diff --git a/docs/_index.md b/docs/_index.md deleted file mode 100644 index 27fa2dd4..00000000 --- a/docs/_index.md +++ /dev/null @@ -1,26 +0,0 @@ ---- -title: "COSI Driver" -linkTitle: "COSI Driver" -description: About Dell Technologies (Dell) COSI Driver -weight: 3 ---- - -The COSI Driver by Dell implements an interface between [COSI](https://github.com/container-object-storage-interface/container-object-storage-interface.github.io/tree/master/docs). It is a plug-in that is installed into Kubernetes to provide object storage using Dell storage systems. - -Dell COSI Driver is a multi-backend driver, meaning that it can connect to multiple Object Storage Platform (OSP) Instances and provide access to them using the same COSI interface. - -## Features and capabilities - -### COSI Driver Capabilities - -| Features | ObjectStore | ECS | PowerScale | -|------------------------|:-----------:|:---:|:----------:| -| Bucket Creation | yes | no | no | -| Bucket Deletion | yes | no | no | -| Bucket Access Granting | yes | no | no | -| Bucket Access Revoking | yes | no | no | - -## Bucket Lifecycle Workflow - -1. Create Bucket → Delete Bucket -1. Create Bucket → Grant Access → Revoke Access → Delete Bucket diff --git a/docs/features/_index.md b/docs/features/_index.md deleted file mode 100644 index e94493c4..00000000 --- a/docs/features/_index.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -title: "Features" -linkTitle: "Features" -weight: 4 -description: Description of COSI Driver features ---- - -## ObjectScale - -| Area | Core Features | Implementation level | Status | Details | -|:------------------|:-----------------------|:----------------------:|:---------------:|---------------------------------------------------------------------------------------------| -| Provisioning | _Create Bucket_ | Minimum Viable Product | ✅ Done | Bucket is created using default settings. | -| | | Advanced provisioning | 📝 Design draft | Extra (non-default) parameters for bucket provisioning are controlled from the BucketClass. | -| | _Delete Bucket_ | Minimum Viable Product | ✅ Done | Bucket is deleted. | -| Access Management | _Grant Bucket Access_ | Minimum Viable Product | 🚧 Doing | Full access is granted for given bucket. | -| | | Advanced permissions | 📝 Design draft | More control over permission is done through BucketAccessClass. | -| | _Revoke Bucket Access_ | Minimum Viable Product | 🚧 Doing | Access is revoked. | - -## ECS - -| Area | Core Features | Implementation level | Status | Details | -|:------------------|:-----------------------|:----------------------:|:---------------:|---------------------------------------------------------------------------------------------| -| Provisioning | _Create Bucket_ | Minimum Viable Product | 📝 Design draft | Bucket is created using default settings. | -| | | Advanced provisioning | 📝 Design draft | Extra (non-default) parameters for bucket provisioning are controlled from the BucketClass. | -| | _Delete Bucket_ | Minimum Viable Product | 📝 Design draft | Bucket is deleted. | -| Access Management | _Grant Bucket Access_ | Minimum Viable Product | 📝 Design draft | Full access is granted for given bucket. | -| | | Advanced permissions | 📝 Design draft | More control over permission is done through BucketAccessClass. | -| | _Revoke Bucket Access_ | Minimum Viable Product | 📝 Design draft | Access is revoked. | diff --git a/docs/features/objectscale.md b/docs/features/objectscale.md deleted file mode 100644 index 4dd01676..00000000 --- a/docs/features/objectscale.md +++ /dev/null @@ -1,183 +0,0 @@ ---- -title: ObjectScale -linktitle: ObjectScale -weight: 1 -Description: Code features for ObjectScale COSI Driver ---- - - - -## Notational Conventions - -The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in [RFC 2119](http://tools.ietf.org/html/rfc2119) (Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997). - -Fields are specified by theirs path. Consider the following examples: - -1. Field specified by the following path `spec.authenticationType=IAM` is reflected in their resouces YAML as the following: - -```yaml -spec: - authenticationType: IAM -``` - -2. field specified by path `spec.protocols=[Azure,GCS]` is reflected in their resouces YAML as the following: - -```yaml -spec: - protocols: - - Azure - - GCS -``` - -## Prerequisites - -In order to use COSI Driver on ObjectScale platform, the following components MUST be deployed to your cluster: -- Kubernetes Container Object Storage Interface CRDs -- Container Object Storage Interface Controller - -## Bucket Creation Feature - -### Bucket - -`Bucket` represents a Bucket or its equivalent in the storage backend. Generally, it should be created only in the brownfield provisioning scenario. The following is a sample manifest of `Bucket` resource: - -```yaml -apiVersion: objectstorage.k8s.io/v1alpha1 -kind: Bucket -metadata: - name: my-bucket -spec: - driverName: cosi.dellemc.com - bucketClassName: my-bucket-class - bucketClaim: my-bucket-claim - deletionPolicy: Delete - protocols: - - S3 -``` - -### Bucket Claim - -`BucketClaim` represents a claim to provision a `Bucket`. The following is a sample manifest for creating a BucketClaim resource: - -```yaml -apiVersion: objectstorage.k8s.io/v1alpha1 -kind: BucketClaim -metadata: - name: my-bucket-claim - namespace: my-namespace -spec: - bucketClassName: my-bucket-class - protocols: - - S3 -``` - -### Unsupported options - -- `spec.protocols=[Azure,GCS]` - Protocols are the set of data API this bucket is required to support. From protocols specified by COSI (`v1alpha1`), Dell ObjectScale platform only supports the S3 protocol. Protocols `Azure` and `GCS` MUST NOT be used. - -### Bucket Class - -Installation of ObjectScale COSI driver does not create `BucketClass` resource. `BucketClass` represents a class of `Bucket` resources with similar characteristics. -Dell COSI Driver is a multi-backend driver, meaning that for every platform the specific `BucketClass` should be created. The `BucketClass` resource should contain the name of multi-backend driver and `parameters.driverID` for specific Object Storage Platform. -The default sample is shown below: - -```yaml -apiVersion: objectstorage.k8s.io/v1alpha1 -kind: BucketClass -metadata: - name: my-bucket-class -driverName: cosi.dellemc.com -deletionPolicy: Delete -parameters: - driverID: "objectscale.secure.panda" -``` - -## Bucket Deletion Feature - -There are a few crucial details regarding bucket deletion. The first one is Deletion Policy which is used to specify how COSI should handle deletion of a bucket. It is found in K8s CRD and can be set to Delete and Retain. The second crucial detail is `emptyBucket` field in the Helm Chart configuration. - -### `deletionPolicy` - -> ⚠ **WARNING**: this field is case sensitive, and the bucket deletion will fail if policy is not set exactly to *Delete* or *Retain*. - -`deletionPolicy` in `BucketClass` resource is used to specify how COSI should handle deletion of the bucket. There are two possible values: -- **Retain**: Indicates that the bucket should not be deleted from the Object Storage Platform (OSP), it means that the underlying bucket is not cleaned up when the `Bucket` object is deleted. It makes the bucket unreachable from k8s level. -- **Delete**: Indicates that the bucket should be permanently deleted from the Object Storage Platform (OSP) once all the workloads accessing this bucket are done, it means that the underlying bucket is cleaned up when the Bucket object is deleted. - -### `emptyBucket` - -`emptyBucket` field is set in config YAML file passed to the chart during COSI driver installation. If it is set to `true`, then the bucket will be emptied before deletion. If it is set to `false`, then Objectscale will not be able to delete not empty bucket and return error. - -`emptyBucket` has no effect when Deletion Policy is set to `Retain`. - -## Bucket Access Granting Feature - -> ⚠ **WARNING**: only full access granting is supported. - -### Bucket Access Class - -Installation of ObjectScale COSI driver does not create `BucketAccessClass` resource. `BucketAccessClass` represents a class of `BucketAccess` resources with similar characteristics. -Dell COSI Driver is a multi-backend driver, meaning that for every platform the specific `BucketAccessClass` should be created. The `BucketClass` resource should contain the name of multi-backend driver and `parameters.driverID` for specific Object Storage Platform. -The default sample is shown below: - -```yaml -apiVersion: objectstorage.k8s.io/v1alpha1 -kind: BucketAccessClass -metadata: - name: my-bucket-access-class -driverName: cosi.dellemc.com -authenticationType: KEY -parameters: - driverID: "objectscale.secure.panda" -``` - -### `authenticationType` - -> ⚠ **WARNING**: this field is case sensitive, and the granting access will fail if it is not set exactly to *Key* or *IAM*. - -`authenticationType` denotes the style of authentication. The only supported option for COSI Driver is `Key`. - -### Unsupported options - -- `authenticationType=IAM` - denotes the style of authentication. The `IAM` value MUST NOT be used, because IAM style authentication is not supported. - -### Bucket Access - -`BucketAccess` resource represents a access request to generate a `Secret`, that will allow you to access ObjectStorage . The following is a sample manifest for creating a BucketClaim resource: - -```yaml -apiVersion: objectstorage.k8s.io/v1alpha1 -kind: BucketAccess -metadata: - name: my-bucket-access - namespace: my-namespace -spec: - bucketClaimName: my-bucket-claim - protocol: S3 - bucketAccessClassName: my-bucket-access-class - credentialsSecretName: my-cosi-secret -``` - -### `spec.protocol` - -> ⚠ **WARNING**: this field is case sensitive, and the provisioning will fail if protocol is not set exactly to *S3*. - -`spec.protocol` is the name of the Protocol that this access credential is supposed to support. - -### Unsupported options - -- `spec.serviceAccountName=...` - is the name of the serviceAccount that COSI will map to the object storage provider service account when IAM styled authentication is specified. As the IAM style authentication is not supported, this field is also unsupported. -- `spec.protocol=...` - Protocols are the set of data API this bucket is required to support. From protocols specified by COSI (`v1alpha1`), Dell ObjectScale platform only supports the `S3` protocol. Protocols `Azure` and `GCS` MUST NOT be used. - -## Bucket Access Revoking Feature -This feature revokes a user's previously granted access to a particular bucket. -When resource of `BucketAccess` kind is removed from Kubernetes it triggers the process: - -- access key is removed from ObjectScale, -- bucket policy is modifed to reflect that user has lost permissions for a bucket, -- user is removed from ObjectScale. diff --git a/docs/installation/_index.md b/docs/installation/_index.md deleted file mode 100644 index b82a377f..00000000 --- a/docs/installation/_index.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: "Installation" -linkTitle: "Installation" -weight: 4 -description: Process of installation ---- \ No newline at end of file diff --git a/docs/installation/configuration_file.md b/docs/installation/configuration_file.md deleted file mode 100644 index a8a79b1e..00000000 --- a/docs/installation/configuration_file.md +++ /dev/null @@ -1,320 +0,0 @@ ---- -title: Configuration File -linktitle: Configuration File -weight: 1 -Description: Description of configuration file for ObjectScale ---- - -## Notational Conventions - -The keywords "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in [RFC 2119](http://tools.ietf.org/html/rfc2119) (Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997). - -## Dell COSI Driver Configuration Schema - -This configuration file is used to specify the settings for the Dell COSI Driver, which is responsible for managing connections to the Dell ObjectScale platform. The configuration file is written in YAML format and based on the JSON schema and adheres to it's specification. - -YAML files can have comments, which are lines in the file that begin with the `#` character. Comments can be used to provide context and explanations for the data in the file, and they are ignored by parsers when reading the YAML data. - -## Configuration file example - -```yaml -# This is example of configuration file. You MUST edit it before applying! - -# List of connections to object storage platforms that is used for object storage provisioning. -connections: - -# Configuration specific to the Dell ObjectScale platform. -- objectscale: - - # Default, unique identifier for the single connection. - # - # It MUST NOT contain any hyphens '-'. - # - # REQUIRED - id: example.id - - # Credentials used for authentication to object storage provider. - # - # REQUIRED - credentials: - - # Username used to login to ObjectScale Management API - # - # REQUIRED - username: testuser - - # Password used to login to ObjectScale Management API - # - # REQUIRED - password: testpassword - - # Namespace associated with the user/tenant that is allowed to access the bucket. - # It can be retrieved from the ObjectScale Portal, under the Accounts tab. - # - # How to: - # 1. Login into ObjectScale Portal; - # 2. Select Accounts tab in the panel on the left side of your screen; - # 3. You should now see list of accounts. Select one of the values from column called 'Account ID'. - # - # REQUIRED - namespace: osaia3382ab190a7a3df - - # The ID of the ObjectScale the driver should communicate with. - # It can be retrieved from the ObjectScale Portal, under the ObjectScale tab. - # - # How to: - # 1. Login into ObjectScale Portal; - # 2. From the menu on left side of the screen select 'Administration' tab; - # 3. After unfolding 'Administration' tab enter 'ObjectScale' page; - # 4. Select 'Federation' tab; - # 5. In the table you will see value under 'ObjectScale ID' column. - # - # REQUIRED - objectscale-id: osci809ccd51aade874b - - # The ID of the Objectstore under specific ObjectScale, with which the driver should communicate. - # It can be retrieved from the ObjectScale Portal, under the ObjectScale tab. - # - # How to: - # 1. Login into ObjectScale Portal; - # 2. From the menu on left side of the screen select 'Administration' tab; - # 3. After unfolding 'Administration' tab enter 'ObjectScale' page; - # 4. Select one of the object stores visible in the table, and click its name; - # 5. You should see 'Summary' of that object store. - # 6. In the 'General' section, you will see value under 'Object store ID' column. - # - # REQUIRED - objectstore-id: ostibd2054393c389b1a - - # Endpoint of the ObjectScale Gateway Internal service. - # It can be retrieved from the ObjectScale Portal, under the ObjectScale tab. - # - # How to: - # 1. Login into ObjectScale Portal; - # 2. From the menu on left side of the screen select 'Administration' tab; - # 3. After unfolding 'Administration' tab enter 'ObjectScale' page; - # 4. Select 'Federation' tab; - # 5. In the table you will see one or more values, unroll selected one; - # 6. In the table, you will now see 'External Endpoint' value associated with 'objectscale-gateway-internal'. - # - # Valid values: - # - https://:443 - # - https:// - # - # REQUIRED - objectscale-gateway: https://gateway.objectscale.test:443 - - # Endpoint of the ObjectScale ObjectStore Management Gateway service. - # It can be retrieved from the ObjectScale Portal, under the ObjectScale tab. - # - # How to: - # 1. Login into ObjectScale Portal; - # 2. From the menu on left side of the screen select 'Administration' tab; - # 3. After unfolding 'Administration' tab enter 'ObjectScale' page; - # 4. Select one of the object stores visible in the table, and click its name; - # 5. You should see 'Summary' of that object store. - # 6. In the 'Management Service details' section, you will see value under 'IP address' column. - # - # Valid values: - # - https://:4443 - # - https:// - # - # REQUIRED - objectstore-gateway: https://gateway.objectstore.test:4443 - - # Identity and Access Management (IAM) API specific field. - # It points to the region in which object storage provider is installed. - # - # OPTIONAL - region: us-east-1 - - # Indicates if the contents of the bucket should be emptied as part of the deletion process - # - # Possible values: - # - true - bucket will be emptied during the deletion. - # - false - default - deletion of bucket will fail, if the bucket is not empty. - # All contents of the bucket must be cleared manually. - # - # OPTIONAL - emptyBucket: false - - # Protocols supported by the connection - # - # Valid values: - # s3 (property) - # - # REQUIRED - protocols: - - # S3 configuration - # - # REQUIRED - s3: - - # Endpoint of the S3 service. - # It can be retrieved from the ObjectScale Portal, under the ObjectScale tab. - # - # How to: - # 1. Login into ObjectScale Portal; - # 2. From the menu on left side of the screen select 'Administration' tab; - # 3. After unfolding 'Administration' tab enter 'ObjectScale' page; - # 4. Select one of the object stores visible in the table, and click its name; - # 5. You should see 'Summary' of that object store. - # 6. In the 'S3 Service details' section, you will see value under 'IP address' column. - # - # Valid values: - # - https://:443 - # - https:// - # - http://:80 - # - http:// - # - # REQUIRED - endpoint: https://s3.objectstore.test - - # TLS configuration details - # - # REQUIRED - tls: - - # Controls whether a client verifies the server's certificate chain and host name. - # - # Possible values: - # - true - default - # - false - # - # REQUIRED - insecure: false - - # Base64 encoded content of the root certificate authority file. - # - # How To: - # 1. Fetch the certificate from the ObjectScale: - # $ openssl s_client -showcerts -connect [ObjectScale IP] /dev/null | openssl x509 -outform PEM > root.crt - # 2. Encode the data using the following commands: - # $ cat root.crt | base64 > root.crt.b64 - # 3. Open the 'root.crt.b64' file, copy it contents, and paste to the configuration file - # - # REQUIRED: - # + if insecure is set to false - root-cas: |- - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUU1RENDQXN5Z0F3SUJBZ0lCQVRBTkJna3Fo - a2lHOXcwQkFRc0ZBREFTTVJBd0RnWURWUVFERXdkMFpYTjAKTFdOaE1CNFhEVEl6TURNeE56RXlN - ek16TTFvWERUSTBNRGt4TnpFeU5ETXpNRm93RWpFUU1BNEdBMVVFQXhNSApkR1Z6ZEMxallUQ0NB - aUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU9oUmc1Um95UXdxCmVtQ1VN - TDU3cXVLSXJjMWZXdGdlSGRpbVRSamFsVERQMStqYUhGeG56d2M1MTRwOWNLNzcxRWZ2bDRjZW9Q - VWsKWnRhNSsxckRxdlBkd25BMnE2TXI5cFB2aWQyRkRiZVZPdXNIaHNQSG1kMDVxa1pnNGNXUGdp - eXlSM3BmNTF0bApVYkxyNU1tL0FIK0JvRHVMbFo1UG5SVUw1b0hFd1hQa3BXc0UyMXJDc2xSdmJv - WWZJYlplUzlsOHhlYURMVmdDCk53UmFHRjgxTFpoZjVrTDA0SXJUV0dETzdlbVF0S2tpN0dSZ1Ex - bHIxRHR3SXZpa0puakhBeEJiOTJ3WDN1WnoKcGdMQksxU2RsUlY1bjY2VTZtUklzMGo1MkVyTG1h - TDdUSHJxRVZHRXNvczFIbEZFQ2NJMlNhQjZZdmltaTdZawpmT1lOS2NPaE5BcXlXcWhlUERHQ0dq - d3l4RHR3OWN2Z2FJSTlTOFFUa2w5Z1JiL056dFlMREptejlEYXZiRWNjCjRDelZBdUVmdUVtWUNi - aFRrUVUyWitZczlKdXgwdmc4WXFFTExlRzlNZHc1cmZJQkkwNmRMRDVkU0JUVFc1Y08KYjRNN0h1 - ODhrZUdIWnlNZXU2cVMyR2czUUFTVEM3RkpFcWFYTkRDc095aCs2Uk14UnkyZy9idEZMRm5VdmlG - QQo0NktKZHk0QWVjOEpXVkc1OFlLYkd2QlJrekkzY1BNWE1oWFpDS3pZb0tnUWoxMnFOMWM0SkVp - TUFPK2F2ZW9RCjB0dnJmd3MxMlF3d3ZIZm40SCtYVnlDZGpMcDE5dlhlY0FSRFJyaGlkRW1CbEFD - cVJVdTFLSGhzejZ2TmxzUzIKSlZiWU9BYW5ISzYzNzdYT211OUthL2x1TmxSVDdmckxBZ01CQUFH - alJUQkRNQTRHQTFVZER3RUIvd1FFQXdJQgpCakFTQmdOVkhSTUJBZjhFQ0RBR0FRSC9BZ0VBTUIw - R0ExVWREZ1FXQkJSbDk4cG1valVUQ3RZb3phTDl6L0hSCmJIUkdkREFOQmdrcWhraUc5dzBCQVFz - RkFBT0NBZ0VBNUVxL09ocGs0MUxLa3R2ajlmSWNFWXI5Vi9QUit6Z1UKQThRTUtvOVBuZSsrdW1N - dEZEK1R1M040b1lxV0srTmg0ajdHTm80RFJXejNnbWpZdUlDdklhMGo5emppT1FkWgo1Q2xVQkdk - YUlScFoyRG5CblBUM2tJbnhSd0hmU0JMVlVTRXRTcXh4YkV2dk5LWkZWY0lsRUV5ODZodnJ5OUZD - CjhFOWRXWEw5VDhMd29uVXpqSjBxZ242cGRjNHpjdEtUMDFjaDQvWGw2UjBVQkR5Q1NoSGFyU29C - eTkvSk1NTXIKajBoeEZSN3Izb052a2N3QWl6T1RsQ3BWdTZaNHF2cng3NndCc0hIanV6elNiODJL - dUxnelJUNElWbjFjbzRrVQpSaTlBRkNaRlh6QklaQlEwTUZ6NU03bzJkN0ovN3ZMOFhYRlhwWlpy - K3RibWE1L3BCSmZhcXliK3FPRXViWGdUCjFsSDZGeFNVcWt0TktQNlZoeWdQY2ZSMlR4YWtHZ0cw - Ny9qVWZWRmhpVXM5aFBlejh6Sjg2RWMrd283VEVQbEsKSlRnMHZmMDM4MTROR3ZuWmlpTnBFWVBM - S0ZhcHlDMWJONVdFTGFTWFVBaVFPZDJjK01xVHAyN21vV1RZa29TOApzRFczRTMraEN6c1djdmFY - RW1nMjZJTjQybmVUWFBuNS9QajNpcUVoT0pQYkJsY3l6dDBZL1BYeU1jR3JtbUs1CkhxOUMzTndl - VUV3M09rY09BOXlCdC9kLzZ5S3c3QmovSlFQZGI0aDlWWjNGN09wemFpeXQ5cFhvSXRQMHNUSHUK - S2ZKbDBCRUFYV29SR2lWM2EyeUlUcGp0a0pkQVBoS0xpSkkrWWowZEVEU05WZnlENFhJTXdQSmpV - eFpsd2FROQorQUtkVDFBdlplbz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - - # Base64 encoded content of the clients's certificate file. - # - # How To: - # Considering client certificate file is named 'client.crt', you can obtain the data using the following commands: - # cat client.crt | base64 > client.crt.b64 - # You can then open the 'client.crt.b64' file, copy it contents, and paste to the configuration file - # - # It is required, only if the server requires client authentication. - # It is mutually required if the field client-key has a value. - # - # REQUIRED: - # + if insecure is set to false - # AND - # + the client-key field is not empty - client-cert: |- - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVORENDQWh5Z0F3SUJBZ0lSQU9JSlZ2NnB3 - a0lIK0p1NTNKSEFuam93RFFZSktvWklodmNOQVFFTEJRQXcKRWpFUU1BNEdBMVVFQXhNSGRHVnpk - QzFqWVRBZUZ3MHlNekF6TVRjeE1qTTJNelphRncweU5EQTVNVGN4TWpRegpNamxhTUJFeER6QU5C - Z05WQkFNVEJtTnNhV1Z1ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0Nn - Z0VCQU5LVFNHeEEyV2RyNmtCR0N3RjY5c1JVZElPV0xqeTUvN3QyRktKWDVVenNyMDlFWW9tS0sr - bVQKdWF2eWJIMWhsbTYzdG5kb3VFOHFIQnVhYmYvUGIzSlRTQ0twR0NRdHR2NmQzeGc3MHFZVWIx - cUZKT2o5andlNgpRZW0xb2RIVFpLc0xMc2J1N1Fzei91MGtseUovMHNYcFQ5K2JXK1M0OHMrL3pK - dHNDR21SdVhlRjE2Y1FqOWErCkFFejNqVzhrdExMYi9nS25GWGRSS2FiY2RWLzNzN2RLNWx0SXpS - ZlRvUWw0bzBpckpOa3Z4eXIrYUtMMTR4NUQKc3g2Wm9DUHJhRFYrWWlRS0ZSenFjQ1RYcWdRb3BY - LzFINFRMV3RkeG14M25IdmhZdzB0VlBZSXZsa245NmpJUwpKdVE2K1VMbVAzZDNzNWJadlhQeUZD - bENKSENxaWZNQ0F3RUFBYU9CaFRDQmdqQU9CZ05WSFE4QkFmOEVCQU1DCkE3Z3dIUVlEVlIwbEJC - WXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUIwR0ExVWREZ1FXQkJTRWVIOTEKVnBhdDlV - SWlrRUdkc1ljdUI2dWxOakFmQmdOVkhTTUVHREFXZ0JSbDk4cG1valVUQ3RZb3phTDl6L0hSYkhS - RwpkREFSQmdOVkhSRUVDakFJZ2daamJHbGxiblF3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUQv - TnZVNWRSajlHCmMzYzVVQ3VLcDI4U2lacjAySE40M091WU5QVlk4L1c5QnZUSk5yMXRPRDFscnhE - eFMzTkpVdzdGaTNidmU5enMKSzA0a09peUxpVjRLd0g2eitpVm8xZU9GUzJLd1BRaGxsaDlobVBB - dXZ4Zm5Fd2k2ZEdXZm5nNExmQ1FvbXFkTgpmbkFCODJBbTViZTBubGJvaGdLcFJUWnVBZjR4dVY4 - SWxlQ1pjVHdFL1hBbERhNVhHaDNvWlE3REYrQnFLSkNUCk1pYS9MT0JPYXRoRVh5ZGJmbndOUUhy - UWlQZzk4c2NMc3FTZEFQMFNGYjMrMmdscFJZT1JrQlFvOWRoa1pGZXkKc2tUakVhbk9YaUhqWldq - aXZRS2Z2WEUvK1l2eGpCcEJqREE2NnYyeUgzSlJqZEM5ZTR2cnE2R0t6VXZML3ltOQpVOGdVWnho - L2ZmeFp4TVA5UmxXajQ0U1NGUVpZNGxUNFF5U2lteFpGdVBTamwzV29QME12UHVvUzFUUzhQUk5s - CnVGeXBVell5SEtlbHpLUnRJZmlnWG9XQi9uR2hSV0RMN2FZS0xYZWRIU0ZrdXBmZm9YM1hHQThM - ZVAwQ01PaEsKUUJaUkxIeXU0VjhvRG1lakFIcFoyVjlpY2E1emtmcnJWVXFvSzF1VjYvdHd3cEZG - WDErN0w1bk0ybDJDQWxvegpaVHFUZzNCdVdYd2VkYzZQbkpuU2xQSDNadFhqcGFJUWhXdU85TUlG - WFVtVFBlSkZ2WGxKeWRsdUxtMlQzanVqCldiVENGcEhyMXBrMGk3K1J4ZVRBcFY0RTk2S09DOXEw - ZGREOG1waTM0cnkyZjFmQ2RZekhQM0s4bW5od3BPWmkKaG1Xd3VWVDV3em5kVWVBRGNWYUY2UlhU - UENKSElLd24KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - - # Base64 encoded content of the clients's key certificate file. - # - # How To: - # Considering client certificate file is named 'client.key', you can obtain the data using the following commands: - # cat client.key | base64 > client.key.b64 - # You can then open the 'client.key.b64' file, copy it contents, and paste to the configuration file - # - # It is required, only if the server requires client authentication. - # It is mutually required if the field client-cert has a value. - # - # REQUIRED: - # + if insecure is set to false - # AND - # + the client-cert field is not empty - client-key: |- - LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBMHBOSWJFRFpa - MnZxUUVZTEFYcjJ4RlIwZzVZdVBMbi91M1lVb2xmbFRPeXZUMFJpCmlZb3I2Wk81cS9Kc2ZXR1di - cmUyZDJpNFR5b2NHNXB0Lzg5dmNsTklJcWtZSkMyMi9wM2ZHRHZTcGhSdldvVWsKNlAyUEI3cEI2 - YldoMGROa3F3c3V4dTd0Q3pQKzdTU1hJbi9TeGVsUDM1dGI1TGp5ejcvTW0yd0lhWkc1ZDRYWApw - eENQMXI0QVRQZU5ieVMwc3R2K0FxY1ZkMUVwcHR4MVgvZXp0MHJtVzBqTkY5T2hDWGlqU0tzazJT - L0hLdjVvCm92WGpIa096SHBtZ0krdG9OWDVpSkFvVkhPcHdKTmVxQkNpbGYvVWZoTXRhMTNHYkhl - Y2UrRmpEUzFVOWdpK1cKU2YzcU1oSW01RHI1UXVZL2QzZXpsdG05Yy9JVUtVSWtjS3FKOHdJREFR - QUJBb0lCQUJFSVVzSlcySDd5RHFlVwpRc3VpMjVUejA5elU1L2FIZ1BUenp5VjJnSmloU0dqYitq - QnYyYTl5QUlHMUFTdC9Ha0RvWVR6MVhuc2d4OWMvCnZZZ0VpbG92L0ZTNVlyZUNieHZYUHpWaG1W - OVBwZFlua04yN3JMY09UTWlQcFlBb1hpc3JvMlA1N1hpTGd5SkIKWkd3bzlLNkhlYXQza0k1R20z - Vk1hVXRsQ0tVcE84cUwzcEZ4S1AwMVVwbGh6ZjhMbXJpTUJQMDlxdFFJejBydQpiR1l5eUdVdk9a - a0RKZFJycmlSWGJWK0RNMFlmbVpqU1Q4aEI0UDlsOEhwMEZRNUp2TWVGREpzRFFaZjVBZnJmClFI - WE55SlFUeTNTeXJ1bGd5N0p4MGY1T2JpVWRMRWViQVRpN3VLR3Y5UEZRRUJmSzdFdE4vZ1ZibGsx - MzRzNUIKWEhkNXU1a0NnWUVBNDBVMjhONko4QXIwY2puYnNLUUJtOGhURWlJSjk3TEJPOU5kOTlJ - M1dJYklZVzIzVE5wVwo0M2R4K1JHelA4eVMzYzZhN00wbzR1dUl6TXFDSkV3cVNJUjAvVGZaWWdx - cGtwcFZPalp2VFdCUDFtSUlKUFpwCll1SFk0UVRJdkdhcVFNNnFWQXA4MW9YdXoxTmNmQWpTLzNJ - Z1BWdGVZeDNKd0pmNWVqenZQclVDZ1lFQTdUSEwKR3VCTWpqTWVhaWk1ZU1sU1BndkYxMHJISUs0 - RzZCZUJDTFFXU2ViNmNOT2x2a1RaOTNqdlFiWko1L3JBTGNWNgpaTVdqbWY5Tkl0NWdDdyt2K2dM - Qm9BZXM3WEk2K2Rpdk1DYXE0dUFmWkhJWjBYbXpIOGx1a0o5ZUtyK2NyR2FzClNhWkdKRnlyQTZz - WGdOc1ZJUm85RkFsR3V1dGZnd2hSUmo1eFp3Y0NnWUVBZ241MWcyeGtDMTVlNlU5clkwdG8KV1Fo - M0dreE5LTnFNdFVzeUExL0N3NlB3WG5EZTlOUFJYQjV6WkszVEhHamNVMXVUL1MvM3NBUEpzcno4 - YU5jSwoyRVNsMzljM2pHSE82QXlScnpFZVMzRm5waEwzMWpGZVpaYUVMdi9PT3M5QUpxSURqdW5P - c0dhS3JxU1F6KzlKCko3OWgzNWtjNHhCeGpaSTFmd2lKM3BrQ2dZRUFwUnBOMkExYy9IWlVxMnho - ZmRRVXJSK2d2TFZPV2s4SWU3RXcKbmhCTW0zQnR6dTlqcFVkanVVQ3l1YmpiUk9CanVQaUdzM0pt - NktDdTNxQ1BsZU43aUxrMmNlQWwzTG53bDB6ZQoxTk4xaTZxWjcxOEUzYXlxcEd1ZnpJZENFdHVC - Z1BlTzRVMGQ4ZDJYSkZ5SlphWVoxUXJnalB2UUFmZ29hWnIyCmg4Q2JTeTBDZ1lFQW1VQ3BqR0JW - MGNpVnlmUXNmOGdsclNOdWx6NzBiaVJWQzVSeno0dVJEMkhsYVM2eC8wc0IKQzltSUhpdWgwR0Zp - dEVFRlg4TzdlZ1ppNWJKMGFuQWYyakk1R1RnTjJOYzFpVlZnWldxcHh2aXpuckpKcENSYgpaejB0 - M2thTkkyNjg0WTNxS2JxeG8ramRNK05hMG1qd2ErTEFOcEdCUDNwb2c0RHJ4eTNNSFdZPQotLS0t - LUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -``` diff --git a/docs/installation/helm.md b/docs/installation/helm.md deleted file mode 100644 index 0bda254e..00000000 --- a/docs/installation/helm.md +++ /dev/null @@ -1,67 +0,0 @@ ---- -title: "COSI Driver installation using Helm" -linkTitle: "Using Helm" -weight: 2 -Description: Installation of COSI Driver using Helm ---- - -The COSI Driver for Dell ObjectScale can be deployed by using the provided Helm v3 charts on Kubernetes platform. - -The Helm chart installs the following components in a _Deployment_ in the specified namespace: -- COSI Driver for ObjectScale - -## Dependencies - -Installing any of the CSI Driver components using Helm requires a few utilities to be installed on the system running the installation. - -| Dependency | Usage | -|------------|----------------------------------------------------------------------------------------------------------------------| -| `kubectl` | Kubectl is used to validate that the Kubernetes system meets the requirements of the driver. | -| `helm` | Helm v3 is used as the deployment tool for Charts. Go [here](https://helm.sh/docs/intro/install/) to install Helm 3. | - -**Note:** To use these tools, a valid `KUBECONFIG` is required. Ensure that either a valid configuration is in the default location, or, that the `KUBECONFIG` environment variable points to a valid configuration before using these tools. - -## Prerequisites - - -- Install Kubernetes (see [supported versions](../../../../cosidriver/#features-and-capabilities)) - -## Install the Driver - -**Steps** -1. Run `git clone -b main https://github.com/dell/helm-charts.git` to clone the git repository. -2. Ensure that you have created the namespace where you want to install the driver. You can run `kubectl create namespace dell-cosi` to create a new one. The use of _dell-cosi_ as the namespace is just an example. You can choose any name for the namespace. -3. Copy the _charts/cosi/values.yaml_ into a new location with name _my-cosi-values.yaml_, to customize settings for installation. -4. Create new file called _my-cosi-configuration.yaml_, and copy the settings available in the [Configuration File](./configuration_file.md) page. -5. Edit *my-cosi-values.yaml* to set the following parameters for your installation: - The following table lists the primary configurable parameters of the COSI driver Helm chart and their default values. More detailed information can be found in the [`values.yaml`](https://github.com/dell/helm-charts/blob/master/charts/cosi/values.yaml) file in this repository. - - | Parameter | Description | Required | Default | - |------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|--------------------------------------------------------------------------------| - | provisioner.logLevel | The logging level for the COSI driver provisioner. | yes | `"yes"` | - | provisioner.logFormat | The logging format for the COSI driver provisioner. | yes | `"text"` | - | provisioner.image.reposiotry | COSI driver provisioner container image repository. | yes | `"docker.io/dell/cosi"` | - | provisioner.image.tag | COSI driver provisioner container image tag. | yes | `"v0.1.0"` | - | provisioner.image.pullPolicy | COSI driver provisioner container image pull policy. Maps 1-to-1 with [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | yes | `"IfNotPresent"` | - | sidecar.verbosity | The logging verbosity for the COSI driver sidecar, higher values are more verbose, possible values are integers from _-2,147,483,648_ to _2,147,483,647_. Generally the range used is between -4 and 12. However, there may be cases where numbers outside that range might provide more information. For additional information, refer to the [COSI sidecar documentation](https://github.com/kubernetes-sigs/container-object-storage-interface-provisioner-sidecar). | yes | `5` | - | sidecar.image.reposiotry | COSI driver sidecar container image repository. | yes | `"gcr.io/k8s-staging-sig-storage/objectstorage-sidecar/objectstorage-sidecar"` | - | sidecar.image.tag | COSI driver sidecar container image tag. | yes | `"v20230130-v0.1.0-24-gc0cf995"` | - | sidecar.image.pullPolicy | COSI driver sidecar container image pull policy. Maps 1-to-1 with [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | yes | `"IfNotPresent"` | - | configuration.create | Specifies whether a secret with driver configuration should be created If set to false, you must set `configuration.secretName` field to an existing configuration secret name. | yes | `true` | - | configuration.secretName | Name can be used to specify an existing secret name to use for the driver configuration or override the generated name (default `cosi-driver`). | | | - | configuration.data | Data should be provided when installing chart, it will be used to create the Secret with the driver configuration. `configuration.create` must be set to `true` for this to work. | no | `""` | - - *NOTE:* - - Whenever the *configuration.secretName* parameter changes in *my-cosi-values.yaml* user needs to reinstall the driver. - - Whenever the *configuration.data* parameter changes in *my-cosi-values.yaml* user needs to reinstall the driver. - -6. Install the driver by running `helm install dell-cosi ./cosi --namespace=dell-cosi --create-namespace --values ./my-cosi-values.yaml --set-file configuration.data=./my-cosi-configuration.yaml` (assuming that the current working directory is _charts_ and _my-cosi-settings.yaml_ is also present under _helm_ directory). - - -```sh -helm install dell-cosi ./helm/cosi --namespace=dell-cosi --values ./my-cosi-values.yaml --set-file configuration.data=./my-cosi-configuration.yaml -``` - -## Bucket Classes, Bucket Access Classes - -The COSI driver for Dell ObjectScale version 1.2, `dell-csi-helm-installer` does not create any _Bucket Classes_ nor _Bucket Access Classes_ as part of the driver installation. A sample class manifests are available at `samples/bucketclass/objectscale.yaml` and `samples/bucketaccessclass/objectscale.yaml`. Use this sample manifest to create a _Bucket Classes_ to provision storage. Remember to uncomment/update the manifest as per the requirements.