CSM for Authorization is part of the CSM (Container Storage Modules) open-source suite of Kubernetes storage enablers for Dell products. CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell CSI Drivers. It does this by deploying a proxy between the CSI driver and the storage system to enforce role-based access and usage rules.
Storage administrators of compatible storage platforms will be able to apply quota and RBAC rules that instantly and automatically restrict cluster tenants usage of storage resources. Users of storage through CSM for Authorization do not need to have storage admin root credentials to access the storage system.
For documentation, please visit Container Storage Modules documentation.
- Code of Conduct
- Maintainer Guide
- Committer Guide
- Contributing Guide
- List of Adopters
- Support
- Security
- Project Structure
- About
If you wish to clone and build CSM for Authorization, a Linux host is required with the following installed:
Component | Version | Additional Information |
---|---|---|
Docker | v19+ | Docker installation |
Golang | v1.16 | Golang installation |
git | latest | Git installation |
kubectl | 1.17-1.19 | Ensure you copy the kubeconfig file from the Kubernetes cluster to the linux host. kubectl installation |
Helm | v.3.3.0 | Helm installation |
Once all prerequisites are on the Linux host, follow the steps below to clone, build and deploy CSM for Authorization:
- Clone the repository:
git clone https://github.com/dell/karavi-authorization.git
- In the karavi-authorization directory, run the following to build and deploy:
make build docker dist deploy
From the root directory where the repo was cloned, the unit tests can be executed as follows:
make test
This will also provide code coverage statistics for the various Go packages.
To test the setup, follow the steps below:
- Create a StorageClass
- Create a PVC request from the StorageClass with any storage capacity less than the RoleQuota you specified during configuration
- Request a Pod to consume the PVC created above. If everything is well configured, the PVC will be bound to storage and the volume will be created on the storage system.
You can also test failure cases, by repeating the above steps but specify a quota larger than RoleQuota you specified. Conversely, when you request a Pod to use PVC, you'll get the request is denied as PVC exceeds capacity and PV will be in a pending state.
This project is adhering to Semantic Versioning.
Dell Container Storage Modules (CSM) is 100% open source and community-driven. All components are available under Apache 2 License on GitHub.