Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support creating NFS-volumes that requires clients to authenticate with Kerberos #3387

Closed
nixpanic opened this issue Sep 13, 2022 · 2 comments · Fixed by #3434
Closed

Support creating NFS-volumes that requires clients to authenticate with Kerberos #3387

nixpanic opened this issue Sep 13, 2022 · 2 comments · Fixed by #3434
Assignees
@nixpanic
Labels
component/nfs Issues related to NFS enhancement New feature or request keepalive This label can be used to disable stale bot activiity in the repo

Comments

@nixpanic
Copy link
Member

Describe the feature you'd like to have

Rook supports configuring NFS-Ganesha with Kerberos support. This can not (easily) be used within a Kubernetes environment, but is useful for external NFS-clients. Ceph-CSI can have a parameter in the StorageClass that makes it possible to select one or more security flavours when a volume is created.

What is the value to the end user? (why is it a priority?)

External NFS-clients can securely use NFS-volumes that are managed within a Kubernetes environment.

How will we know we have a good solution? (acceptance criteria)

NFS-clients inside the Kubernetes environment (worker nodes) should be able to mount NFS-volumes with standard security flavour, while external NFS-clients can use Kerberos.

Additional context

https://rook.io/docs/rook/latest/CRDs/ceph-nfs-crd/ contains the CephNFS configuration with Kerberos options.

Depends-On: ceph/go-ceph#767
@nixpanic nixpanic added enhancement New feature or request component/nfs Issues related to NFS labels Sep 13, 2022
@github-actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in a week if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the wontfix This will not be worked on label Oct 13, 2022
@nixpanic nixpanic self-assigned this Oct 14, 2022
@nixpanic nixpanic removed the wontfix This will not be worked on label Oct 14, 2022
@nixpanic nixpanic mentioned this issue Oct 14, 2022
Merged
@github-actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in a week if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the wontfix This will not be worked on label Nov 13, 2022
@Rakshith-R Rakshith-R removed the wontfix This will not be worked on label Nov 14, 2022
@Madhu-1 Madhu-1 added the keepalive This label can be used to disable stale bot activiity in the repo label Nov 14, 2022
@spuiuk spuiuk mentioned this issue Mar 10, 2023
Closed
@mergify mergify bot closed this as completed in #3434 May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nixpanic nixpanic

Labels
component/nfs Issues related to NFS enhancement New feature or request keepalive This label can be used to disable stale bot activiity in the repo
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

nfs: add support for secTypes parameter in StorageClass nixpanic/ceph-csi
3 participants
@nixpanic @Madhu-1 @Rakshith-R