diff --git a/content/docs/csidriver/features/powerstore.md b/content/docs/csidriver/features/powerstore.md index d05d280695..291499bb25 100644 --- a/content/docs/csidriver/features/powerstore.md +++ b/content/docs/csidriver/features/powerstore.md @@ -638,3 +638,27 @@ spec: ``` >Note: The access mode ReadWriteOnce allows multiple pods to access a single volume within a single worker node and the behavior is consistent across all supported Kubernetes versions. + +## POSIX and NFSv4 ACLs + +CSI PowerStore driver version 2.2.0 and later allows users to set user-defined permissions on NFS target mount directory using POSIX mode bits or NFSv4 ACLs. + +NFSv4 ACLs are supported for NFSv4 shares on NFSv4 enabled NAS servers only. Please ensure the order when providing the NFSv4 ACLs. + +To use this feature, provide permissions in `nfsAcls` parameter in values.yaml, secrets or NFS storage class. + +For example: + +1. POSIX mode bits + +```yaml +nfsAcls: "0755" +``` + +2. NFSv4 ACLs + +```yaml +nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::user@domain.com:rxtncy" +``` + +>Note: If no values are specified, default value of "0777" will be set. diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index 3514c04717..e60827d549 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -141,6 +141,8 @@ CRDs should be configured during replication prepare stage with repctl as descri - *isDefault*: defines if we should treat the current array as a default. - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). - *nasName*: defines what NAS should be used for NFS volumes. + - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. + NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only. Add more blocks similar to above for each PowerStore array if necessary. 5. Create storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f ` @@ -156,6 +158,7 @@ CRDs should be configured during replication prepare stage with repctl as descri | externalAccess | Defines additional entries for hostAccess of NFS volumes, single IP address and subnet are valid entries | No | " " | | kubeletConfigDir | Defines kubelet config path for cluster | Yes | "/var/lib/kubelet" | | imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. | Yes | "IfNotPresent" | +| nfsAcls | Defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. | No | "0777" | | connection.enableCHAP | Defines whether the driver should use CHAP for iSCSI connections or not | No | False | | controller.controllerCount | Defines number of replicas of controller deployment | Yes | 2 | | controller.volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csivol" | diff --git a/content/docs/csidriver/installation/operator/powerstore.md b/content/docs/csidriver/installation/operator/powerstore.md index 8fb2f30f95..6fc98a126e 100644 --- a/content/docs/csidriver/installation/operator/powerstore.md +++ b/content/docs/csidriver/installation/operator/powerstore.md @@ -67,6 +67,7 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c | X_CSI_FC_PORTS_FILTER_FILE_PATH | To set path to the file which provides a list of WWPN which should be used by the driver for FC connection on this node | No | "/etc/fc-ports-filter" | | ***Controller parameters*** | | X_CSI_POWERSTORE_EXTERNAL_ACCESS | allows specifying additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries | No | " "| + | X_CSI_NFS_ACLS | Defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. | No | "0777" | | ***Node parameters*** | | X_CSI_POWERSTORE_ENABLE_CHAP | Set to true if you want to enable iSCSI CHAP feature | No | false | 6. Execute the following command to create PowerStore custom resource:`kubectl create -f `. The above command will deploy the CSI-PowerStore driver.