From 504bf151471218e09158fc1c64484908442eede9 Mon Sep 17 00:00:00 2001 From: shaynafinocchiaro Date: Tue, 27 Feb 2024 09:32:38 -0500 Subject: [PATCH] CSM Operator documentation missing steps to enable Authorization sidecar for Observability (#1008) --- .../csmoperator/modules/authorization.md | 24 +++++------ .../csmoperator/modules/observability.md | 1 + .../helm/modules/authorization/_index.md | 8 ++-- .../helm/modules/observability/deployment.md | 40 +++++++++---------- 4 files changed, 37 insertions(+), 36 deletions(-) diff --git a/content/docs/deployment/csmoperator/modules/authorization.md b/content/docs/deployment/csmoperator/modules/authorization.md index bbad9140a8..e342c07040 100644 --- a/content/docs/deployment/csmoperator/modules/authorization.md +++ b/content/docs/deployment/csmoperator/modules/authorization.md @@ -21,10 +21,10 @@ To deploy the Operator, follow the instructions available [here](../../#installa 2. Install cert-manager CRDs ```bash -kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.crds.yaml +kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml ``` -3. Prepare `samples/authorization/config.yaml` provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/config.yaml) which contains the JWT signing secret. The following table lists the configuration parameters. +3. Prepare [samples/authorization/config.yaml](https://github.com/dell/csm-operator/blob/main/samples/authorization/config.yaml) which contains the JWT signing secret. The following table lists the configuration parameters. | Parameter | Description | Required | Default | | --------- | ------------------------------------------------------------ | -------- | ------- | @@ -51,7 +51,7 @@ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/relea kubectl create secret generic karavi-config-secret -n authorization --from-file=config.yaml=samples/authorization/config.yaml -o yaml --dry-run=client | kubectl replace -f - ``` -4. Create the `karavi-storage-secret` using the file provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/karavi-storage-secret.yaml) to store storage system credentials. +4. Create the [karavi-storage-secret](https://github.com/dell/csm-operator/blob/main/samples/authorization/karavi-storage-secret.yaml) to store storage system credentials. Use this command to create the secret: @@ -64,7 +64,7 @@ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/relea 1. Follow all the [prerequisites](#prerequisite). -2. Create a CR (Custom Resource) for Authorization using the sample file provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/csm_authorization_proxy_server_v170.yaml). This file can be modified to use custom parameters if needed. +2. Create a CR (Custom Resource) for Authorization from a [sample manifest](https://github.com/dell/csm-operator/tree/main/samples/authorization). This file can be modified to use custom parameters if needed. 3. Users should configure the parameters in the CR. This table lists the primary configurable parameters of the Authorization Proxy Server and their default values: @@ -96,7 +96,7 @@ To enable reporting of trace data with [Zipkin](https://zipkin.io/), use the `cs ```bash - kubectl create -f samples/authorization/csm_authorization_proxy_server_v190.yaml + kubectl create -f ``` >__Note__: @@ -111,12 +111,12 @@ To enable reporting of trace data with [Zipkin](https://zipkin.io/), use the `cs kubectl create secret tls karavi-auth-tls -n authorization --key --cert ``` - If using a self-signed certificate, prepare `samples/authorization/certificate_v190.yaml` provided [here](https://github.com/dell/csm-operator/blob/main/samples/authorization/certificate_v170.yaml). An entry for each hostname specified in the CR must be added under `dnsNames` for the certificate to be valid for each Ingress. + If using a self-signed certificate, prepare a certificate file provided [here](https://github.com/dell/csm-operator/tree/main/samples/authorization). An entry for each hostname specified in the CR must be added under `dnsNames` for the certificate to be valid for each Ingress. Use this command to create the `karavi-auth-tls` secret: ```bash - kubectl create -f samples/authorization/certificate_v190.yaml + kubectl create -f ``` ### Verify Installation of the CSM Authorization Proxy Server @@ -128,12 +128,12 @@ Once the Authorization CR is created, you can verify the installation as mention ### Install Karavictl -Follow the instructions available in CSM Authorization for [Installing karavictl](../../../../authorization/deployment/helm/#install-karavictl). +Follow the instructions available in CSM Authorization for [Installing karavictl](../../../helm/modules/authorization/#install-karavictl). -### Configuring the CSM Authorization Proxy Server +### Configure the CSM Authorization Proxy Server -Follow the instructions available in CSM Authorization for [Configuring the CSM Authorization Proxy Server](../../../../authorization/configuration/proxy-server/#configuring-the-csm-authorization-proxy-server). +Follow the instructions available in CSM Authorization for [Configuring the CSM Authorization Proxy Server](../../../helm/modules/authorization/#configuring-the-csm-authorization-proxy-server). -### Configuring a Dell CSI Driver with CSM Authorization +### Configure a Dell CSI Driver with CSM Authorization -Follow the instructions available in CSM Authorization for [Configuring a Dell CSI Driver with CSM for Authorization](../../../../authorization/configuration/#configuring-a-dell-csi-driver-with-csm-for-authorization). +Follow the instructions available in CSM Authorization for [Configuring a Dell CSI Driver with CSM for Authorization](../../../helm/modules/authorization/#configuring-a-dell-csi-driver-with-csm-for-authorization). diff --git a/content/docs/deployment/csmoperator/modules/observability.md b/content/docs/deployment/csmoperator/modules/observability.md index 0ed1a428a2..1e2dd58e5d 100644 --- a/content/docs/deployment/csmoperator/modules/observability.md +++ b/content/docs/deployment/csmoperator/modules/observability.md @@ -14,6 +14,7 @@ The CSM Observability module for supported Dell CSI Drivers can be installed via kubectl create namespace karavi ``` - Enable Observability module and components in [sample manifests](https://github.com/dell/csm-operator/tree/main/samples). If cert-manager has already been installed, don't enable it. +- To use Observablity with CSM Authorization, the [Authorization Proxy Server](../authorization/) should be installed and configured first. Then, enable the Authorization module along with the Observability module in the sample manifest. - Observability will deploy with self-signed certificates by default. If you want to have custom certificates created instead, please generate certificates and private keys, encode them in base64, and insert them into the sample file as shown below for whichever components you are enabling: ``` # observability: allows to configure observability diff --git a/content/docs/deployment/helm/modules/authorization/_index.md b/content/docs/deployment/helm/modules/authorization/_index.md index 1619ba8608..03123b3b4e 100644 --- a/content/docs/deployment/helm/modules/authorization/_index.md +++ b/content/docs/deployment/helm/modules/authorization/_index.md @@ -136,7 +136,7 @@ mv ./karavictl ~/.local/bin/karavictl # and then append (or prepend) ~/.local/bin to $PATH ``` -Karavictl commands and intended use can be found [here](../../cli/). +Karavictl commands and intended use can be found [here](../../../../authorization/cli/). ## Configuring the CSM Authorization Proxy Server @@ -176,13 +176,13 @@ On the machine running `karavictl`, the `/etc/hosts` file needs to be updated wi csm-authorization.com ``` -Please continue following the steps outlined in the [proxy server](../../configuration/proxy-server) configuration. +Please continue following the steps outlined in the [proxy server](../../../../authorization/configuration/proxy-server) configuration. ## Configuring a Dell CSI Driver with CSM for Authorization -The second part of CSM for Authorization deployment is to configure one or more of the [supported](../../../authorization#supported-csi-drivers) CSI drivers. This is controlled by the Kubernetes tenant admin. +The second part of CSM for Authorization deployment is to configure one or more of the [supported](../../../../authorization#supported-csi-drivers) CSI drivers. This is controlled by the Kubernetes tenant admin. -Please follow the steps outlined in [PowerFlex](../../configuration/powerflex), [PowerMax](../../configuration/powermax), or [PowerScale](../../configuration/powerscale) to configure the CSI Driver to work with the Authorization sidecar. +Please continue following the configuration steps for a specific CSI Driver [here](../../../../authorization/configuration/). ## Updating CSM for Authorization Proxy Server Configuration diff --git a/content/docs/deployment/helm/modules/observability/deployment.md b/content/docs/deployment/helm/modules/observability/deployment.md index 410b01b389..d8d77beed2 100644 --- a/content/docs/deployment/helm/modules/observability/deployment.md +++ b/content/docs/deployment/helm/modules/observability/deployment.md @@ -49,7 +49,7 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O kubectl get secret [VXFLEXOS-CONFIG] -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/name: [VXFLEXOS-CONFIG]/name: vxflexos-config/' | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - ``` - If [CSM for Authorization is enabled](../../../authorization/deployment/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerFlex, perform the following steps: + If [CSM for Authorization is enabled](../../authorization/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerFlex, perform the following steps: 2. Copy the driver configuration parameters ConfigMap from the CSI PowerFlex namespace into the CSM for Observability namespace: @@ -104,7 +104,7 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O kubectl get secret [ISILON-CREDS] -n [CSI_DRIVER_NAMESPACE] -o yaml | sed 's/name: [ISILON-CREDS]/name: isilon-creds/' | sed 's/namespace: [CSI_DRIVER_NAMESPACE]/namespace: [CSM_NAMESPACE]/' | kubectl create -f - ``` - If [CSM for Authorization is enabled](../../../authorization/deployment/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerScale, perform these steps: + If [CSM for Authorization is enabled](../../authorization/#configuring-a-dell-csi-driver-with-csm-for-authorization) for CSI PowerScale, perform these steps: 2. Copy the driver configuration parameters ConfigMap from the CSI PowerScale namespace into the CSM for Observability namespace: @@ -185,31 +185,31 @@ The Container Storage Modules (CSM) for Observability Helm chart bootstraps an O ``` - 5. Configure the [parameters](#configuration) and install the CSM for Observability Helm Chart +5. Configure the [parameters](#configuration) and install the CSM for Observability Helm Chart - A default values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml) that can be used for installation. This can be copied into a file named `myvalues.yaml` and either used as is or modified accordingly. + A default values.yaml file is located [here](https://github.com/dell/helm-charts/blob/main/charts/karavi-observability/values.yaml) that can be used for installation. This can be copied into a file named `myvalues.yaml` and either used as is or modified accordingly. - __Note:__ - - The default `values.yaml` is configured to deploy the CSM for Observability Topology service on install. - - If CSM for Authorization is enabled for CSI PowerFlex, the `karaviMetricsPowerflex.authorization` parameters must be properly configured in your values file for CSM Observability. - - If CSM for Authorization is enabled for CSI PowerScale, the `karaviMetricsPowerscale.authorization` parameters must be properly configured in your values file for CSM Observability. - - If CSM for Authorization is enabled for CSI PowerMax, the `karaviMetricsPowerMax.authorization` parameters must be properly configured in your values file for CSM Observability. + __Note:__ + - The default `values.yaml` is configured to deploy the CSM for Observability Topology service on install. + - If CSM for Authorization is enabled for CSI PowerFlex, the `karaviMetricsPowerflex.authorization` parameters must be properly configured in your values file for CSM Observability. + - If CSM for Authorization is enabled for CSI PowerScale, the `karaviMetricsPowerscale.authorization` parameters must be properly configured in your values file for CSM Observability. + - If CSM for Authorization is enabled for CSI PowerMax, the `karaviMetricsPowerMax.authorization` parameters must be properly configured in your values file for CSM Observability. - ```console + ```console - helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] -f myvalues.yaml - ``` + helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] -f myvalues.yaml + ``` - Alternatively, you can specify each parameter using the '--set key=value[,key=value]' and/or '--set-file key=value[,key=value] arguments to 'helm install'. For example: + Alternatively, you can specify each parameter using the '--set key=value[,key=value]' and/or '--set-file key=value[,key=value] arguments to 'helm install'. For example: - ```console + ```console - helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] \ - --set-file karaviTopology.certificateFile= \ - --set-file karaviTopology.privateKeyFile= \ - --set-file otelCollector.certificateFile= \ - --set-file otelCollector.privateKeyFile= - ``` + helm install karavi-observability dell/karavi-observability -n [CSM_NAMESPACE] \ + --set-file karaviTopology.certificateFile= \ + --set-file karaviTopology.privateKeyFile= \ + --set-file otelCollector.certificateFile= \ + --set-file otelCollector.privateKeyFile= + ``` ## Configuration