.com" +reclaimPolicy: Delete +parameters: + ClusterName: + AccessZone: System + isiPath: "/ifs/data/csi" + AzServiceIP : 'XX.XX.XX.XX' + rootClientEnabled: "true" +allowVolumeExpansion: true +volumeBindingMode: Immediate +``` + +To resize a PVC, edit the existing PVC spec and set spec.resources.requests.storage to the intended size. For example, if you have a PVC isilon-pvc-demo of size 3Gi, then you can resize it to 30Gi by updating the PVC. + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: isilon-pvc-expansion-demo +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 30Gi # Updated size from 3Gi to 30Gi + storageClassName: isilon-expand-sc +``` + +>The Kubernetes Volume Expansion feature can only be used to increase the size of a volume. It cannot be used to shrink a volume. + +## Volume Cloning Feature + +The CSI PowerScale driver version 1.3 and later supports volume cloning. This allows specifying existing PVCs in the _dataSource_ field to indicate a user would like to clone a Volume. + +Source and destination PVC must be in the same namespace and have the same Storage Class. + +To clone a volume, you must first have an existing PVC: + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: existing-pvc +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi + storageClassName: isilon +``` + +The following is a sample manifest for cloning: + +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: volume-from-volume + namespace: default +spec: + accessModes: + - ReadWriteMany + volumeMode: Filesystem + resources: + requests: + storage: 50Gi + storageClassName: isilon + dataSource: + kind: PersistentVolumeClaim + name: existing-pvc + apiGroup: "" +``` + +## Controller HA + +CSI PowerScale driver version 1.4.0 and later supports running multiple replicas of the controller pod. Leader election is only applicable for all sidecar containers and driver container will be running in all controller pods. In case of a failure, one of the standby pods becomes active and takes the position of leader. This is achieved by using native leader election mechanisms utilizing `kubernetes leases`. + +Additionally by leveraging `pod anti-affinity`, no two-controller pods are ever scheduled on the same node. + +To increase or decrease the number of controller pods, edit the following value in `myvalues.yaml` file: + +```yaml +controllerCount: 2 +``` + +>**NOTE:** The default value for controllerCount is 2. It is recommended to not change this unless really required. Also, if the controller count is greater than the number of available nodes (where the pods can be scheduled), some controller pods will remain in a Pending state. + +If you are using the Dell CSM Operator, the value to adjust is: + +```yaml +replicas: 2 +``` + +For more details about configuring Controller HA using the Dell CSM Operator, see the [Dell CSM Operator documentation](../../../deployment/csmoperator/#custom-resource-specification). + +## CSI Ephemeral Inline Volume + +The CSI PowerScale driver version 1.4.0 and later supports CSI ephemeral inline volumes. + +This feature serves as use cases for data volumes whose content and lifecycle are tied to a pod. For example, a driver might populate a volume with dynamically created secrets that are specific to the application running in the pod. Such volumes need to be created together with a pod and can be deleted as part of pod termination (ephemeral). They get defined as part of the pod spec (inline). + +At runtime, nested inline volumes follow the lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed. + +The following is a sample manifest for creating CSI ephemeral Inline Volume in pod manifest with CSI PowerScale driver. + +```yaml +kind: Pod +apiVersion: v1 +metadata: + name: my-csi-app-inline-volume +spec: + containers: + - name: my-frontend + image: busybox + command: [ "sleep", "100000" ] + volumeMounts: + - mountPath: "/data" + name: my-csi-volume + volumes: + - name: my-csi-volume + csi: + driver: csi-isilon.dellemc.com + volumeAttributes: + size: "2Gi" + ClusterName: "cluster1" +``` + +This manifest creates a pod in a given cluster and attaches a newly created ephemeral inline CSI volume to it. + +**Note**: Storage class is not supported in CSI ephemeral inline volumes and all parameters are driver specific. +CSI ephemeral volumes allow users to provide volumeAttributes directly to the CSI driver as part of the Pod spec. +These `volumeAttributes` are supported: size, ClusterName, AccessZone, IsiPath, IsiVolumePathPermissions, AzServiceIP. +For reference, check the description of parameters in the following example: [isilon.yaml](https://github.com/dell/csi-powerscale/blob/main/samples/storageclass/isilon.yaml) + +## Topology + +### Topology Support + +CSI PowerScale driver version 1.4.0 and later supports Topology by default which forces volumes to be placed on worker nodes that have connectivity to the backend storage. This results in nodes which have access to PowerScale Array being appropriately labeled. The driver leverages these labels to ensure that the driver components (controller, node) are spawned only on nodes wherein these labels exist. + +This covers use cases where: + +The CSI PowerScale driver may not be installed or running on some nodes where Users have chosen to restrict the nodes on accessing the PowerScale storage array. + +We support CustomTopology which enables users to apply labels for nodes - "csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com" and expect the labels to be honored by the driver. + +When “enableCustomTopology” is set to “true”, the CSI driver fetches custom labels “csi-isilon.dellemc.com/XX.XX.XX.XX=csi-isilon.dellemc.com” applied on worker nodes, and uses them to initialize node pod with custom PowerScale FQDN/IP. + +**Note:** Only a single cluster can be configured as part of secret.yaml for custom topology. + +### Topology Usage + +To utilize the Topology feature, create a custom `StorageClass` with `volumeBindingMode` set to `WaitForFirstConsumer` and specify the desired topology labels within `allowedTopologies` field of this custom storage class. This ensures that the Pod schedule takes advantage of the topology and the selected node has access to provisioned volumes. + +**Note:** Whenever a new storage cluster is being added in secret, even though it is dynamic, the new storage cluster IP address-related label is not added to worker nodes dynamically. The user has to spin off (bounce) driver-related pods (controller and node pods) in order to apply newly added information to be reflected in worker nodes. + +**Storage Class Example with Topology Support:** + +```yaml +# This is a sample manifest for utilizing the topology feature and mount options. +# PVCs created using this storage class will be scheduled +# only on the nodes with access to Isilon + +# Change all instances of to the IP of the PowerScale OneFS API server + +# Provide mount options through "mountOptions" attribute +# to create PVCs with mount options. + +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: isilon +provisioner: csi-isilon.dellemc.com +reclaimPolicy: Delete +allowVolumeExpansion: true +parameters: + AccessZone: System + IsiPath: "/ifs/data/csi" + # AccessZone groupnet service IP. Update AzServiceIP in values.yaml if different than isiIP. + #AzServiceIP : 192.168.2.1 + # When a PVC is being created, it takes the storage class' value of "storageclass.rootClientEnabled", + # which determines, when a node mounts the PVC, in NodeStageVolume, whether to add the k8s node to + # the "Root clients" field (when true) or "Clients" field (when false) of the NFS export + RootClientEnabled: "false" + # Name of PowerScale cluster where pv will be provisioned + # This name should match with name of one of the cluster configs in isilon-creds secret + # If this parameter is not specified, then default cluster config in isilon-creds secret will be considered if available + #ClusterName: "" + +# volumeBindingMode controls when volume binding and dynamic provisioning should occur. +# Immediate mode indicates that volume binding and dynamic provisioning occurs once the PersistentVolumeClaim is created +# WaitForFirstConsumer mode will delay the binding and provisioning of a PersistentVolume +# until a Pod using the PersistentVolumeClaim is created +volumeBindingMode: WaitForFirstConsumer +# allowedTopologies helps scheduling pod on worker nodes which match all of below expressions +# If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies +allowedTopologies: + - matchLabelExpressions: + - key: csi-isilon.dellemc.com/ + values: + - csi-isilon.dellemc.com +# specify additional mount options for when a Persistent Volume is being mounted on a node. +# To mount volume with NFSv4, specify mount option vers=4. Make sure NFSv4 is enabled on the Isilon Cluster. +mountOptions: ["", "", ..., ""] +``` + +For additional information, see the [Kubernetes Topology documentation](https://kubernetes-csi.github.io/docs/topology.html). + +## Support custom networks for NFS I/O traffic + +When allowedNetworks is specified for using custom networks to handle NFS traffic, and a user already +has workloads scheduled, there is a possibility that it might lead to backward compatibility issues. For example, ControllerUnPublish might not be able to completely remove clients from the NFS exports of previously created pods. + +Also, the previous workload will still be using the default network and not custom networks. For previous workloads to use custom networks, the recreation of pods is required. + +When csi-powerscale driver creates an NFS export, the traffic flows through the client specified in the export. By default, the client is the network interface for Kubernetes +communication (same IP/fqdn as k8s node) by default. + +For a cluster with multiple network interfaces and if a user wants to segregate k8s traffic from NFS traffic; you can use the `allowedNetworks` option. +`allowedNetworks` takes CIDR addresses as a parameter to match the IPs to be picked up by the driver to allow and route NFS traffic. + +## Volume Limit + +The CSI Driver for Dell PowerScale allows users to specify the maximum number of PowerScale volumes that can be used in a node. + +The user can set the volume limit for a node by creating a node label `max-isilon-volumes-per-node` and specifying the volume limit for that node. +
`kubectl label node max-isilon-volumes-per-node=` + +The user can also set the volume limit for all the nodes in the cluster by specifying the same to `maxIsilonVolumesPerNode` attribute in values.yaml. + +>**NOTE:**
The default value of `maxIsilonVolumesPerNode` is 0.
If `maxIsilonVolumesPerNode` is set to zero, then CO shall decide how many volumes of this type can be published by the controller to the node.

The volume limit specified to `maxIsilonVolumesPerNode` attribute is applicable to all the nodes in the cluster for which node label `max-isilon-volumes-per-node` is not set. + +## Storage Capacity Tracking + +CSI for PowerScale driver version 2.8.0 and above supports Storage Capacity Tracking. + +This feature helps the scheduler to make more informed choices about where to schedule pods which depends on unbound volumes with late binding (aka "wait for first consumer"). Pods will be scheduled on a node (satisfying the topology constraints) only if the requested capacity is available on the storage array. +If such a node is not available, the pods stay in Pending state. This means pods are not scheduled. + +Without storage capacity tracking, pods get scheduled on a node satisfying the topology constraints. If the required capacity is not available, volume attachment to the pods fails, and pods remain in ContainerCreating state. Storage capacity tracking eliminates unnecessary scheduling of pods when there is insufficient capacity. + +The attribute `storageCapacity.enabled` in `values.yaml` can be used to enable/disable the feature during driver installation using helm. This is by default set to true. To configure how often driver checks for changed capacity set `storageCapacity.pollInterval` attribute. In case of driver installed via operator, this interval can be configured in the sample file provided [here.](https://github.com/dell/csm-operator/blob/main/samples/) by editing the `--capacity-poll-interval` argument present in the provisioner sidecar. + +## Node selector in helm template + +Now user can define in which worker node, the CSI node pod daemonset can run (just like any other pod in Kubernetes world).For more information, refer to + +Similarly, users can define the tolerations based on various conditions like memory pressure, disk pressure and network availability. Refer to for more information. + +## Usage of SmartQuotas to Limit Storage Consumption + +CSI driver for Dell Isilon handles capacity limiting using SmartQuotas feature. + +To use the SmartQuotas feature user can specify the boolean value 'enableQuota' in myvalues.yaml or my-isilon-settings.yaml. + +Let us assume the user creates a PVC with 3 Gi of storage and 'SmartQuotas' have already been enabled in PowerScale Cluster. + +- When 'enableQuota' is set to 'true' + - The driver sets the hard limit of the PVC to 3Gi. + - The user adds data of 2Gi to the above said PVC (by logging into POD). It works as expected. + - The user tries to add 2Gi more data. + - Driver doesn't allow the user to enter more data as total data to be added is 4Gi and PVC limit is 3Gi. + - The user can expand the volume from 3Gi to 6Gi. The driver allows it and sets the hard limit of PVC to 6Gi. + - User retries adding 2Gi more data (which has been errored out previously). + - The driver accepts the data. + +- When 'enableQuota' is set to 'false' + - Driver doesn't set any hard limit against the PVC created. + - The user adds data of 2Gi to the above said PVC, which is having the size 3Gi (by logging into POD). It works as expected. + - The user tries to add 2Gi more data. Now the total size of data is 4Gi. + - Driver allows the user to enter more data irrespective of the initial PVC size (since no quota is set against this PVC) + - The user can expand the volume from an initial size of 3Gi to 4Gi or more. The driver allows it. + +If SmartQuota feature is enabled, user can also set other quota parameters such as Soft Limit , Advisory Limit and +soft grace period using storage class yaml file or pvc yaml file. + +**Storage Class Example with Quota Limit Parameters:** + +```yaml +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: isilon +provisioner: csi-isilon.dellemc.com +reclaimPolicy: Delete +allowVolumeExpansion: true +parameters: + # The name of the access zone a volume can be created in + # Optional: true + # Default value: default value specified in values.yaml + # Examples: System, zone1 + AccessZone: System + + # The base path for the volumes to be created on PowerScale cluster. + # Ensure that this path exists on PowerScale cluster. + # Allowed values: unix absolute path + # Optional: true + # Default value: value specified in values.yaml for isiPath + # Examples: /ifs/data/csi, /ifs/engineering + IsiPath: /ifs/data/csi + + #Parameter to set Advisory Limit to quota + #Optional: true + #Default value: Limit not Set + #AdvisoryLimit: "50" + + #Parameter to set soft limit to quota + #Optional: true + #Default value: Limit not Set + #SoftLimit: "80" + + #Parameter which must be mentioned along with Soft Limit + #Soft Limit can be exceeded until the grace period + #Optional: true + #Default value: Limit not Set + #SoftGracePrd: "86400" + + # The permissions for isi volume directory path + # This value overrides the isiVolumePathPermissions attribute of corresponding cluster config in secret, if present + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + #IsiVolumePathPermissions: "0777" + + # AccessZone groupnet service IP. Update AzServiceIP if different than endpoint. + # Optional: true + # Default value: endpoint of the cluster ClusterName + #AzServiceIP : 192.168.2.1 + + # When a PVC is being created, this parameter determines, when a node mounts the PVC, + # whether to add the k8s node to the "Root clients" field or "Clients" field of the NFS export + # Allowed values: + # "true": adds k8s node to the "Root clients" field of the NFS export + # "false": adds k8s node to the "Clients" field of the NFS export + # Optional: true + # Default value: "false" + RootClientEnabled: "false" + +``` + +**PVC Example with Quota Limit Parameters:** + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: test-pvc +#Uncomment below 4 lines to set quota limit parameters +# labels: +# pvcSoftLimit: "10" +# pvcAdvisoryLimit: "50" +# pvcSoftGracePrd : "85400" +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: isilon +``` + +Note + +- If quota limit values are specified in both storage class yaml and PVC yaml , then values mentioned in PVC yaml will get precedence. +- If few parameters are specified in storage class yaml and few in PVC yaml , then both will be combined and applied while quota creation + For Example: If advisory limit = 30 is mentioned in storage class yaml and soft limit = 50 and soft grace period = 86400 are mentioned in PVC yaml . + Then values set in quota will be advisory limit = 30, soft limit = 50 and soft grace period =86400. + +## Dynamic Logging Configuration + +This feature is introduced in CSI Driver for PowerScale version 1.6.0 and updated in version 2.0.0 + +### Helm based installation + +As part of driver installation, a ConfigMap with the name `isilon-config-params` is created, which contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of CSI driver. + +Users can set the default log level by specifying log level to `logLevel` attribute in values.yaml during driver installation. + +To change the log level dynamically to a different value user can edit the same values.yaml, and run the following command + +```bash +cd dell-csi-helm-installer +./csi-install.sh --namespace isilon --values ./my-isilon-settings.yaml --upgrade +``` + +Note: here my-isilon-settings.yaml is a values.yaml file which user has used for driver installation. + +### Operator based installation + +As part of driver installation, a ConfigMap with the name `isilon-config-params` is created using the manifest located in the sample file. This ConfigMap contains an attribute `CSI_LOG_LEVEL` which specifies the current log level of the CSI driver. To set the default/initial log level user can set this field during driver installation. + +To update the log level dynamically user has to edit the ConfigMap `isilon-config-params` and update `CSI_LOG_LEVEL` to the desired log level. + +```bash +kubectl edit configmap -n isilon isilon-config-params +``` + +>Note: Prior to CSI Driver for PowerScale version 2.0.0, the log level was allowed to be updated dynamically through `logLevel` attribute in the secret object. + +## NAT Support + +CSI Driver for Dell PowerScale is supported in the NAT environment. + +## Configurable permissions for volume directory + +This feature is introduced in CSI Driver for PowerScale version 2.0.0 + +### Helm based installation + +The permissions for volume directory can now be configured in 3 ways: + +1. Through values.yaml +2. Through secrets +3. Through storage class + +```yaml + # isiVolumePathPermissions: The permissions for isi volume directory path + # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret + # Allowed values: valid octal mode number + # Default value: "0777" + # Examples: "0777", "777", "0755" + isiVolumePathPermissions: "0777" +``` + +The permissions present in values.yaml are the default for all cluster config. + +If the volume permission is not present in storage class then secrets are considered and if it is not present even in secrets then values.yaml is considered. + +>**Note:**
For volume creation from source (volume from snapshot/volume from volume) permissions are inherited from source.

Create myvalues.yaml/my-isilon-settings.yaml and storage class accordingly. + +### Operator based installation + +In the case of operator-based installation, default permission for powerscale directory is present in the samples file. + +Other ways of configuring powerscale volume permissions remain the same as helm-based installation. + +## PV/PVC Metrics + +CSI Driver for Dell PowerScale 2.1.0 and above supports volume health monitoring. This allows Kubernetes to report on the condition, status and usage of the underlying volumes. +For example, if a volume were to be deleted from the array, or unmounted outside of Kubernetes, Kubernetes will now report these abnormal conditions as events. + +### This feature can be enabled + +1. Alpha feature gate `CSIVolumeHealth` needs to be enabled for the node side monitoring to take effect. For more information, please refer to the [Kubernetes GitHub repository](https://github.com/kubernetes-csi/external-health-monitor/blob/master/README.md). +2. For controller plugin, by setting attribute `controller.healthMonitor.enabled` to `true` in `values.yaml` file. Also health monitoring interval can be changed through attribute `controller.healthMonitor.interval` in `values.yaml` file. +3. For node plugin, by setting attribute `node.healthMonitor.enabled` to `true` in `values.yaml` file. + +## Single Pod Access Mode for PersistentVolumes- ReadWriteOncePod + +Use `ReadWriteOncePod(RWOP)` access mode if you want to ensure that only one pod across the whole cluster can read that PVC or write to it. This is supported for CSI Driver for PowerScale 2.1.0+ and Kubernetes version 1.22+. + +### Creating a PersistentVolumeClaim +```yaml +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: single-writer-only +spec: + accessModes: + - ReadWriteOncePod # the volume can be mounted as read-write by a single pod across the whole cluster + resources: + requests: + storage: 1Gi +``` + +When this feature is enabled, the existing `ReadWriteOnce(RWO)` access mode restricts volume access to a single node and allows multiple pods on the same node to read from and write to the same volume. + +To migrate existing PersistentVolumes to use `ReadWriteOncePod`, please follow the instruction from [here](https://kubernetes.io/docs/tasks/administer-cluster/change-pv-access-mode-readwriteoncepod/). diff --git a/content/v1/csidriver/features/powerstore.md b/content/v1/csidriver/features/powerstore.md index cd9d718a30..8d6d21c8fa 100644 --- a/content/v1/csidriver/features/powerstore.md +++ b/content/v1/csidriver/features/powerstore.md @@ -29,7 +29,8 @@ kubectl delete -f tests/simple/simple.yaml You can use existent volumes from PowerStore array as Persistent Volumes in your Kubernetes, perform the following steps: 1. Open your volume in PowerStore Management UI, and take a note of volume-id. The volume link must look similar to `https:///#/storage/volumes/0055558c-5ae1-4ed1-b421-6f5a9475c19f/capacity`, where the `volume-id` is `0055558c-5ae1-4ed1-b421-6f5a9475c19f`. -2. Create PersistentVolume and use this volume-id in volumeHandle in format in the manifest. Modify other parameters according to your needs. +2. Create PersistentVolume and use this volume-id in volumeHandle in format `` in the manifest. In case of Metro volume, the volumeHandle should be in the format ``. Modify other parameters according to your needs. + ```yaml apiVersion: v1 kind: PersistentVolume @@ -94,7 +95,7 @@ In order to use Volume Snapshots, ensure the following components have been depl - Volume Snapshot Controller - Volume Snapshot Class ->Note: From v1.4, the CSI PowerStore driver installation process will no longer create VolumeSnapshotClass. +>Note: From v1.4, the CSI PowerStore driver installation process will no longer create VolumeSnapshotClass. > If you want to create VolumeSnapshots, then create a VolumeSnapshotClass using the sample provided in the _samples_ folder ### Creating Volume Snapshots @@ -161,13 +162,13 @@ spec: ## iSCSI CHAP The CSI PowerStore driver Version 1.3.0 and later extends Challenge Handshake Authentication Protocol (CHAP) support by adding automatic credentials generation. -This means that you no longer need to provide chapsecret/chapuser credentials, they will be automatically generated by the driver for each host. +This means that you no longer need to provide chapsecret/chapuser credentials, they will be automatically generated by the driver for each host. -To enable this feature you need to set `connection.enableCHAP` to `true` when installing with **helm** or set `X_CSI_POWERSTORE_ENABLE_CHAP` to `true` in your PowerStore CustomResource when installing using **operator**. +To enable this feature you need to set `connection.enableCHAP` to `true` when installing with **helm** or set `X_CSI_POWERSTORE_ENABLE_CHAP` to `true` in your PowerStore CustomResource when installing using **operator**. The driver uses the generated chapsecret to configure the iSCSI node database on each node with iSCSI access. -When creating a new host on powerstore array driver will populate host chap credentials with generated values. When re-using already existing hosts driver must override existing CHAP credentials with newly generated ones. +When creating a new host on powerstore array driver will populate host chap credentials with generated values. When re-using already existing hosts driver must override existing CHAP credentials with newly generated ones. ## Volume Expansion @@ -191,6 +192,8 @@ parameters: csi.storage.k8s.io/fstype: xfs ``` +> Note: Volume expansion of Metro volume pairs requires that the Metro link be suspended prior to extending the volume. The Metro volume link can be restored after the volume has been resized. + To resize a PVC, edit the existing PVC spec and set spec.resources.requests.storage to the intended size. For example, if you have a PVC pstore-pvc-demo of size 3Gi, then you can resize it to 30Gi by updating the PVC. ```yaml @@ -298,7 +301,7 @@ spec: ## Ephemeral Inline Volume -The CSI PowerStore driver version 1.2 and later supports ephemeral inline CSI volumes. This feature allows CSI volumes to be specified directly in the pod specification. +The CSI PowerStore driver version 1.2 and later supports ephemeral inline CSI volumes. This feature allows CSI volumes to be specified directly in the pod specification. At runtime, nested inline volumes follow the ephemeral lifecycle of their associated pods where the driver handles all phases of volume operations as pods are created and destroyed. @@ -327,7 +330,7 @@ spec: arrayID: "unique" ``` -This manifest creates a pod and attaches a newly created ephemeral inline CSI volume to it. +This manifest creates a pod and attaches a newly created ephemeral inline CSI volume to it. To create `NFS` volume you need to provide `nasName:` parameters that point to the name of your NAS Server in pod manifest like so @@ -349,11 +352,11 @@ To create `NFS` volume you need to provide `nasName:` parameters that point to t By default number of replicas is set to 2, you can set `controller.replicas` parameter to 1 in `my-powerstore-settings.yaml` if you want to disable controller HA for your installation. When installing via Operator you can change `replicas` parameter in `spec.driver.csiDriverSpec` section in your PowerStore Custom Resource. -When multiple replicas of controller pods are in the cluster, each sidecar (attacher, provisioner, resizer, snapshotter) tries to get a lease so only one instance of each sidecar would be active in the cluster at a time. +When multiple replicas of controller pods are in the cluster, each sidecar (attacher, provisioner, resizer, snapshotter) tries to get a lease so only one instance of each sidecar would be active in the cluster at a time. ### Driver pod placement -You can configure where driver controller and worker pods must be placed. +You can configure where driver controller and worker pods must be placed. To configure use `nodeSelector` and `tolerations` mechanisms you can configure in your `my-powerstore-settings.yaml` For example, you can specify `tolerations` to assign driver controller pods on controller nodes too: @@ -397,7 +400,7 @@ This Topology support does not include customer-defined topology, users cannot c To use the Topology features user must create their own storage classes similar to those that can be found in `samples/storageclass` folder. -The following is one of example storage class manifest: +The following is one of example storage class manifest: ```yaml apiVersion: storage.k8s.io/v1 kind: StorageClass @@ -416,7 +419,7 @@ allowedTopologies: This example matches all nodes where the driver has a connection to PowerStore with an IP of `127.0.0.1` via FibreChannel. Similar examples can be found in mentioned folder for NFS, iSCSI and NVMe. -You can check what labels your nodes contain by running +You can check what labels your nodes contain by running ```bash kubectl get nodes --show-labels ``` @@ -437,20 +440,20 @@ The user can also set the volume limit for all the nodes in the cluster by speci >**NOTE:**
The default value of `maxPowerstoreVolumesPerNode` is 0.
If `maxPowerstoreVolumesPerNode` is set to zero, then CO shall decide how many volumes of this type can be published by the controller to the node.

The volume limit specified in the `maxPowerstoreVolumesPerNode` attribute is applicable to all the nodes in the cluster for which the node label `max-powerstore-volumes-per-node` is not set. -## Reuse PowerStore hostname +## Reuse PowerStore hostname The CSI PowerStore driver version 1.2 and later can automatically detect if the current node was already registered as a Host on the storage array before. It will check if Host initiators and node initiators (FC, iSCSI or NVMe) match. If they do, the driver will not create a new host and will take the existing name of the Host as nodeID. -## Multiarray support +## Multiarray support -The CSI PowerStore driver version 1.3.0 and later support managing multiple PowerStore arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. +The CSI PowerStore driver version 1.3.0 and later support managing multiple PowerStore arrays from the single driver instance. This feature is enabled by default and integrated to even single instance installations. To manage multiple arrays you need to create an array connection configuration that lists multiple arrays. -### Creating array configuration +### Creating array configuration Create a file called `config.yaml` and populate it with the following content - + ```yaml arrays: - endpoint: "https://10.0.0.1/api/rest" # full URL path to the PowerStore API @@ -464,14 +467,14 @@ Create a file called `config.yaml` and populate it with the following content nfsAcls: "0777" # (Optional) defines permissions - POSIX mode bits or NFSv4 ACLs, to be set on NFS target mount directory. # NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only. POSIX ACLs are not supported and only POSIX mode bits are supported for NFSv3 shares. - endpoint: "https://10.0.0.2/api/rest" - globalID: "unique" - username: "user" + globalID: "unique" + username: "user" password: "password" - skipCertificateValidation: true - blockProtocol: "FC" + skipCertificateValidation: true + blockProtocol: "FC" ``` -Here we specify that we want to CSI driver to manage two arrays: one with an IP `10.0.0.1` and the other with an IP `10.0.0.2`, we want to connect to the first array with `iSCSI` protocol and with `FC` to the second array. Also, we want to be able to create NFS-based volume so we provide the name of the NAS to the first array. +Here we specify that we want to CSI driver to manage two arrays: one with an IP `10.0.0.1` and the other with an IP `10.0.0.2`, we want to connect to the first array with `iSCSI` protocol and with `FC` to the second array. Also, we want to be able to create NFS-based volume so we provide the name of the NAS to the first array. To use this config we need to create a Kubernetes secret from it, to do so create a file called `secret.yaml` in the same folder and populate it with the following content: @@ -486,7 +489,7 @@ data: config: CONFIG_YAML ``` -Apply the secret by running following command: +Apply the secret by running following command: ```bash sed "s/CONFIG_YAML/`cat config.yaml | base64 -w0`/g" secret.yaml | kubectl apply -f - @@ -494,7 +497,7 @@ sed "s/CONFIG_YAML/`cat config.yaml | base64 -w0`/g" secret.yaml | kubectl apply ### Creating storage classes -To be able to provision Kubernetes volumes using a specific array we need to create corresponding storage classes. +To be able to provision Kubernetes volumes using a specific array we need to create corresponding storage classes. Create file `storageclass.yaml` and populate it with the following content: @@ -524,14 +527,14 @@ parameters: csi.storage.k8s.io/fstype: "xfs" ``` -Here we specify two storage classes: one of them uses the first array and `ext4` filesystem, and the other uses the second array and `xfs` filesystem. +Here we specify two storage classes: one of them uses the first array and `ext4` filesystem, and the other uses the second array and `xfs` filesystem. Then we need to apply storage classes to Kubernetes using `kubectl`: ```bash kubectl create -f storageclass.yaml ``` -After that, you can use `powerstore-1` storage class to create volumes on the first array and `powerstore-2` storage class to create volumes on the second array. +After that, you can use `powerstore-1` storage class to create volumes on the first array and `powerstore-2` storage class to create volumes on the second array. ## Dynamic secret change detection @@ -551,11 +554,11 @@ the new configuration information. ## Configuring custom access to NFS exports -CSI PowerStore driver Version 1.3.0 and later supports the ability to configure NFS access to nodes that use dedicated storage networks. +CSI PowerStore driver Version 1.3.0 and later supports the ability to configure NFS access to nodes that use dedicated storage networks. -To enable this feature you need to specify `externalAccess` parameter in your helm `values.yaml` file or `X_CSI_POWERSTORE_EXTERNAL_ACCESS` variable when creating CustomResource using an operator. +To enable this feature you need to specify `externalAccess` parameter in your helm `values.yaml` file or `X_CSI_POWERSTORE_EXTERNAL_ACCESS` variable when creating CustomResource using an operator. -The value of that parameter is added as an additional entry to NFS Export host access. +The value of that parameter is added as an additional entry to NFS Export host access. For example the following notation: ```yaml @@ -570,20 +573,20 @@ This means that we allow for NFS Export created by driver to be consumed by addr CSI PowerStore driver version 1.4.0 onwards slightly changes the way arrays are being identified in runtime. In previous versions of the driver, a management IP address was used to identify an array. The address change could lead to an invalid state of PV. From version 1.4.0 a unique GlobalID string is used for an array identification. -It has to be specified in `config.yaml` and in Storage Classes. +It has to be specified in `config.yaml` and in Storage Classes. -The change provides backward compatibility with previously created PVs. +The change provides backward compatibility with previously created PVs. However, to provision new volumes, make sure to delete old Storage Classes and create new ones with `arrayID` instead of `arrayIP` specified. > NOTE: It is recommended to migrate the PVs to new identifiers before changing management IPs of storage systems. The recommended way to do it is to clone the existing volume and delete the old one. The cloned volume will automatically switch to using globalID instead of management IP. -## Root squashing +## Root squashing -CSI PowerStore driver version 1.4.0 and later allows users to enable root squashing for NFS volumes provisioned by the driver. +CSI PowerStore driver version 1.4.0 and later allows users to enable root squashing for NFS volumes provisioned by the driver. Root squashing rule prevents root users on NFS clients from exercising root privileges on the NFS server. -To enable this rule, you need to set parameter `allowRoot` to `false` in your NFS storage class. +To enable this rule, you need to set parameter `allowRoot` to `false` in your NFS storage class. Your storage class definition must look similar to this: @@ -600,10 +603,10 @@ parameters: ## Dynamic Logging Configuration -This feature is introduced in CSI Driver for PowerStore version 2.0.0. +This feature is introduced in CSI Driver for PowerStore version 2.0.0. ### Helm based installation -As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created, which contains attributes `CSI_LOG_LEVEL` which specifies the current log level of CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of CSI driver. +As part of driver installation, a ConfigMap with the name `powerstore-config-params` is created, which contains attributes `CSI_LOG_LEVEL` which specifies the current log level of CSI driver and `CSI_LOG_FORMAT` which specifies the current log format of CSI driver. Users can set the default log level by specifying log level to `logLevel` and log format to `logFormat` attribute in `my-powerstore-settings.yaml` during driver installation. @@ -613,7 +616,7 @@ cd dell-csi-helm-installer ./csi-install.sh --namespace csi-powerstore --values ./my-powerstore-settings.yaml --upgrade ``` -Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. +Note: here `my-powerstore-settings.yaml` is a `values.yaml` file which user has used for driver installation. ### Operator based installation @@ -636,7 +639,7 @@ The user will be able to install the driver and able to create pods. CSI Driver for Dell Powerstore 2.1.0 and above supports volume health monitoring. Alpha feature gate `CSIVolumeHealth` needs to be enabled for the node side monitoring to take effect. For more information, please refer to the [Kubernetes GitHub repository](https://github.com/kubernetes-csi/external-health-monitor/blob/master/README.md). To use this feature, set controller.healthMonitor.enabled and node.healthMonitor.enabled to true. To change the monitor interval, set controller.healthMonitor.interval parameter. -## Single Pod Access Mode for PersistentVolumes- ReadWriteOncePod +## Single Pod Access Mode for PersistentVolumes- ReadWriteOncePod Use `ReadWriteOncePod(RWOP)` access mode if you want to ensure that only one pod across the whole cluster can read that PVC or write to it. This is supported for CSI Driver for PowerStore 2.1.0+ and Kubernetes version 1.22+. @@ -690,7 +693,7 @@ nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::user@doma **NVMeTCP Support** CSI Driver for Dell Powerstore 2.2.0 and above supports NVMe/TCP provisioning. To enable NVMe/TCP provisioning, blockProtocol on secret should be specified as `NVMeTCP`. ->Note: NVMe/TCP is not supported on RHEL 7.x versions and CoreOS. +>Note: NVMe/TCP is not supported on RHEL 7.x versions and CoreOS. >NVMe/TCP is supported with Powerstore 2.1 and above. **NVMeFC Support** @@ -699,7 +702,7 @@ CSI Driver for Dell Powerstore 2.3.0 and above supports NVMe/FC provisioning. To >NVMe-FC feature is supported with Helm. ->Note: +>Note: > In case blockProtocol is specified as `auto`, the driver will be able to find the initiators on the host and choose the protocol accordingly. If the host has multiple protocols enabled, then NVMeFC gets the highest priority followed by NVMeTCP, followed by FC and then iSCSI. ## Volume group snapshot Support @@ -708,10 +711,10 @@ CSI Driver for Dell Powerstore 2.3.0 and above supports creating volume groups a ## Configurable Volume Attributes (Optional) -The CSI PowerStore driver version 2.3.0 and above supports Configurable volume atttributes. +The CSI PowerStore driver version 2.3.0 and above supports Configurable volume atttributes. -PowerStore array provides a set of optional volume creation attributes. These attributes can be configured for the volume (block and NFS) at the time of creation through PowerStore CSI driver. -These attributes can be specified as labels in PVC yaml file. The following is a sample manifest for creating volume with some of the configurable volume attributes. +PowerStore array provides a set of optional volume creation attributes. These attributes can be configured for the volume (block and NFS) at the time of creation through PowerStore CSI driver. +These attributes can be specified as labels in PVC yaml file. The following is a sample manifest for creating volume with some of the configurable volume attributes. ```yaml apiVersion: v1 @@ -733,19 +736,19 @@ spec: ``` ->Note: Default description value is `pvcName-pvcNamespace`. +>Note: Default description value is `pvcName-pvcNamespace`. -This is the list of all the attributes supported by PowerStore CSI driver: +This is the list of all the attributes supported by PowerStore CSI driver: | Block Volume | NFS Volume | | --- | --- | | csi.dell.com/description
csi.dell.com/appliance_id
csi.dell.com/volume_group_id
csi.dell.com/protection_policy_id
csi.dell.com/performance_policy_id
csi.dell.com/app_type
csi.dell.com/app_type_other





| csi.dell.com/description
csi.dell.com/config_type
csi.dell.com/access_policy
csi.dell.com/locking_policy
csi.dell.com/folder_rename_policy
csi.dell.com/is_async_mtime_enabled
csi.dell.com/protection_policy_id
csi.dell.com/file_events_publishing_mode
csi.dell.com/host_io_size
csi.dell.com/flr_attributes.flr_create.mode
csi.dell.com/flr_attributes.flr_create.default_retention
csi.dell.com/flr_attributes.flr_create.maximum_retention
csi.dell.com/flr_attributes.flr_create.minimum_retention | -
+
**Note:** ->Refer to the PowerStore array specification for the allowed values for each attribute, at `https:///swaggerui/`. ->Make sure that the attributes specified are supported by the version of PowerStore array used. +>Refer to the PowerStore array specification for the allowed values for each attribute, at `https:///swaggerui/`. +>Make sure that the attributes specified are supported by the version of PowerStore array used. >Configurable Volume Attributes feature is supported with Helm. @@ -762,3 +765,7 @@ Without storage capacity tracking, pods get scheduled on a node satisfying the t The attribute `storageCapacity.enabled` in `my-powerstore-settings.yaml` can be used to enabled/disabled the feature during driver installation . To configure how often driver checks for changed capacity set `storageCapacity.pollInterval` attribute. In case of driver installed via operator, this interval can be configured in the sample files provided [here](https://github.com/dell/csm-operator/tree/main/samples) by editing the `capacity-poll-interval` argument present in the `provisioner` sidecar. +## Metro support +The CSI PowerStore driver supports the provisioning of Metro volumes. The process and details of how to provision and use Metro volumes can be found [here](../../../replication/high-availability). + +Please note that the Metro feature does not require the deployment of the replicator sidecar or the replication controller. diff --git a/content/v1/csidriver/release/powerflex.md b/content/v1/csidriver/release/powerflex.md index 27474b840a..389708e5ba 100644 --- a/content/v1/csidriver/release/powerflex.md +++ b/content/v1/csidriver/release/powerflex.md @@ -3,7 +3,9 @@ title: PowerFlex description: Release notes for PowerFlex CSI driver --- -## Release Notes - CSI PowerFlex v2.11.0 +## Release Notes - CSI PowerFlex v2.12.0 + + @@ -15,23 +17,15 @@ description: Release notes for PowerFlex CSI driver ### New Features/Changes -- [#1359 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.16 ](https://github.com/dell/csm/issues/1359) -- [#1400 - [FEATURE]: Support for Kubernetes 1.30](https://github.com/dell/csm/issues/1400) -- [#1358 - [FEATURE]: Support for PowerFlex 4.6](https://github.com/dell/csm/issues/1358) -- [#1397 - [FEATURE]: Observability upgrade is supported in CSM Operator](https://github.com/dell/csm/issues/1397) +- [#1472 - [FEATURE]: Support for Kubernetes 1.31](https://github.com/dell/csm/issues/1472) +- [#1508 - [FEATURE]: Add Support for KubeVirt](https://github.com/dell/csm/issues/1508) +- [#663 - [FEATURE]: Enable/disable automatic SDC deployment along with driver installation.](https://github.com/dell/csm/issues/663) ### Fixed Issues -- [#1209 - [BUG]: Doc hyper links in driver Readme is broken](https://github.com/dell/csm/issues/1209) -- [#1218 - [BUG]: Add the helm-charts-version parameter to the install command for all drivers in csm-docs](https://github.com/dell/csm/issues/1218) -- [#1237 - [BUG]: Error handling not good in node.go:nodeProbe() and other similar functions](https://github.com/dell/csm/issues/1237) -- [#1239 - [BUG]: Changes in new release of google.golang.org/protobuf is causing compilation issues](https://github.com/dell/csm/issues/1239) -- [#1270 - [BUG]: Missing entries for Resiliency in installation wizard template](https://github.com/dell/csm/issues/1270) -- [#1310 - [BUG]: CSI node pod crash after replacing OCP ingress certificate or restarting kubectl service](https://github.com/dell/csm/issues/1310) -- [#1350 - [BUG]: Document update : PowerFlex expecting secret CR as -config in operator ](https://github.com/dell/csm/issues/1350) -- [#1355 - [BUG]: Indentation of secret.yaml mentioned on the csm-doc portal for powerflex driver is incorrect.](https://github.com/dell/csm/issues/1355) -- [#1364 - [BUG]: mkfsFormatOption not working for powerflex](https://github.com/dell/csm/issues/1364) -- [#1366 - [BUG]: Support Minimum 3GB Volume Size for NFS in CSI-PowerFlex](https://github.com/dell/csm/issues/1366) +- [#1448 - [BUG]: CSM-operator build fails from disk space issue](https://github.com/dell/csm/issues/1448) +- [#1521 - [BUG]: PowerFlex e2e-fsgroup tests are failing](https://github.com/dell/csm/issues/1521) +- [#1546 - [BUG]: privTgt mount is lost after vxflexos-node pod restart](https://github.com/dell/csm/issues/1546) ### Known Issues diff --git a/content/v1/csidriver/release/powermax.md b/content/v1/csidriver/release/powermax.md index b703fdc691..a08cd6d55f 100644 --- a/content/v1/csidriver/release/powermax.md +++ b/content/v1/csidriver/release/powermax.md @@ -3,7 +3,7 @@ title: PowerMax description: Release notes for PowerMax CSI driver --- -## Release Notes - CSI PowerMax v2.11.0 +## Release Notes - CSI PowerMax v2.12.0 >Note: Auto SRDF group creation is currently not supported in PowerMaxOS 10.1 (6079) Arrays. @@ -16,24 +16,26 @@ description: Release notes for PowerMax CSI driver + + ### New Features/Changes -- [#1308 - [FEATURE]: NVMe TCP support for PowerMax ](https://github.com/dell/csm/issues/1308) -- [#1359 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.16 ](https://github.com/dell/csm/issues/1359) -- [#1400 - [FEATURE]: Support for Kubernetes 1.30](https://github.com/dell/csm/issues/1400) -- [#1082 - [FEATURE]: CSM Resiliency support for PowerMax](https://github.com/dell/csm/issues/1082) -- [#1397 - [FEATURE]: Observability upgrade is supported in CSM Operator](https://github.com/dell/csm/issues/1397) +- [#1410 - [FEATURE]: Adding support for PowerMax Magnolia](https://github.com/dell/csm/issues/1410) +- [#1472 - [FEATURE]: Support for Kubernetes 1.31](https://github.com/dell/csm/issues/1472) +- [#1473 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.17](https://github.com/dell/csm/issues/1473) +- [#1508 - [FEATURE]: Add Support for KubeVirt](https://github.com/dell/csm/issues/1508) ### Fixed Issues -- [#1209 - [BUG]: Doc hyper links in driver Readme is broken](https://github.com/dell/csm/issues/1209) -- [#1218 - [BUG]: Add the helm-charts-version parameter to the install command for all drivers in csm-docs](https://github.com/dell/csm/issues/1218) -- [#1238 - [BUG]: Missing mountPropagation param for Powermax node template in CSM-Operator](https://github.com/dell/csm/issues/1238) -- [#1239 - [BUG]: Changes in new release of google.golang.org/protobuf is causing compilation issues](https://github.com/dell/csm/issues/1239) -- [#1305 - [BUG]: Create volume even if the size is smaller than possible](https://github.com/dell/csm/issues/1305) -- [#1346 - [BUG]: Parsing an NVME response fails for list-subsys](https://github.com/dell/csm/issues/1346) -- [#1370 - [BUG]: API command to check filesystem is taking 20s + causing ControllerUnPublish to take 20+secs ](https://github.com/dell/csm/issues/1370) -- [#1372 - [BUG]: Make files in repositories build invalid images](https://github.com/dell/csm/issues/1372) +- [#1416 - [BUG]: Dell CSM Installation Issues](https://github.com/dell/csm/issues/1416) +- [#1418 - [BUG]: csi-powermax crashed when attempting to unmount volume from node](https://github.com/dell/csm/issues/1418) +- [#1425 - [BUG]: Incorrect Volume Creation Due to Idempotency in CreateVolume](https://github.com/dell/csm/issues/1425) +- [#1447 - [BUG]: Gobrick does not clean wwids from /etc/multipath/wwids after removing multipath devices ](https://github.com/dell/csm/issues/1447) +- [#1448 - [BUG]: CSM-operator build fails from disk space issue](https://github.com/dell/csm/issues/1448) +- [#1453 - [BUG]: Improve Documentation - Multipath configuration for FC and FC-NVMe attached arrays ](https://github.com/dell/csm/issues/1453) +- [#1499 - [BUG]: Fix Gosec error in service.go](https://github.com/dell/csm/issues/1499) +- [#1519 - [BUG]: Powermax Intergration test failing](https://github.com/dell/csm/issues/1519) +- [#1534 - [BUG]: CSI PowerStore unable to resize NVMe block PVC, even though volume on the array get's resized](https://github.com/dell/csm/issues/1534) ### Known Issues @@ -45,6 +47,7 @@ description: Release notes for PowerMax CSI driver | Automatic SRDF group creation is failing with "Unable to get Remote Port on SAN for Auto SRDF" for PowerMaxOS 10.1 arrays | Create the SRDF Group and add it to the storage class | | [Node stage is failing with error "wwn for FC device not found"](https://github.com/dell/csm/issues/1070)| This is an intermittent issue, rebooting the node will resolve this issue | | When the driver is installed using CSM Operator , few times, pods created using block volume are getting stuck in containercreating/terminating state or devices are not available inside the pod. | Update the daemonset with parameter `mountPropagation: "Bidirectional"` for volumedevices-path under volumeMounts section.| +| When running CSI-PowerMax with Replication in a multi-cluster configuration, the driver on the target cluster fails and the following error is seen in logs: `error="CSI reverseproxy service host or port not found, CSI reverseproxy not installed properly"` | The reverseproxy service needs to be created manually on the target cluster. Follow [the instructions here](../../../deployment/csmoperator/modules/replication#configuration-steps) to create it.| ### Note: - Support for Kubernetes alpha features like Volume Health Monitoring will not be available in Openshift environment as Openshift doesn't support enabling of alpha features for Production Grade clusters. diff --git a/content/v1/csidriver/release/powerscale.md b/content/v1/csidriver/release/powerscale.md index 4ab7bbf89a..c98ffab2ac 100644 --- a/content/v1/csidriver/release/powerscale.md +++ b/content/v1/csidriver/release/powerscale.md @@ -4,7 +4,9 @@ description: Release notes for PowerScale CSI driver --- -## Release Notes - CSI Driver for PowerScale v2.11.0 +## Release Notes - CSI Driver for PowerScale v2.12.0 + + @@ -16,21 +18,16 @@ description: Release notes for PowerScale CSI driver ### New Features/Changes -- [#1359 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.16 ](https://github.com/dell/csm/issues/1359) -- [#1400 - [FEATURE]: Support for Kubernetes 1.30](https://github.com/dell/csm/issues/1400) -- [#1397 - [FEATURE]: Observability upgrade is supported in CSM Operator](https://github.com/dell/csm/issues/1397) -- [#1398 - [FEATURE]: PowerScale OneFS 9.7 support ](https://github.com/dell/csm/issues/1398) +- [#1472 - [FEATURE]: Support for Kubernetes 1.31](https://github.com/dell/csm/issues/1472) +- [#1473 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.17](https://github.com/dell/csm/issues/1473) +- [#1508 - [FEATURE]: Add Support for KubeVirt](https://github.com/dell/csm/issues/1508) ### Fixed Issues -- [#1203 - [BUG]: OCP min/max version support](https://github.com/dell/csm/issues/1203) -- [#1209 - [BUG]: Doc hyper links in driver Readme is broken](https://github.com/dell/csm/issues/1209) -- [#1215 - [BUG]: Discrepancy in their secret](https://github.com/dell/csm/issues/1215) -- [#1218 - [BUG]: Add the helm-charts-version parameter to the install command for all drivers in csm-docs](https://github.com/dell/csm/issues/1218) -- [#1239 - [BUG]: Changes in new release of google.golang.org/protobuf is causing compilation issues](https://github.com/dell/csm/issues/1239) -- [#1270 - [BUG]: Missing entries for Resiliency in installation wizard template](https://github.com/dell/csm/issues/1270) -- [#1316 - [BUG]: PowerScale CSI - Creating PVC from csi snapshot is failing](https://github.com/dell/csm/issues/1316) -- [#1322 - [BUG]: PowerScale CSM: Updating the fsGroupPolicy in the csm is not updating the csidriver](https://github.com/dell/csm/issues/1322) +- [#1438 - [BUG]: Remove mutex locks from interceptors on method calls](https://github.com/dell/csm/issues/1438) +- [#1448 - [BUG]: CSM-operator build fails from disk space issue](https://github.com/dell/csm/issues/1448) +- [#1475 - [BUG]: CSM Operator - Changes to csiDriverSpec does not reflect in CSM state or csidrivers.storage.k8s.io object](https://github.com/dell/csm/issues/1475) +- [#1531 - [BUG]: CSM-Operator resets dell-replication-controller-config configmap](https://github.com/dell/csm/issues/1531) ### Known Issues diff --git a/content/v1/csidriver/release/powerstore.md b/content/v1/csidriver/release/powerstore.md index 64798e62c1..ffda20d3ea 100644 --- a/content/v1/csidriver/release/powerstore.md +++ b/content/v1/csidriver/release/powerstore.md @@ -3,7 +3,9 @@ title: PowerStore description: Release notes for PowerStore CSI driver --- -## Release Notes - CSI PowerStore v2.11.0 +## Release Notes - CSI PowerStore v2.12.0 + + @@ -15,20 +17,19 @@ description: Release notes for PowerStore CSI driver ### New Features/Changes -- [#1359 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.16 ](https://github.com/dell/csm/issues/1359) -- [#1400 - [FEATURE]: Support for Kubernetes 1.30](https://github.com/dell/csm/issues/1400) +- [#1472 - [FEATURE]: Support for Kubernetes 1.31](https://github.com/dell/csm/issues/1472) +- [#1473 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.17](https://github.com/dell/csm/issues/1473) +- [#1508 - [FEATURE]: Add Support for KubeVirt](https://github.com/dell/csm/issues/1508) +- [#1443 - [FEATURE]: PowerStore Sync / Metro for Block - CSM Replication](https://github.com/dell/csm/issues/1443) ### Fixed Issues -- [#1188 - [BUG]: Controller Pod keeps restarting due to "Lost connection to CSI driver" error](https://github.com/dell/csm/issues/1188) -- [#1209 - [BUG]: Doc hyper links in driver Readme is broken](https://github.com/dell/csm/issues/1209) -- [#1216 - [BUG]: Incorrect Error message in Resiliency Podmon in controllerCleanupPod() func](https://github.com/dell/csm/issues/1216) -- [#1218 - [BUG]: Add the helm-charts-version parameter to the install command for all drivers in csm-docs](https://github.com/dell/csm/issues/1218) -- [#1239 - [BUG]: Changes in new release of google.golang.org/protobuf is causing compilation issues](https://github.com/dell/csm/issues/1239) -- [#1270 - [BUG]: Missing entries for Resiliency in installation wizard template](https://github.com/dell/csm/issues/1270) -- [#1317 - [BUG]: CSM PowerStore - Remove the RESTAPI code that is not needed](https://github.com/dell/csm/issues/1317) -- [#1338 - [BUG]: Data loss (DL) when deleting PVC but leaves unusable volumesnapshot and volumesnapshotcontent](https://github.com/dell/csm/issues/1338) -- [#1346 - [BUG]: Parsing an NVME response fails for list-subsys](https://github.com/dell/csm/issues/1346) +- [#1447 - [BUG]: Gobrick does not clean wwids from /etc/multipath/wwids after removing multipath devices ](https://github.com/dell/csm/issues/1447) +- [#1458 - [BUG]: CSI-PowerStore Node Prefix is ignored](https://github.com/dell/csm/issues/1458) +- [#1530 - [BUG]: Duplicate host NQNs on nodes with no logs](https://github.com/dell/csm/issues/1530) +- [#1534 - [BUG]: CSI PowerStore unable to resize NVMe block PVC, even though volume on the array get's resized](https://github.com/dell/csm/issues/1534) +- [#1538 - [BUG]: Host definitions not being created after adding new appliance to secret](https://github.com/dell/csm/issues/1538) +- [#1539 - [BUG]: Wrong storage protocol used when multiple PowerStore arrays are defined in secret](https://github.com/dell/csm/issues/1539) ### Known Issues diff --git a/content/v1/csidriver/release/unity.md b/content/v1/csidriver/release/unity.md index b889bf3294..edb613665a 100644 --- a/content/v1/csidriver/release/unity.md +++ b/content/v1/csidriver/release/unity.md @@ -3,7 +3,9 @@ title: Unity XT description: Release notes for Unity XT CSI driver --- -## Release Notes - CSI Unity XT v2.11.0 +## Release Notes - CSI Unity XT v2.12.0 + + @@ -15,20 +17,13 @@ description: Release notes for Unity XT CSI driver ### New Features/Changes -- [#1359 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.16 ](https://github.com/dell/csm/issues/1359) -- [#1400 - [FEATURE]: Support for Kubernetes 1.30](https://github.com/dell/csm/issues/1400) -- [#1399 - [FEATURE]: Unity 5.4 Support](https://github.com/dell/csm/issues/1399) +- [#1472 - [FEATURE]: Support for Kubernetes 1.31](https://github.com/dell/csm/issues/1472) +- [#1473 - [FEATURE]: Add Support for OpenShift Container Platform (OCP) 4.17](https://github.com/dell/csm/issues/1473) ### Fixed Issues -- [#1198 - [BUG]: Topology-related node labels are not added automatically](https://github.com/dell/csm/issues/1198) -- [#1206 - [BUG]: Snapshot ingestion procedure for CSI Unity Driver misising ](https://github.com/dell/csm/issues/1206) -- [#1209 - [BUG]: Doc hyper links in driver Readme is broken](https://github.com/dell/csm/issues/1209) -- [#1218 - [BUG]: Add the helm-charts-version parameter to the install command for all drivers in csm-docs](https://github.com/dell/csm/issues/1218) -- [#1222 - [BUG]: Cannot configure export IP for CSI-Unity ](https://github.com/dell/csm/issues/1222) -- [#1239 - [BUG]: Changes in new release of google.golang.org/protobuf is causing compilation issues](https://github.com/dell/csm/issues/1239) -- [#1270 - [BUG]: Missing entries for Resiliency in installation wizard template](https://github.com/dell/csm/issues/1270) -- [#1279 - [BUG]: unable to install the UNITY driver in NAT Env](https://github.com/dell/csm/issues/1279) +- [#1447 - [BUG]: Gobrick does not clean wwids from /etc/multipath/wwids after removing multipath devices ](https://github.com/dell/csm/issues/1447) +- [#1448 - [BUG]: CSM-operator build fails from disk space issue](https://github.com/dell/csm/issues/1448) ### Known Issues diff --git a/content/v1/csidriver/troubleshooting/powermax.md b/content/v1/csidriver/troubleshooting/powermax.md index 66a3026544..27af1ef2c4 100644 --- a/content/v1/csidriver/troubleshooting/powermax.md +++ b/content/v1/csidriver/troubleshooting/powermax.md @@ -20,3 +20,4 @@ description: Troubleshooting PowerMax Driver | nodestage is failing with error `Error invalid IQN Target iqn.EMC.0648.SE1F` | 1. Update initiator name to full default name , ex: iqn.1993-08.org.debian:01:e9afae962192
2.Ensure that the iSCSI initiators are available on all the nodes where the driver node plugin will be installed and it should be full default name. | | Volume mount is failing on few OS(ex:VMware Virtual Platform) during node publish with error `wrong fs type, bad option, bad superblock` | 1. Check the multipath configuration(if enabled) 2. Edit Vm Advanced settings->hardware and add the param `disk.enableUUID=true` and reboot the node | | Standby controller pod is in crashloopbackoff state | Scale down the replica count of the controller pod's deployment to 1 using ```kubectl scale deployment --replicas=1 -n ``` | +| When running CSI-PowerMax with Replication in a multi-cluster configuration, the driver on the target cluster fails and the following error is seen in logs: `error="CSI reverseproxy service host or port not found, CSI reverseproxy not installed properly"` | The reverseproxy service needs to be created manually on the target cluster. Follow [the instructions here](../../../deployment/csmoperator/modules/replication#configuration-steps) to create it.| diff --git a/content/v1/csm_hexagon.png b/content/v1/csm_hexagon.png index bba9f9e0a1..9f999800cf 100644 Binary files a/content/v1/csm_hexagon.png and b/content/v1/csm_hexagon.png differ diff --git a/content/v1/deployment/_index.md b/content/v1/deployment/_index.md index ff85a9e527..470e385582 100644 --- a/content/v1/deployment/_index.md +++ b/content/v1/deployment/_index.md @@ -10,7 +10,7 @@ The Container Storage Modules along with the required CSI Drivers can each be de {{% cardpane %}} {{< card header="[**CSM Operator**](csmoperator/)" - footer="Supported drivers: [PowerScale](csmoperator/drivers/powerscale/), [PowerStore](csmoperator/drivers/powerstore/), [PowerFlex](csmoperator/drivers/powerflex/), [PowerMax](csmoperator/drivers/powermax/), [Unity XT](csmoperator/drivers/unity/)
Supported modules: [Authorization](csmoperator/modules/authorization/), [Replication](csmoperator/modules/replication/), [Observability](csmoperator/modules/observability/)">}} + footer="Supported drivers: [PowerScale](csmoperator/drivers/powerscale/), [PowerStore](csmoperator/drivers/powerstore/), [PowerFlex](csmoperator/drivers/powerflex/), [PowerMax](csmoperator/drivers/powermax/), [Unity XT](csmoperator/drivers/unity/)
Supported modules: [Authorization](csmoperator/modules/authorization-v2.0/), [Replication](csmoperator/modules/replication/), [Observability](csmoperator/modules/observability/), [Resiliency](csmoperator/modules/resiliency/)">}} Dell CSM Operator is a Kubernetes Operator, which can be used to install and manage the CSI Drivers and CSM Modules provided by Dell for various storage platforms. This operator is available as a community operator for upstream Kubernetes and can be deployed using OperatorHub.io. The operator can be installed using OLM (Operator Lifecycle Manager) or manually. [...More on installation instructions](csmoperator/) {{< /card >}} @@ -41,16 +41,16 @@ The Container Storage Modules and the required CSI Drivers can each be deployed CSM for Observability can be deployed either via Helm/CSM operator/CSM for Observability Installer/CSM for Observability Offline Installer [...More on installation instructions](helm/modules/installation/observability/) {{< /card >}} - {{< card header="[Dell Container Storage Module for Authorization](helm/modules/installation/authorization/)" + {{< card header="[Dell Container Storage Module for Authorization](helm/modules/installation/authorization-v2.0/)" footer="Installs Authorization Module">}} - CSM Authorization can be installed by using the provided Helm v3 charts on Kubernetes platforms or CSM operator. - [...More on installation instructions](helm/modules/installation/authorization/) + CSM Authorization can be installed by using the provided Helm v3 charts on Kubernetes platforms or CSM operator. + [...More on installation instructions](helm/modules/installation/authorization-v2.0/) {{< /card >}} {{% /cardpane %}} {{% cardpane %}} {{< card header="[Dell Container Storage Module for Resiliency](helm/modules/installation/resiliency)" footer="Installs Resiliency Module">}} - CSI drivers that support Helm chart installation allow CSM for Resiliency to be _optionally_ installed by variables in the chart. It can be updated via _podmon_ block specified in the _values.yaml_. It can be installed via CSM operator as well. + CSI drivers that support Helm chart installation allow CSM for Resiliency to be _optionally_ installed by variables in the chart. It can be updated via _podmon_ block specified in the _values.yaml_. It can be installed via CSM operator as well. [...More on installation instructions](helm/modules/installation/resiliency) {{< /card >}} {{< card header="[Dell Container Storage Module for Replication](helm/modules/installation/replication)" @@ -59,10 +59,3 @@ The Container Storage Modules and the required CSI Drivers can each be deployed [...More on installation instructions](helm/modules/installation/replication) {{< /card >}} {{% /cardpane %}} -{{% cardpane %}} - {{< card header="[Dell Container Storage Module for Encryption](helm/modules/installation/encryption)" - footer="Installs Encryption Module">}} - Encryption can be optionally installed via the PowerScale CSI driver Helm chart. - [...More on installation instructions](helm/modules/installation/encryption) - {{< /card >}} -{{% /cardpane %}} diff --git a/content/v1/deployment/csminstallationwizard/_index.md b/content/v1/deployment/csminstallationwizard/_index.md index e8fd5038b3..25b74c4fc3 100644 --- a/content/v1/deployment/csminstallationwizard/_index.md +++ b/content/v1/deployment/csminstallationwizard/_index.md @@ -4,6 +4,9 @@ linkTitle: "CSM Installation Wizard" description: Container Storage Modules Installation Wizard weight: 1 --- +{{% pageinfo color="primary" %}} +{{< message text="1" >}} +{{% /pageinfo %}} The [Dell Container Storage Modules Installation Wizard](./src/index.html) is a webpage that generates a manifest file for installing Dell CSI Drivers and its supported CSM Modules, based on input from the user. It generates a single manifest file to install both Dell CSI Drivers and its supported CSM Modules, thereby eliminating the need to download individual Helm charts for drivers and modules. The user can enable or disable the necessary modules through the UI, and a manifest file is generated accordingly without manually editing the helm charts. @@ -13,33 +16,33 @@ The [Dell Container Storage Modules Installation Wizard](./src/index.html) is a | CSI Driver | Version | Helm | Operator | | ------------------ | --------- | ------ | --------- | -| CSI PowerStore | 2.11.0 |✔️ |✔️ | +| CSI PowerStore | 2.12.0 |✔️ |✔️ | +| CSI PowerStore | 2.11.1 |✔️ |✔️ | | CSI PowerStore | 2.10.1 |✔️ |✔️ | | CSI PowerStore | 2.9.1 |✔️ |✔️ | -| CSI PowerStore | 2.8.0 |✔️ |✔️ | +| CSI PowerMax | 2.12.0 |✔️ |✔️ | | CSI PowerMax | 2.11.0 |✔️ |✔️ | | CSI PowerMax | 2.10.1 |✔️ |✔️ | | CSI PowerMax | 2.9.1 |✔️ |✔️ | -| CSI PowerMax | 2.8.0 |✔️ |✔️ | +| CSI PowerFlex | 2.12.0 |✔️ |❌ | | CSI PowerFlex | 2.11.0 |✔️ |❌ | | CSI PowerFlex | 2.10.1 |✔️ |❌ | -| CSI PowerFlex | 2.9.1 |✔️ |❌ | -| CSI PowerFlex | 2.8.0 |✔️ |❌ | +| CSI PowerFlex | 2.9.1 |✔️ |❌ | +| CSI PowerScale | 2.12.0 |✔️ |✔️ | | CSI PowerScale | 2.11.0 |✔️ |✔️ | | CSI PowerScale | 2.10.1 |✔️ |✔️ | -| CSI PowerScale | 2.9.1 |✔️ |✔️ | -| CSI PowerScale | 2.8.0 |✔️ |✔️ | +| CSI PowerScale | 2.9.1 |✔️ |✔️ | +| CSI Unity XT | 2.12.0 |✔️ |❌ | | CSI Unity XT | 2.11.0 |✔️ |❌ | | CSI Unity XT | 2.10.1 |✔️ |❌ | -| CSI Unity XT | 2.9.1 |✔️ |❌ | -| CSI Unity XT | 2.8.0 |✔️ |❌ | +| CSI Unity XT | 2.9.1 |✔️ |❌ | >NOTE: The Installation Wizard currently does not support operator-based manifest file generation for Unity XT and PowerFlex drivers. ## Supported Dell CSM Modules -| CSM Modules | Version | -| ---------------------| --------- | +| CSM Modules | Version | +| ---------------------| --------- | | CSM Observability | 1.7.0+ | | CSM Replication | 1.7.0+ | | CSM Resiliency | 1.7.0+ | @@ -50,15 +53,15 @@ The [Dell Container Storage Modules Installation Wizard](./src/index.html) is a 2. Select the `Installation Type` as `Helm`/`Operator`. 3. Select the `Array`. 4. Enter the `Image Repository`. The default value is `dellemc`. -5. Select the `CSM Version`. -6. Select the modules for installation. If there are module specific inputs, enter their values. +5. Select the `CSM Version`. +6. Select the modules for installation. If there are module specific inputs, enter their values. 7. If needed, modify the `Controller Pods Count`. 8. If needed, select `Install Controller Pods on Control Plane` and/or `Install Node Pods on Control Plane`. 9. Enter the `Namespace`. The default value is `csi-`. 10. Click on `Generate YAML`. -13. A manifest file, `values.yaml` will be generated and downloaded. +13. A manifest file, `values.yaml` will be generated and downloaded. 14. A section `Run the following commands to install` will be displayed. -15. Run the commands displayed to install Dell CSI Driver and Modules using the generated manifest file. +15. Run the commands displayed to install Dell CSI Driver and Modules using the generated manifest file. ## Installation Using Helm Chart @@ -90,7 +93,7 @@ The [Dell Container Storage Modules Installation Wizard](./src/index.html) is a 5. If Observability is checked in the wizard, refer to [Observability](../csmoperator/modules/observability#post-installation-dependencies) to export metrics to Prometheus and load the Grafana dashboards. -6. If Authorization is checked in the wizard, only the sidecar is enabled. Refer to [Authorization](../../deployment/helm/modules/installation/authorization/) to install and configure the CSM Authorization Proxy Server. +6. If Authorization is checked in the wizard, only the sidecar is enabled. Refer to [Authorization](../../deployment/helm/modules/installation/authorization-v2.0/) to install and configure the CSM Authorization Proxy Server. 7. If Replication is checked in the wizard, refer to [Replication](../../deployment/helm/modules/installation/replication/) on configuring communication between Kubernetes clusters. @@ -119,7 +122,7 @@ The [Dell Container Storage Modules Installation Wizard](./src/index.html) is a 3. If Observability is checked in the wizard, refer to [Observability](../csmoperator/modules/observability) to export metrics to Prometheus and load the Grafana dashboards. -4. If Authorization is checked in the wizard, only the sidecar is enabled. Refer to [Authorization](../csmoperator/modules/authorization) to install and configure the CSM Authorization Proxy Server. +4. If Authorization is checked in the wizard, only the sidecar is enabled. Refer to [Authorization](../csmoperator/modules/authorization-v2.0) to install and configure the CSM Authorization Proxy Server. 5. If Replication is checked in the wizard, refer to [Replication](../csmoperator/modules/replication) for the necessary prerequisites required for this module. diff --git a/content/v1/deployment/csminstallationwizard/release/_index.md b/content/v1/deployment/csminstallationwizard/release/_index.md index 756c37405b..a329f84c51 100644 --- a/content/v1/deployment/csminstallationwizard/release/_index.md +++ b/content/v1/deployment/csminstallationwizard/release/_index.md @@ -5,7 +5,9 @@ weight: 5 description: Release notes for CSM Installation Wizard --- -## Release Notes - CSM Installation Wizard 1.3.0 +## Release Notes - CSM Installation Wizard 1.4.1 + + @@ -19,8 +21,7 @@ There are no new features in this release. ### Fixed Issues -- [#1270 - [BUG]: Missing entries for Resiliency in installation wizard template](https://github.com/dell/csm/issues/1270) -- [#1275 - [BUG]: Installation Wizard creates a 0Byte file when selecting Operator for the installation type](https://github.com/dell/csm/issues/1275) +- [#1540 - [BUG]: CSM Installation Wizard ](https://github.com/dell/csm/issues/1540) ### Known Issues diff --git a/content/v1/deployment/csminstallationwizard/src/csm-versions/default-values.properties b/content/v1/deployment/csminstallationwizard/src/csm-versions/default-values.properties index 7ec130a487..a4de686591 100644 --- a/content/v1/deployment/csminstallationwizard/src/csm-versions/default-values.properties +++ b/content/v1/deployment/csminstallationwizard/src/csm-versions/default-values.properties @@ -1,4 +1,4 @@ -csmVersion=1.11.0 +csmVersion=1.12.0 imageRepository=dellemc controllerCount=1 nodeSelectorLabel=node-role.kubernetes.io/control-plane: diff --git a/content/v1/deployment/csminstallationwizard/src/index.html b/content/v1/deployment/csminstallationwizard/src/index.html index 599eb0e03b..956d1031a9 100644 --- a/content/v1/deployment/csminstallationwizard/src/index.html +++ b/content/v1/deployment/csminstallationwizard/src/index.html @@ -16,7 +16,9 @@ -
+ +
+
Container Storage Modules (CSM) Installation Wizard @@ -80,10 +82,10 @@
@@ -344,13 +346,26 @@
+
+
+ + +
+
+
+ + SDC is required for using block storage. Verify your environment is supported on the SDC Release Notes before selecting this option. If your environment is not supported, refer to the manual installation instructions on the CSM Documentation. +
+
+
+
- +
- +
@@ -360,8 +375,14 @@
- - + + +
+
+
+ + +
diff --git a/content/v1/deployment/csminstallationwizard/src/package.json b/content/v1/deployment/csminstallationwizard/src/package.json index 90c788dfe1..799e93b1ca 100644 --- a/content/v1/deployment/csminstallationwizard/src/package.json +++ b/content/v1/deployment/csminstallationwizard/src/package.json @@ -18,8 +18,8 @@ "homepage": "https://github.com/dell/csm-docs/#readme", "devDependencies": { "jest": "^29.3.1", - "jest-environment-jsdom": "^29.3.1", - "jquery": "^3.6.3", - "jest-junit": "^15.0.0" + "jest-environment-jsdom": "^29.7.0", + "jest-junit": "^15.0.0", + "jquery": "^3.6.3" } } diff --git a/content/v1/deployment/csminstallationwizard/src/static/css/style.css b/content/v1/deployment/csminstallationwizard/src/static/css/style.css index e309e14b39..d58e50a03f 100644 --- a/content/v1/deployment/csminstallationwizard/src/static/css/style.css +++ b/content/v1/deployment/csminstallationwizard/src/static/css/style.css @@ -147,4 +147,4 @@ main { padding-bottom: 150px; - } \ No newline at end of file + } diff --git a/content/v1/deployment/csminstallationwizard/src/static/js/commands.js b/content/v1/deployment/csminstallationwizard/src/static/js/commands.js index 08f947709f..18af0fe845 100644 --- a/content/v1/deployment/csminstallationwizard/src/static/js/commands.js +++ b/content/v1/deployment/csminstallationwizard/src/static/js/commands.js @@ -26,6 +26,7 @@ var nodeSelectorNote = 'For the pod to be eligible to run on a node, the node mu const snapshotNote = 'If Snapshot is enabled, ensure the Snapshot CRDs are installed'; const certmanagerNote = 'If cert-manager is enabled, ensure the cert-manager CRDs are installed'; +const approveSdcNote = 'If approve SDC is not enabled, ensure to approve the SDC manually before provisioning'; const veleroNote = 'If Velero is enabled, please add the respective credentials and configurations in the YAML file.'; const podmonNote = 'Uncomment tolerations under node property, if CSM for Resiliency and CSI Driver pods monitor are enabled in the generated YAML'; const authorizationNote = 'Only the Authorization sidecar is enabled by the CSM Installation Wizard. The Proxy Server has to be installed and configured separately'; diff --git a/content/v1/deployment/csminstallationwizard/src/static/js/constants.js b/content/v1/deployment/csminstallationwizard/src/static/js/constants.js index 18787eed66..179562e14d 100644 --- a/content/v1/deployment/csminstallationwizard/src/static/js/constants.js +++ b/content/v1/deployment/csminstallationwizard/src/static/js/constants.js @@ -40,10 +40,10 @@ const CONSTANTS = { PROPERTIES: ".properties", HELM: "helm", OPERATOR: "operator", - CSM_HELM_V180: "1.1.0", CSM_HELM_V193: "1.2.1", CSM_HELM_V1102: "1.3.2", - CSM_HELM_V1110: "1.4.0", + CSM_HELM_V1111: "1.4.1", + CSM_HELM_V1120: "1.5.0", HELM_TAINTS: ` - key: "$KEY" operator: "Exists" diff --git a/content/v1/deployment/csminstallationwizard/src/static/js/generate-yaml.js b/content/v1/deployment/csminstallationwizard/src/static/js/generate-yaml.js index 6ee6df8fe8..19bcc6fdff 100644 --- a/content/v1/deployment/csminstallationwizard/src/static/js/generate-yaml.js +++ b/content/v1/deployment/csminstallationwizard/src/static/js/generate-yaml.js @@ -126,6 +126,7 @@ function setValues(csmMapValues, CONSTANTS_PARAM) { DriverValues.vSphereVCenterHost = $("#vSphere-vCenter-host").val(); DriverValues.vSphereVCenterCredSecret = $("#vSphere-vCenter-cred-secret").val(); DriverValues.renameSDC = $("#rename-sdc").prop('checked') ? true : false; + DriverValues.sdcEnabled = $("#enable-sdc").prop('checked') ? true : false; DriverValues.sdcPrefix = $("#sdc-prefix").val(); DriverValues.approveSDC = $("#approve-sdc").prop('checked') ? true : false; DriverValues.enableQuota = $("#enable-quota").prop('checked') ? true : false; @@ -186,6 +187,7 @@ function createYamlString(yamlTpl, yamlTplValues, driverParam, CONSTANTS_PARAM) yamlTpl = yamlTpl.replaceAll("$NODE_TOLERATIONS", yamlTplValues.nodeTolerations); yamlTpl = yamlTpl.replaceAll("$TARGET_ARRAY_ID", yamlTplValues.targetArrayID); yamlTpl = yamlTpl.replaceAll("$TARGET_UNISPHERE", yamlTplValues.targetUnisphere); + yamlTpl = yamlTpl.replaceAll("$SDC_ENABLED", yamlTplValues.sdcEnabled); yamlTpl = yamlTpl.replaceAll("$RENAME_SDC_ENABLED", yamlTplValues.renameSDC); yamlTpl = yamlTpl.replaceAll("$SDC_PREFIX", yamlTplValues.sdcPrefix); yamlTpl = yamlTpl.replaceAll("$APPROVE_SDC_ENABLED", yamlTplValues.approveSDC); diff --git a/content/v1/deployment/csminstallationwizard/src/static/js/tests/generate-yaml.test.js b/content/v1/deployment/csminstallationwizard/src/static/js/tests/generate-yaml.test.js index 5a7eb48ace..4d5fd390c8 100644 --- a/content/v1/deployment/csminstallationwizard/src/static/js/tests/generate-yaml.test.js +++ b/content/v1/deployment/csminstallationwizard/src/static/js/tests/generate-yaml.test.js @@ -42,10 +42,10 @@ const CONSTANTS = { PROPERTIES: ".properties", HELM: "helm", OPERATOR: "operator", - CSM_HELM_V180: "1.1.0", CSM_HELM_V193: "1.2.1", CSM_HELM_V1102: "1.3.2", - CSM_HELM_V1110: "1.4.0", + CSM_HELM_V1111: "1.4.1", + CSM_HELM_V1120: "1.5.0", HELM_TAINTS: ` - key: "$KEY" operator: "Exists" @@ -64,21 +64,21 @@ const CONSTANTS = { }; const testCSMMap = new Map([ - ["csmVersion", "1.7.0"], + ["csmVersion", "1.12.0"], ["imageRepository", "dellemc"], ["maxVolumesPerNode", "0"], ["controllerCount", "1"], ["volNamePrefix", "csivol"], ["snapNamePrefix", "csi-snap"], ["nodeSelectorLabel", "node-role.kubernetes.io/control-plane:"], - ["driverVersion", "v2.7.0"], + ["driverVersion", "v2.12.0"], ]); describe("GIVEN setValues function", () => { test("SHOULD return expected DriverValues for Helm", () => { document.body.innerHTML = ` + @@ -124,8 +125,8 @@ describe("GIVEN setValues function", () => { `; const expected = { - csmVersion: '1.7.0', - driverVersion: 'v2.7.0', + csmVersion: '1.12.0', + driverVersion: 'v2.12.0', imageRepository: 'dellemc', monitor: false, certSecretCount: '1', @@ -190,6 +191,7 @@ describe("GIVEN setValues function", () => { observabilityOperatorTopology: false, topologyEnabled: false, transportProtocol: "", + sdcEnabled: false, renameSDC: false, sdcPrefix: "", approveSDC: false, @@ -203,7 +205,7 @@ describe("GIVEN setValues function", () => { test("SHOULD return expected DriverValues for Operator", () => { document.body.innerHTML = ` + @@ -249,8 +252,8 @@ describe("GIVEN setValues function", () => { `; const expected = { - csmVersion: '1.7.0', - driverVersion: 'v2.7.0', + csmVersion: '1.12.0', + driverVersion: 'v2.12.0', imageRepository: 'dellemc', monitor: false, certSecretCount: '1', @@ -315,6 +318,7 @@ describe("GIVEN setValues function", () => { observabilityOperatorTopology: false, topologyEnabled: false, transportProtocol: "", + sdcEnabled: false, renameSDC: false, sdcPrefix: "", approveSDC: false, @@ -396,7 +400,605 @@ describe("GIVEN createYamlString function", () => { ######################## csi-powerstore: enabled: $POWERSTORE_ENABLED + version: v2.12.0 + images: + driverRepository: $IMAGE_REPOSITORY + ## Controller ATTRIBUTES + controller: + controllerCount: $CONTROLLER_COUNT + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + replication: + enabled: $REPLICATION_ENABLED + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 + vgsnapshot: + enabled: $VG_SNAPSHOT_ENABLED + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 + snapshot: + enabled: $SNAPSHOT_ENABLED + resizer: + enabled: $RESIZER_ENABLED + ## Node ATTRIBUTES + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $NODE_POD_NODE_SELECTOR + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # tolerations: + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.powerstore.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "powerstore.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + storageCapacity: + enabled: $STORAGE_CAPACITY_ENABLED + podmon: + enabled: $RESILIENCY_ENABLED + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 + maxPowerstoreVolumesPerNode: $MAX_VOLUMES_PER_NODE + + ## K8S/PowerMax ATTRIBUTES + ########################################## + csi-powermax: + enabled: $POWERMAX_ENABLED + global: + storageArrays: + - storageArrayId: "" + endpoint: "" + backupEndpoint: "" + - storageArrayId: "" + endpoint: "" + managementServers: + - endpoint: "" + - endpoint: "" + version: v2.6.0 + images: + driverRepository: $IMAGE_REPOSITORY + clusterPrefix: $POWERMAX_CLUSTER_PREFIX + portGroups: "$POWERMAX_PORT_GROUPS" + controller: + controllerCount: $CONTROLLER_COUNT + snapshot: + enabled: $SNAPSHOT_ENABLED + resizer: + enabled: $RESIZER_ENABLED + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $NODE_POD_NODE_SELECTOR + csireverseproxy: + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 + deployAsSidecar: true + replication: + enabled: $REPLICATION_ENABLED + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 + migration: + enabled: $MIGRATION_ENABLED + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 + authorization: + enabled: $AUTHORIZATION_ENABLED + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 + proxyHost: $AUTHORIZATION_PROXY_HOST + skipCertificateValidation: $AUTHORIZATION_SKIP_CERTIFICATE_VALIDATION + vSphere: + enabled: $VSPHERE_ENABLED + fcPortGroup: "$VSPHERE_FC_PORT_GROUP" + fcHostName: "$VSPHERE_FC_HOST_NAME" + vCenterHost: "$VSPHERE_VCENTER_HOST" + vCenterCredSecret: $VSPHERE_VCENTER_CRED_SECRET + + ## CSI PowerFlex + ######################## + csi-vxflexos: + enabled: $POWERFLEX_ENABLED + version: v2.12.0 + images: + driverRepository: $IMAGE_REPOSITORY + powerflexSdc: dellemc/sdc:3.6.0.6 + certSecretCount: $CERT_SECRET_COUNT + controller: + replication: + enabled: $REPLICATION_ENABLED + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + controllerCount: $CONTROLLER_COUNT + snapshot: + enabled: $SNAPSHOT_ENABLED + resizer: + enabled: $RESIZER_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + sdc: + enabled: $SDC_ENABLED + nodeSelector: $NODE_POD_NODE_SELECTOR + renameSDC: + enabled: $RENAME_SDC_ENABLED + sdcPrefix: $SDC_PREFIX + approveSDC: + enabled: $APPROVE_SDC_ENABLED + tolerations: + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + monitor: + enabled: $MONITOR_ENABLED + vgsnapshotter: + enabled: $VG_SNAPSHOT_ENABLED + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 + podmon: + enabled: $RESILIENCY_ENABLED + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 + authorization: + enabled: $AUTHORIZATION_ENABLED + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 + proxyHost: $AUTHORIZATION_PROXY_HOST + + ## CSI Unity + ######################## + csi-unity: + enabled: $UNITY_ENABLED + version: v2.12.0 + images: + driverRepository: $IMAGE_REPOSITORY + certSecretCount: 1 + fsGroupPolicy: $FSGROUP_POLICY + controller: + controllerCount: $CONTROLLER_COUNT + volumeNamePrefix: $VOLUME_NAME_PREFIX + snapshot: + enabled: $SNAPSHOT_ENABLED + snapNamePrefix: $SNAP_NAME_PREFIX + resizer: + enabled: $RESIZER_ENABLED + nodeSelector: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + podmon: + enabled: $RESILIENCY_ENABLED + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 + + ## K8S/Replication Module ATTRIBUTES + ########################################## + csm-replication: + enabled: $REPLICATION_ENABLED + + ## K8S/Observability Module ATTRIBUTES + ########################################## + karavi-observability: + enabled: $OBSERVABILITY_ENABLED + karaviMetricsPowerstore: + enabled: $POWERSTORE_OBSERVABILITY_METRICS_ENABLED + karaviMetricsPowerMax: + enabled: $POWERMAX_OBSERVABILITY_METRICS_ENABLED + karaviMetricsPowerflex: + enabled: $POWERFLEX_OBSERVABILITY_METRICS_ENABLED + karaviMetricsPowerscale: + enabled: $POWERSCALE_OBSERVABILITY_METRICS_ENABLED + cert-manager: + enabled: false + + ## K8S/Cert-manager ATTRIBUTES + ########################################## + cert-manager: + enabled: $CERT_MANAGER_ENABLED + `; + + const testObjectSdc = { + csmVersion: "1.12.0", + driverVersion: "v2.12.0", + imageRepository: "dellemc", + maxVolumesPerNode: "0", + controllerCount: "1", + fsGroupPolicy: "ReadWriteOnceWithFSType", + volNamePrefix: "csivol", + snapNamePrefix: "csi-snap", + controllerPodsNodeSelector: false, + nodePodsNodeSelector: false, + resiliency: false, + storageCapacity: false, + snapshot: true, + vgsnapshot: false, + resizer: true, + healthMonitor: false, + replication: false, + observability: true, + observabilityMetrics: true, + authorization: false, + authorizationSkipCertValidation: true, + vgsnapshotImage: "quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0", + replicationImage: "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0", + authorizationImage: "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0", + certManagerEnabled: false, + authorizationProxyHost: '', + monitor: false, + certSecretCount: 0, + storageArrayId: "", + storageArrayEndpointUrl: '""', + storageArrayBackupEndpointUrl: '""', + clusterPrefix: "", + portGroups: "", + vSphereEnabled: false, + vSphereFCPortGroup: "csi-vsphere-VC-PG", + vSphereFCHostName: "csi-vsphere-VC-HN", + vSphereVCenterHost: "00.000.000.00", + vSphereVCenterCredSecret: "vcenter-creds", + migration: false, + sdcEnabled: true, + renameSDC: false, + sdcPrefix: "sdc-test", + approveSDC: false + }; + + test("SHOULD return correct generated yaml file string for driver csi-powerflex", () => { + const expected = ` + ## K8S/DRIVER ATTRIBUTES + ######################## + csi-powerstore: + enabled: false + version: v2.12.0 + images: + driverRepository: dellemc + ## Controller ATTRIBUTES + controller: + controllerCount: 1 + healthMonitor: + enabled: false + nodeSelector: false + replication: + enabled: false + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 + vgsnapshot: + enabled: false + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 + snapshot: + enabled: true + resizer: + enabled: true + ## Node ATTRIBUTES + node: + healthMonitor: + enabled: false + nodeSelector: false + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # tolerations: + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.powerstore.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "powerstore.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + storageCapacity: + enabled: false + podmon: + enabled: false + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 + maxPowerstoreVolumesPerNode: 0 + + ## K8S/PowerMax ATTRIBUTES + ########################################## + csi-powermax: + enabled: false + global: + storageArrays: + # - storageArrayId: "" + # endpoint: "" + backupEndpoint: "" + # - storageArrayId: "" + # endpoint: "" + managementServers: + # - endpoint: "" + # - endpoint: "" version: v2.6.0 + images: + driverRepository: dellemc + clusterPrefix: + portGroups: "" + controller: + controllerCount: 1 + snapshot: + enabled: true + resizer: + enabled: true + healthMonitor: + enabled: false + nodeSelector: false + node: + healthMonitor: + enabled: false + nodeSelector: false + csireverseproxy: + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 + deployAsSidecar: true + replication: + enabled: false + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 + migration: + enabled: false + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 + authorization: + enabled: false + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 + proxyHost: + skipCertificateValidation: true + vSphere: + enabled: false + fcPortGroup: "csi-vsphere-VC-PG" + fcHostName: "csi-vsphere-VC-HN" + vCenterHost: "00.000.000.00" + vCenterCredSecret: vcenter-creds + + ## CSI PowerFlex + ######################## + csi-vxflexos: + enabled: true + version: v2.12.0 + images: + driverRepository: dellemc + powerflexSdc: dellemc/sdc:3.6.0.6 + certSecretCount: 0 + controller: + replication: + enabled: false + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 + healthMonitor: + enabled: false + controllerCount: 1 + snapshot: + enabled: true + resizer: + enabled: true + nodeSelector: false + node: + healthMonitor: + enabled: false + sdc: + enabled: true + nodeSelector: false + renameSDC: + enabled: false + sdcPrefix: sdc-test + approveSDC: + enabled: false + tolerations: + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + monitor: + enabled: false + vgsnapshotter: + enabled: false + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 + podmon: + enabled: false + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 + authorization: + enabled: false + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 + proxyHost: + + ## CSI Unity + ######################## + csi-unity: + enabled: false + version: v2.12.0 + images: + driverRepository: dellemc + certSecretCount: 1 + fsGroupPolicy: ReadWriteOnceWithFSType + controller: + controllerCount: 1 + volumeNamePrefix: csivol + snapshot: + enabled: true + snapNamePrefix: csi-snap + resizer: + enabled: true + nodeSelector: + healthMonitor: + enabled: false + node: + healthMonitor: + enabled: false + nodeSelector: + tolerations: + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint + # - key: "node-role.kubernetes.io/master" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint + # - key: "node-role.kubernetes.io/control-plane" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + podmon: + enabled: false + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 + + ## K8S/Replication Module ATTRIBUTES + ########################################## + csm-replication: + enabled: false + + ## K8S/Observability Module ATTRIBUTES + ########################################## + karavi-observability: + enabled: true + karaviMetricsPowerstore: + enabled: false + karaviMetricsPowerMax: + enabled: false + karaviMetricsPowerflex: + enabled: true + karaviMetricsPowerscale: + enabled: false + cert-manager: + enabled: false + + ## K8S/Cert-manager ATTRIBUTES + ########################################## + cert-manager: + enabled: false + `; + + const received = createYamlString(testYAML, testObjectSdc, "powerflex", CONSTANTS); + expect(received).toEqual(expected); + }); + +}); + +describe("GIVEN createYamlString function", () => { + const testYAML = ` + ## K8S/DRIVER ATTRIBUTES + ######################## + csi-powerstore: + enabled: $POWERSTORE_ENABLED + version: v2.12.0 images: driverRepository: $IMAGE_REPOSITORY ## Controller ATTRIBUTES @@ -407,10 +1009,10 @@ describe("GIVEN createYamlString function", () => { nodeSelector: $CONTROLLER_POD_NODE_SELECTOR replication: enabled: $REPLICATION_ENABLED - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 vgsnapshot: enabled: $VG_SNAPSHOT_ENABLED - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 snapshot: enabled: $SNAPSHOT_ENABLED resizer: @@ -450,7 +1052,7 @@ describe("GIVEN createYamlString function", () => { enabled: $STORAGE_CAPACITY_ENABLED podmon: enabled: $RESILIENCY_ENABLED - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 maxPowerstoreVolumesPerNode: $MAX_VOLUMES_PER_NODE ## K8S/PowerMax ATTRIBUTES @@ -486,18 +1088,18 @@ describe("GIVEN createYamlString function", () => { enabled: $HEALTH_MONITOR_ENABLED nodeSelector: $NODE_POD_NODE_SELECTOR csireverseproxy: - image: dellemc/csipowermax-reverseproxy:v2.5.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 deployAsSidecar: true replication: enabled: $REPLICATION_ENABLED - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 migration: enabled: $MIGRATION_ENABLED - image: dellemc/dell-csi-migrator:v1.1.0 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0 + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 authorization: enabled: $AUTHORIZATION_ENABLED - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: $AUTHORIZATION_PROXY_HOST skipCertificateValidation: $AUTHORIZATION_SKIP_CERTIFICATE_VALIDATION vSphere: @@ -511,7 +1113,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-vxflexos: enabled: $POWERFLEX_ENABLED - version: v2.6.0 + version: v2.12.0 images: driverRepository: $IMAGE_REPOSITORY powerflexSdc: dellemc/sdc:3.6.0.6 @@ -519,7 +1121,7 @@ describe("GIVEN createYamlString function", () => { controller: replication: enabled: $REPLICATION_ENABLED - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 healthMonitor: enabled: $HEALTH_MONITOR_ENABLED controllerCount: $CONTROLLER_COUNT @@ -531,6 +1133,8 @@ describe("GIVEN createYamlString function", () => { node: healthMonitor: enabled: $HEALTH_MONITOR_ENABLED + sdc: + enabled: $SDC_ENABLED nodeSelector: $NODE_POD_NODE_SELECTOR renameSDC: enabled: $RENAME_SDC_ENABLED @@ -561,20 +1165,20 @@ describe("GIVEN createYamlString function", () => { enabled: $MONITOR_ENABLED vgsnapshotter: enabled: $VG_SNAPSHOT_ENABLED - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 podmon: enabled: $RESILIENCY_ENABLED - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 authorization: enabled: $AUTHORIZATION_ENABLED - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: $AUTHORIZATION_PROXY_HOST ## CSI Unity ######################## csi-unity: enabled: $UNITY_ENABLED - version: v2.6.0 + version: v2.12.0 images: driverRepository: $IMAGE_REPOSITORY certSecretCount: 1 @@ -633,7 +1237,7 @@ describe("GIVEN createYamlString function", () => { # effect: "NoSchedule" podmon: enabled: $RESILIENCY_ENABLED - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 ## K8S/Replication Module ATTRIBUTES ########################################## @@ -662,8 +1266,8 @@ describe("GIVEN createYamlString function", () => { `; const testObject = { - csmVersion: "1.6.0", - driverVersion: "v2.6.0", + csmVersion: "1.12.0", + driverVersion: "v2.12.0", imageRepository: "dellemc", maxVolumesPerNode: "0", controllerCount: "1", @@ -683,9 +1287,9 @@ describe("GIVEN createYamlString function", () => { observabilityMetrics: true, authorization: false, authorizationSkipCertValidation: true, - vgsnapshotImage: "dellemc/csi-volumegroup-snapshotter:v1.2.0", - replicationImage: "dellemc/dell-csi-replicator:v1.4.0", - authorizationImage: "dellemc/csm-authorization-sidecar:v1.6.0", + vgsnapshotImage: "quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0", + replicationImage: "quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0", + authorizationImage: "quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0", certManagerEnabled: false, authorizationProxyHost: '', monitor: false, @@ -701,6 +1305,7 @@ describe("GIVEN createYamlString function", () => { vSphereVCenterHost: "00.000.000.00", vSphereVCenterCredSecret: "vcenter-creds", migration: false, + sdcEnabled: false, renameSDC: false, sdcPrefix: "sdc-test", approveSDC: false @@ -712,7 +1317,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-powerstore: enabled: true - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc ## Controller ATTRIBUTES @@ -723,10 +1328,10 @@ describe("GIVEN createYamlString function", () => { nodeSelector: false replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 vgsnapshot: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 snapshot: enabled: true resizer: @@ -766,7 +1371,7 @@ describe("GIVEN createYamlString function", () => { enabled: false podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 maxPowerstoreVolumesPerNode: 0 ## K8S/PowerMax ATTRIBUTES @@ -802,18 +1407,18 @@ describe("GIVEN createYamlString function", () => { enabled: false nodeSelector: false csireverseproxy: - image: dellemc/csipowermax-reverseproxy:v2.5.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 deployAsSidecar: true replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 migration: enabled: false - image: dellemc/dell-csi-migrator:v1.1.0 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0 + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: skipCertificateValidation: true vSphere: @@ -827,7 +1432,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-vxflexos: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc powerflexSdc: dellemc/sdc:3.6.0.6 @@ -835,7 +1440,7 @@ describe("GIVEN createYamlString function", () => { controller: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 healthMonitor: enabled: false controllerCount: 1 @@ -847,6 +1452,8 @@ describe("GIVEN createYamlString function", () => { node: healthMonitor: enabled: false + sdc: + enabled: false nodeSelector: false renameSDC: enabled: false @@ -877,20 +1484,20 @@ describe("GIVEN createYamlString function", () => { enabled: false vgsnapshotter: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: ## CSI Unity ######################## csi-unity: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc certSecretCount: 1 @@ -949,7 +1556,7 @@ describe("GIVEN createYamlString function", () => { # effect: "NoSchedule" podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 ## K8S/Replication Module ATTRIBUTES ########################################## @@ -986,7 +1593,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-powerstore: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc ## Controller ATTRIBUTES @@ -997,10 +1604,10 @@ describe("GIVEN createYamlString function", () => { nodeSelector: false replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 vgsnapshot: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 snapshot: enabled: true resizer: @@ -1040,7 +1647,7 @@ describe("GIVEN createYamlString function", () => { enabled: false podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 maxPowerstoreVolumesPerNode: 0 ## K8S/PowerMax ATTRIBUTES @@ -1076,18 +1683,18 @@ describe("GIVEN createYamlString function", () => { enabled: false nodeSelector: false csireverseproxy: - image: dellemc/csipowermax-reverseproxy:v2.5.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 deployAsSidecar: true replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 migration: enabled: false - image: dellemc/dell-csi-migrator:v1.1.0 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0 + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: skipCertificateValidation: true vSphere: @@ -1101,7 +1708,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-vxflexos: enabled: true - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc powerflexSdc: dellemc/sdc:3.6.0.6 @@ -1109,7 +1716,7 @@ describe("GIVEN createYamlString function", () => { controller: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 healthMonitor: enabled: false controllerCount: 1 @@ -1121,6 +1728,8 @@ describe("GIVEN createYamlString function", () => { node: healthMonitor: enabled: false + sdc: + enabled: false nodeSelector: false renameSDC: enabled: false @@ -1151,20 +1760,20 @@ describe("GIVEN createYamlString function", () => { enabled: false vgsnapshotter: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: ## CSI Unity ######################## csi-unity: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc certSecretCount: 1 @@ -1223,7 +1832,7 @@ describe("GIVEN createYamlString function", () => { # effect: "NoSchedule" podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 ## K8S/Replication Module ATTRIBUTES ########################################## @@ -1261,7 +1870,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-powerstore: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc ## Controller ATTRIBUTES @@ -1272,10 +1881,10 @@ describe("GIVEN createYamlString function", () => { nodeSelector: false replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 vgsnapshot: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 snapshot: enabled: true resizer: @@ -1315,7 +1924,7 @@ describe("GIVEN createYamlString function", () => { enabled: false podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 maxPowerstoreVolumesPerNode: 0 ## K8S/PowerMax ATTRIBUTES @@ -1351,18 +1960,18 @@ describe("GIVEN createYamlString function", () => { enabled: false nodeSelector: false csireverseproxy: - image: dellemc/csipowermax-reverseproxy:v2.5.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 deployAsSidecar: true replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 migration: enabled: false - image: dellemc/dell-csi-migrator:v1.1.0 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0 + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: skipCertificateValidation: true vSphere: @@ -1376,7 +1985,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-vxflexos: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc powerflexSdc: dellemc/sdc:3.6.0.6 @@ -1384,7 +1993,7 @@ describe("GIVEN createYamlString function", () => { controller: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 healthMonitor: enabled: false controllerCount: 1 @@ -1396,6 +2005,8 @@ describe("GIVEN createYamlString function", () => { node: healthMonitor: enabled: false + sdc: + enabled: false nodeSelector: false renameSDC: enabled: false @@ -1426,20 +2037,20 @@ describe("GIVEN createYamlString function", () => { enabled: false vgsnapshotter: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: ## CSI Unity ######################## csi-unity: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc certSecretCount: 1 @@ -1498,7 +2109,7 @@ describe("GIVEN createYamlString function", () => { # effect: "NoSchedule" podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 ## K8S/Replication Module ATTRIBUTES ########################################## @@ -1538,7 +2149,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-powerstore: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc ## Controller ATTRIBUTES @@ -1549,10 +2160,10 @@ describe("GIVEN createYamlString function", () => { nodeSelector: false replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 vgsnapshot: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 snapshot: enabled: true resizer: @@ -1592,7 +2203,7 @@ describe("GIVEN createYamlString function", () => { enabled: false podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 maxPowerstoreVolumesPerNode: 0 ## K8S/PowerMax ATTRIBUTES @@ -1628,18 +2239,18 @@ describe("GIVEN createYamlString function", () => { enabled: false nodeSelector: false csireverseproxy: - image: dellemc/csipowermax-reverseproxy:v2.5.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 deployAsSidecar: true replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 migration: enabled: false - image: dellemc/dell-csi-migrator:v1.1.0 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0 + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: skipCertificateValidation: true vSphere: @@ -1653,7 +2264,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-vxflexos: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc powerflexSdc: dellemc/sdc:3.6.0.6 @@ -1661,7 +2272,7 @@ describe("GIVEN createYamlString function", () => { controller: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 healthMonitor: enabled: false controllerCount: 1 @@ -1673,6 +2284,8 @@ describe("GIVEN createYamlString function", () => { node: healthMonitor: enabled: false + sdc: + enabled: false nodeSelector: false renameSDC: enabled: false @@ -1703,20 +2316,20 @@ describe("GIVEN createYamlString function", () => { enabled: false vgsnapshotter: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: ## CSI Unity ######################## csi-unity: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc certSecretCount: 1 @@ -1775,7 +2388,7 @@ describe("GIVEN createYamlString function", () => { # effect: "NoSchedule" podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 ## K8S/Replication Module ATTRIBUTES ########################################## @@ -1814,7 +2427,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-powerstore: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc ## Controller ATTRIBUTES @@ -1825,10 +2438,10 @@ describe("GIVEN createYamlString function", () => { nodeSelector: false replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 vgsnapshot: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 snapshot: enabled: true resizer: @@ -1868,7 +2481,7 @@ describe("GIVEN createYamlString function", () => { enabled: false podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 maxPowerstoreVolumesPerNode: 0 ## K8S/PowerMax ATTRIBUTES @@ -1904,18 +2517,18 @@ describe("GIVEN createYamlString function", () => { enabled: false nodeSelector: false csireverseproxy: - image: dellemc/csipowermax-reverseproxy:v2.5.0 + image: quay.io/dell/container-storage-modules/csipowermax-reverseproxy:v2.5.0 deployAsSidecar: true replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 migration: enabled: false - image: dellemc/dell-csi-migrator:v1.1.0 - nodeRescanSidecarImage: dellemc/dell-csi-node-rescanner:v1.0.0 + image: quay.io/dell/container-storage-modules/dell-csi-migrator:v1.1.0 + nodeRescanSidecarImage: quay.io/dell/container-storage-modules/dell-csi-node-rescanner:v1.0.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: skipCertificateValidation: true vSphere: @@ -1929,7 +2542,7 @@ describe("GIVEN createYamlString function", () => { ######################## csi-vxflexos: enabled: false - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc powerflexSdc: dellemc/sdc:3.6.0.6 @@ -1937,7 +2550,7 @@ describe("GIVEN createYamlString function", () => { controller: replication: enabled: false - image: dellemc/dell-csi-replicator:v1.4.0 + image: quay.io/dell/container-storage-modules/dell-csi-replicator:v1.4.0 healthMonitor: enabled: false controllerCount: 1 @@ -1949,6 +2562,8 @@ describe("GIVEN createYamlString function", () => { node: healthMonitor: enabled: false + sdc: + enabled: false nodeSelector: false renameSDC: enabled: false @@ -1979,20 +2594,20 @@ describe("GIVEN createYamlString function", () => { enabled: false vgsnapshotter: enabled: false - image: dellemc/csi-volumegroup-snapshotter:v1.2.0 + image: quay.io/dell/container-storage-modules/csi-volumegroup-snapshotter:v1.2.0 podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 authorization: enabled: false - sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.6.0 + sidecarProxyImage: quay.io/dell/container-storage-modules/csm-authorization-sidecar:v1.6.0 proxyHost: ## CSI Unity ######################## csi-unity: enabled: true - version: v2.6.0 + version: v2.12.0 images: driverRepository: dellemc certSecretCount: 1 @@ -2051,7 +2666,7 @@ describe("GIVEN createYamlString function", () => { # effect: "NoSchedule" podmon: enabled: false - image: dellemc/podmon:v1.5.0 + image: quay.io/dell/container-storage-modules/podmon:v1.5.0 ## K8S/Replication Module ATTRIBUTES ########################################## @@ -2082,5 +2697,4 @@ describe("GIVEN createYamlString function", () => { expect(received).toEqual(expected); }); - }); diff --git a/content/v1/deployment/csminstallationwizard/src/static/js/tests/ui-functions.test.js b/content/v1/deployment/csminstallationwizard/src/static/js/tests/ui-functions.test.js index e477a66b74..6df3584b9b 100644 --- a/content/v1/deployment/csminstallationwizard/src/static/js/tests/ui-functions.test.js +++ b/content/v1/deployment/csminstallationwizard/src/static/js/tests/ui-functions.test.js @@ -68,10 +68,10 @@ const CONSTANTS = { PROPERTIES: ".properties", HELM: "helm", OPERATOR: "operator", - CSM_HELM_V180: "1.1.0", CSM_HELM_V193: "1.2.1", CSM_HELM_V1102: "1.3.2", - CSM_HELM_V1110: "1.4.0", + CSM_HELM_V1111: "1.4.1", + CSM_HELM_V1120: "1.5.0", }; describe("GIVEN onAuthorizationChange function", () => { @@ -561,8 +561,8 @@ describe("GIVEN resetTaint function", () => { describe("GIVEN displayModules function", () => { const testHtml = ` @@ -722,7 +722,7 @@ describe("GIVEN displayCommands function", () => { - +