Skip to content

Commit

Permalink
CSM Operator documentation missing steps to enable Authorization side…
Browse files Browse the repository at this point in the history
…car for Observability (#1008)
  • Loading branch information
shaynafinocchiaro authored Feb 27, 2024
1 parent 4f28683 commit 504bf15
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 36 deletions.
24 changes: 12 additions & 12 deletions content/docs/deployment/csmoperator/modules/authorization.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@ To deploy the Operator, follow the instructions available [here](../../#installa
2. Install cert-manager CRDs
```bash

kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml
```

3. Prepare `samples/authorization/config.yaml` provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/config.yaml) which contains the JWT signing secret. The following table lists the configuration parameters.
3. Prepare [samples/authorization/config.yaml](https://github.com/dell/csm-operator/blob/main/samples/authorization/config.yaml) which contains the JWT signing secret. The following table lists the configuration parameters.

| Parameter | Description | Required | Default |
| --------- | ------------------------------------------------------------ | -------- | ------- |
Expand All @@ -51,7 +51,7 @@ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/relea
kubectl create secret generic karavi-config-secret -n authorization --from-file=config.yaml=samples/authorization/config.yaml -o yaml --dry-run=client | kubectl replace -f -
```

4. Create the `karavi-storage-secret` using the file provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/karavi-storage-secret.yaml) to store storage system credentials.
4. Create the [karavi-storage-secret](https://github.com/dell/csm-operator/blob/main/samples/authorization/karavi-storage-secret.yaml) to store storage system credentials.

Use this command to create the secret:

Expand All @@ -64,7 +64,7 @@ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/relea

1. Follow all the [prerequisites](#prerequisite).

2. Create a CR (Custom Resource) for Authorization using the sample file provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/csm_authorization_proxy_server_v170.yaml). This file can be modified to use custom parameters if needed.
2. Create a CR (Custom Resource) for Authorization from a [sample manifest](https://github.com/dell/csm-operator/tree/main/samples/authorization). This file can be modified to use custom parameters if needed.

3. Users should configure the parameters in the CR. This table lists the primary configurable parameters of the Authorization Proxy Server and their default values:

Expand Down Expand Up @@ -96,7 +96,7 @@ To enable reporting of trace data with [Zipkin](https://zipkin.io/), use the `cs

```bash
kubectl create -f samples/authorization/csm_authorization_proxy_server_v190.yaml
kubectl create -f <SAMPLE FILE>
```

>__Note__:
Expand All @@ -111,12 +111,12 @@ To enable reporting of trace data with [Zipkin](https://zipkin.io/), use the `cs
kubectl create secret tls karavi-auth-tls -n authorization --key <location-of-private-key-file> --cert <location-of-certificate-file>
```

If using a self-signed certificate, prepare `samples/authorization/certificate_v190.yaml` provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/certificate_v170.yaml). An entry for each hostname specified in the CR must be added under `dnsNames` for the certificate to be valid for each Ingress.
If using a self-signed certificate, prepare a certificate file provided [here](https://github.com/dell/csm-operator/tree/main/samples/authorization). An entry for each hostname specified in the CR must be added under `dnsNames` for the certificate to be valid for each Ingress.

Use this command to create the `karavi-auth-tls` secret:

```bash
kubectl create -f samples/authorization/certificate_v190.yaml
kubectl create -f <CERTIFICATE FILE>
```

### Verify Installation of the CSM Authorization Proxy Server
Expand All @@ -128,12 +128,12 @@ Once the Authorization CR is created, you can verify the installation as mention

### Install Karavictl

Follow the instructions available in CSM Authorization for [Installing karavictl](../../../../authorization/deployment/helm/#install-karavictl).
Follow the instructions available in CSM Authorization for [Installing karavictl](../../../helm/modules/authorization/#install-karavictl).

### Configuring the CSM Authorization Proxy Server
### Configure the CSM Authorization Proxy Server

Follow the instructions available in CSM Authorization for [Configuring the CSM Authorization Proxy Server](../../../../authorization/configuration/proxy-server/#configuring-the-csm-authorization-proxy-server).
Follow the instructions available in CSM Authorization for [Configuring the CSM Authorization Proxy Server](../../../helm/modules/authorization/#configuring-the-csm-authorization-proxy-server).

### Configuring a Dell CSI Driver with CSM Authorization
### Configure a Dell CSI Driver with CSM Authorization

Follow the instructions available in CSM Authorization for [Configuring a Dell CSI Driver with CSM for Authorization](../../../../authorization/configuration/#configuring-a-dell-csi-driver-with-csm-for-authorization).
Follow the instructions available in CSM Authorization for [Configuring a Dell CSI Driver with CSM for Authorization](../../../helm/modules/authorization/#configuring-a-dell-csi-driver-with-csm-for-authorization).
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ The CSM Observability module for supported Dell CSI Drivers can be installed via
kubectl create namespace karavi
```
- Enable Observability module and components in [sample manifests](https://github.com/dell/csm-operator/tree/main/samples). If cert-manager has already been installed, don't enable it.
- To use Observablity with CSM Authorization, the [Authorization Proxy Server](../authorization/) should be installed and configured first. Then, enable the Authorization module along with the Observability module in the sample manifest.
- Observability will deploy with self-signed certificates by default. If you want to have custom certificates created instead, please generate certificates and private keys, encode them in base64, and insert them into the sample file as shown below for whichever components you are enabling:
```
# observability: allows to configure observability
Expand Down
8 changes: 4 additions & 4 deletions content/docs/deployment/helm/modules/authorization/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ mv ./karavictl ~/.local/bin/karavictl
# and then append (or prepend) ~/.local/bin to $PATH
```

Karavictl commands and intended use can be found [here](../../cli/).
Karavictl commands and intended use can be found [here](../../../../authorization/cli/).

## Configuring the CSM Authorization Proxy Server

Expand Down Expand Up @@ -176,13 +176,13 @@ On the machine running `karavictl`, the `/etc/hosts` file needs to be updated wi
<master_node_ip> csm-authorization.com
```

Please continue following the steps outlined in the [proxy server](../../configuration/proxy-server) configuration.
Please continue following the steps outlined in the [proxy server](../../../../authorization/configuration/proxy-server) configuration.

## Configuring a Dell CSI Driver with CSM for Authorization

The second part of CSM for Authorization deployment is to configure one or more of the [supported](../../../authorization#supported-csi-drivers) CSI drivers. This is controlled by the Kubernetes tenant admin.
The second part of CSM for Authorization deployment is to configure one or more of the [supported](../../../../authorization#supported-csi-drivers) CSI drivers. This is controlled by the Kubernetes tenant admin.

Please follow the steps outlined in [PowerFlex](../../configuration/powerflex), [PowerMax](../../configuration/powermax), or [PowerScale](../../configuration/powerscale) to configure the CSI Driver to work with the Authorization sidecar.
Please continue following the configuration steps for a specific CSI Driver [here](../../../../authorization/configuration/).

## Updating CSM for Authorization Proxy Server Configuration

Expand Down
40 changes: 20 additions & 20 deletions content/docs/deployment/helm/modules/observability/deployment.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O
kubectl get secret [VXFLEXOS-CONFIG] -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/name: [VXFLEXOS-CONFIG]/name: vxflexos-config/' | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f -
```

If [CSM for Authorization is enabled](../../../authorization/deployment/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerFlex, perform the following steps:
If [CSM for Authorization is enabled](../../authorization/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerFlex, perform the following steps:

2. Copy the driver configuration parameters ConfigMap from the CSI PowerFlex namespace into the CSM for Observability namespace:

Expand Down Expand Up @@ -104,7 +104,7 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O
kubectl get secret [ISILON-CREDS] -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/name: [ISILON-CREDS]/name: isilon-creds/' | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f -
```

If [CSM for Authorization is enabled](../../../authorization/deployment/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerScale, perform these steps:
If [CSM for Authorization is enabled](../../authorization/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerScale, perform these steps:

2. Copy the driver configuration parameters ConfigMap from the CSI PowerScale namespace into the CSM for Observability namespace:

Expand Down Expand Up @@ -185,31 +185,31 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O
```


5. Configure the [parameters](#configuration) and install the CSM for Observability Helm Chart
5. Configure the [parameters](#configuration) and install the CSM for Observability Helm Chart

A default values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml) that can be used for installation. This can be copied into a file named `myvalues.yaml` and either used as is or modified accordingly.
A default values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml) that can be used for installation. This can be copied into a file named `myvalues.yaml` and either used as is or modified accordingly.

__Note:__
- The default `values.yaml` is configured to deploy the CSM for Observability Topology service on install.
- If CSM for Authorization is enabled for CSI PowerFlex, the `karaviMetricsPowerflex.authorization` parameters must be properly configured in your values file for CSM Observability.
- If CSM for Authorization is enabled for CSI PowerScale, the `karaviMetricsPowerscale.authorization` parameters must be properly configured in your values file for CSM Observability.
- If CSM for Authorization is enabled for CSI PowerMax, the `karaviMetricsPowerMax.authorization` parameters must be properly configured in your values file for CSM Observability.
__Note:__
- The default `values.yaml` is configured to deploy the CSM for Observability Topology service on install.
- If CSM for Authorization is enabled for CSI PowerFlex, the `karaviMetricsPowerflex.authorization` parameters must be properly configured in your values file for CSM Observability.
- If CSM for Authorization is enabled for CSI PowerScale, the `karaviMetricsPowerscale.authorization` parameters must be properly configured in your values file for CSM Observability.
- If CSM for Authorization is enabled for CSI PowerMax, the `karaviMetricsPowerMax.authorization` parameters must be properly configured in your values file for CSM Observability.

```console
```console
helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] -f myvalues.yaml
```
helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] -f myvalues.yaml
```

Alternatively, you can specify each parameter using the '--set key=value[,key=value]' and/or '--set-file key=value[,key=value] arguments to 'helm install'. For example:
Alternatively, you can specify each parameter using the '--set key=value[,key=value]' and/or '--set-file key=value[,key=value] arguments to 'helm install'. For example:
```console
```console
helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] \
--set-file karaviTopology.certificateFile=<location-of-karavi-topology-certificate-file> \
--set-file karaviTopology.privateKeyFile=<location-of-karavi-topology-private-key-file> \
--set-file otelCollector.certificateFile=<location-of-otel-collector-certificate-file> \
--set-file otelCollector.privateKeyFile=<location-of-otel-collector-private-key-file>
```
helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] \
--set-file karaviTopology.certificateFile=<location-of-karavi-topology-certificate-file> \
--set-file karaviTopology.privateKeyFile=<location-of-karavi-topology-private-key-file> \
--set-file otelCollector.certificateFile=<location-of-otel-collector-certificate-file> \
--set-file otelCollector.privateKeyFile=<location-of-otel-collector-private-key-file>
```
## Configuration
Expand Down

0 comments on commit 504bf15

Please sign in to comment.