Merge branch 'release-1.2' into feature/fs-group-doc

content/docs/csidriver/_index.md

@@ -59,6 +59,7 @@ The CSI Drivers by Dell EMC implement an interface between [CSI](https://kuberne
 |---------------|:----------------:|:------------------:|:----------------:|:----------------:|:----------------:|
 | Fibre Channel | yes              | N/A                | yes              | N/A              | yes              |
 | iSCSI         | yes              | N/A                | yes              | N/A              | yes              |
+| NVMeTCP       | N/A              | N/A                | N/A              | N/A              | yes              |
 | NFS           | N/A              | N/A                | yes              | yes              | yes              |
 | Other         | N/A              | ScaleIO protocol   | N/A              | N/A              | N/A              |
 | Supported FS  | ext4 / xfs       | ext4 / xfs         | ext3 / ext4 / xfs / NFS | NFS       | ext3 / ext4 / xfs / NFS |

content/docs/csidriver/features/powerstore.md

@@ -638,3 +638,33 @@ spec:
 ```
 
 >Note: The access mode ReadWriteOnce allows multiple pods to access a single volume within a single worker node and the behavior is consistent across all supported Kubernetes versions.
+
+## POSIX and NFSv4 ACLs
+
+CSI PowerStore driver version 2.2.0 and later allows users to set user-defined permissions on NFS target mount directory using POSIX mode bits or NFSv4 ACLs.
+
+NFSv4 ACLs are supported for NFSv4 shares on NFSv4 enabled NAS servers only. Please ensure the order when providing the NFSv4 ACLs.
+
+To use this feature, provide permissions in `nfsAcls` parameter in values.yaml, secrets or NFS storage class.
+
+For example:
+
+1. POSIX mode bits
+
+```yaml
+nfsAcls: "0755"
+```
+
+2. NFSv4 ACLs
+
+```yaml
+nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::[email protected]:rxtncy"
+```
+
+>Note: If no values are specified, default value of "0777" will be set.
+
+
+## NVMe/TCP Support
+
+CSI Driver for Dell Powerstore 2.2.0 and above supports NVMe/TCP provisioning. To enable NVMe/TCP provisioning, blockProtocol on secret should be specified as `NVMeTCP`. 
+In case blockProtocol is specified as `auto`, the driver will be able to find the initiators on the host and choose the protocol accordingly. If the host has multiple protocols enabled, then FC gets the highest priority followed by iSCSI and then NVMeTCP.

content/docs/csidriver/features/unity.md

@@ -190,7 +190,7 @@ provisioner: csi-unity.dellemc.com
 reclaimPolicy: Delete
 allowVolumeExpansion: true # Set this attribute to true if you plan to expand any PVCs created using this storage class
 parameters:
-    FsType: xfs
+    csi.storage.k8s.io/fstype: xfs
 ```
 
 To resize a PVC, edit the existing PVC spec and set spec.resources.requests.storage to the intended size. For example, if you have a PVC unity-pvc-demo of size 3Gi, then you can resize it to 30Gi by updating the PVC.
@@ -353,7 +353,7 @@ To create `NFS` volume you need to provide `nasName:` parameters that point to t
   - name: volume
     csi:
       driver: csi-unity.dellemc.com
-      fsType: "nfs"
+      csi.storage.k8s.io/fstype: "nfs"
       volumeAttributes:
         size: "20Gi"
         nasName: "csi-nas-name"
@@ -643,7 +643,7 @@ data:
     CSI_LOG_LEVEL: "info"
     ALLOW_RWO_MULTIPOD_ACCESS: "false"
     MAX_UNITY_VOLUMES_PER_NODE: "0"
-    SYNC_NODE_INFO_TIME_INTERVAL: "0"
+    SYNC_NODE_INFO_TIME_INTERVAL: "15"
     TENANT_NAME: ""
 ```
 >Note: csi-unity supports Tenancy in multi-array setup, provided the TenantName is the same across Unity instances.

content/docs/csidriver/installation/helm/isilon.md

@@ -93,6 +93,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller
    | verbose | Indicates what content of the OneFS REST API message should be logged in debug level logs | Yes | 1 |
    | kubeletConfigDir | Specify kubelet config dir path | Yes | "/var/lib/kubelet" |
    | enableCustomTopology | Indicates PowerScale FQDN/IP which will be fetched from node label and the same will be used by controller and node pod to establish a connection to Array. This requires enableCustomTopology to be enabled. | No | false |
+   | fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" |
    | ***controller*** | Configure controller pod specific parameters | | |
    | controllerCount | Defines the number of csi-powerscale controller pods to deploy to the Kubernetes release| Yes | 2 |
    | volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" |
@@ -122,7 +123,7 @@ kubectl create -f deploy/kubernetes/snapshot-controller
    | sidecarProxyImage | Image for csm-authorization-sidecar. | No | " " |
    | proxyHost | Hostname of the csm-authorization server. | No | Empty |
    | skipCertificateValidation | A boolean that enables/disables certificate validation of the csm-authorization server. | No | true |
-   
+
    *NOTE:* 
 
    - ControllerCount parameter value must not exceed the number of nodes in the Kubernetes cluster. Otherwise, some of the controller pods remain in a "Pending" state till new nodes are available for scheduling. The installer exits with a WARNING on the same.

content/docs/csidriver/installation/helm/powerstore.md

@@ -61,6 +61,17 @@ To do this, run the `systemctl enable --now iscsid` command.
 
 For information about configuring iSCSI, see _Dell EMC PowerStore documentation_ on Dell EMC Support.
 
+
+### Set up the NVMe/TCP Initiator
+
+If you want to use the protocol, set up the NVMe/TCP initiators as follows
+- The driver requires NVMe management command-line interface (nvme-cli) to use configure, edit, view or start the NVMe client and target. The nvme-cli utility provides a command-line and interactive shell option. The NVMe CLI tool is installed in the host using the below command.
+`sudo apt install nvme-cli`
+
+- Modules including the nvme, nvme_core, nvme_fabrics, and nvme_tcp are required for using NVMe over Fabrics using TCP. Load the NVMe and NVMe-OF Modules using the below commands.
+```modprobe nvme
+   modprobe nvme-tcp```
+
 ### Linux multipathing requirements
 Dell EMC PowerStore supports Linux multipathing. Configure Linux multipathing before installing the CSI Driver for Dell EMC
 PowerStore.
@@ -139,8 +150,10 @@ CRDs should be configured during replication prepare stage with repctl as descri
     - *username*, *password*: defines credentials for connecting to array.
     - *skipCertificateValidation*: defines if we should use insecure connection or not.
     - *isDefault*: defines if we should treat the current array as a default.
-    - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto).
+    - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, NVMeTCP, None, or auto).
     - *nasName*: defines what NAS should be used for NFS volumes.
+	- *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory.
+	             NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only.
 
     Add more blocks similar to above for each PowerStore array if necessary. 
 5. Create storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f <path_to_storageclass_file>`
@@ -156,6 +169,7 @@ CRDs should be configured during replication prepare stage with repctl as descri
 | externalAccess | Defines additional entries for hostAccess of NFS volumes, single IP address and subnet are valid entries | No | " " |
 | kubeletConfigDir | Defines kubelet config path for cluster | Yes | "/var/lib/kubelet" |
 | imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. | Yes | "IfNotPresent" |
+| nfsAcls | Defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. | No | "0777" |
 | connection.enableCHAP   | Defines whether the driver should use CHAP for iSCSI connections or not | No | False |
 | controller.controllerCount     | Defines number of replicas of controller deployment | Yes | 2 |
 | controller.volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csivol" |

content/docs/csidriver/installation/helm/unity.md

@@ -38,7 +38,7 @@ Install CSI Driver for Unity using this procedure.
 
 *Before you begin*
 
- * You must have the downloaded files, including the Helm chart from the source [git repository](https://github.com/dell/csi-unity) with the command ```git clone -b v2.1.0 https://github.com/dell/csi-unity.git```, as a pre-requisite for running this procedure.
+ * You must have the downloaded files, including the Helm chart from the source [git repository](https://github.com/dell/csi-unity) with the command ```git clone -b v2.2.0 https://github.com/dell/csi-unity.git```, as a pre-requisite for running this procedure.
  * In the top-level dell-csi-helm-installer directory, there should be two scripts, `csi-install.sh` and `csi-uninstall.sh`.
  * Ensure _unity_ namespace exists in Kubernetes cluster. Use the `kubectl create namespace unity` command to create the namespace if the namespace is not present.
 
@@ -130,7 +130,7 @@ Procedure
     | storageArrayList.endpoint | REST API gateway HTTPS endpoint Unity system| true | -   |
     | storageArrayList.arrayId  | ArrayID for Unity system            | true     | -       |
     | storageArrayList.skipCertificateValidation | "skipCertificateValidation " determines if the driver is going to validate unisphere certs while connecting to the Unisphere REST API interface. If it is set to false, then a secret unity-certs has to be created with an X.509 certificate of CA which signed the Unisphere certificate. | true | true |
-    | storageArrayList.isDefault| An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | false | false |
+    | storageArrayList.isDefault| An array having isDefault=true or isDefaultArray=true will be considered as the default array when arrayId is not specified in the storage class. This parameter should occur only once in the list. | true | - |
 
 
     Example: secret.yaml

content/docs/csidriver/installation/operator/_index.md

@@ -50,21 +50,21 @@ If you have installed an old version of the `dell-csi-operator` which was availa
 #### Full list of CSI Drivers and versions supported by the Dell CSI Operator
 | CSI Driver         | Version   | ConfigVersion  | Kubernetes Version   | OpenShift Version     |
 | ------------------ | --------- | -------------- | -------------------- | --------------------- |
-| CSI PowerMax       | 1.7       | v6             | 1.19, 1.20, 1.21     | 4.6, 4.7              |
 | CSI PowerMax       | 2.0.0     | v2.0.0         | 1.20, 1.21, 1.22     | 4.6 EUS, 4.7, 4.8     |
 | CSI PowerMax       | 2.1.0     | v2.1.0         | 1.20, 1.21, 1.22     | 4.8, 4.8 EUS, 4.9     |
-| CSI PowerFlex      | 1.5       | v5             | 1.19, 1.20, 1.21     | 4.6, 4.7              |
+| CSI PowerMax       | 2.2.0     | v2.2.0         | 1.21, 1.22, 1.23     | 4.8, 4.8 EUS, 4.9     |
 | CSI PowerFlex      | 2.0.0     | v2.0.0         | 1.20, 1.21, 1.22     | 4.6 EUS, 4.7, 4.8     |
 | CSI PowerFlex      | 2.1.0     | v2.1.0         | 1.20, 1.21, 1.22     | 4.8, 4.8 EUS, 4.9     |
-| CSI PowerScale     | 1.6       | v6             | 1.19, 1.20, 1.21     | 4.6, 4.7              |
+| CSI PowerFlex      | 2.2.0     | v2.2.0         | 1.21, 1.22, 1.23     | 4.8, 4.8 EUS, 4.9     |
 | CSI PowerScale     | 2.0.0     | v2.0.0         | 1.20, 1.21, 1.22     | 4.6 EUS, 4.7, 4.8     |
 | CSI PowerScale     | 2.1.0     | v2.1.0         | 1.20, 1.21, 1.22     | 4.8, 4.8 EUS, 4.9     |
-| CSI Unity          | 1.6       | v5             | 1.19, 1.20, 1.21     | 4.6, 4.7              |
+| CSI PowerScale     | 2.2.0     | v2.2.0         | 1.21, 1.22, 1.23     | 4.8, 4.8 EUS, 4.9     |
 | CSI Unity          | 2.0.0     | v2.0.0         | 1.20, 1.21, 1.22     | 4.6 EUS, 4.7, 4.8     |
 | CSI Unity          | 2.1.0     | v2.1.0         | 1.20, 1.21, 1.22     | 4.8, 4.8 EUS, 4.9     |
-| CSI PowerStore     | 1.4       | v4             | 1.19, 1.20, 1.21     | 4.6, 4.7              |
+| CSI Unity          | 2.2.0     | v2.2.0         | 1.21, 1.22, 1.23     | 4.8, 4.8 EUS, 4.9     |
 | CSI PowerStore     | 2.0.0     | v2.0.0         | 1.20, 1.21, 1.22     | 4.6 EUS, 4.7, 4.8     |
 | CSI PowerStore     | 2.1.0     | v2.1.0         | 1.20, 1.21, 1.22     | 4.8, 4.8 EUS, 4.9     |
+| CSI PowerStore     | 2.2.0     | v2.2.0         | 1.21, 1.22, 1.23     | 4.8, 4.8 EUS, 4.9     |
 
 </br>
 

content/docs/csidriver/installation/operator/isilon.md

@@ -115,6 +115,7 @@ User can query for CSI-PowerScale driver using the following command:
    | Parameter | Description | Required | Default |
    | --------- | ----------- | -------- |-------- |
    | dnsPolicy | Determines the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet |
+   | fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" |
    | ***Common parameters for node and controller*** |
    | CSI_ENDPOINT | The UNIX socket address for handling gRPC calls | No | /var/run/csi/csi.sock |
    | X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION | Specifies whether SSL security needs to be enabled for communication between PowerScale and CSI Driver | No | true |

content/docs/csidriver/installation/operator/powerstore.md

@@ -30,7 +30,7 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c
         password: "password"                      # password for connecting to API
         skipCertificateValidation: true           # indicates if client side validation of (management)server's certificate can be skipped
         isDefault: true                           # treat current array as a default (would be used by storage classes without arrayID parameter)
-        blockProtocol: "auto"                     # what SCSI transport protocol use on node side (FC, ISCSI, None, or auto)
+        blockProtocol: "auto"                     # what SCSI transport protocol use on node side (FC, ISCSI, NVMeTCP, None, or auto)
         nasName: "nas-server"                     # what NAS should be used for NFS volumes
    ```
    Change the parameters with relevant values for your PowerStore array. 
@@ -62,11 +62,13 @@ Kubernetes Operators make it easy to deploy and manage the entire lifecycle of c
    | --------- | ----------- | -------- |-------- |
    | replicas | Controls the number of controller pods you deploy. If the number of controller pods is greater than the number of available nodes, the excess pods will be pending state till new nodes are available for scheduling. Default is 2 which allows for Controller high availability. | Yes | 2 |
    | namespace | Specifies namespace where the drive will be installed | Yes | "test-powerstore" |
+   | fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" |
    | ***Common parameters for node and controller*** |
    | X_CSI_POWERSTORE_NODE_NAME_PREFIX | Prefix to add to each node registered by the CSI driver | Yes | "csi-node" 
    | X_CSI_FC_PORTS_FILTER_FILE_PATH | To set path to the file which provides a list of WWPN which should be used by the driver for FC connection on this node | No | "/etc/fc-ports-filter" |
    | ***Controller parameters*** |
    | X_CSI_POWERSTORE_EXTERNAL_ACCESS | allows specifying additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries | No | " "|
+   | X_CSI_NFS_ACLS | Defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. | No | "0777" |
    | ***Node parameters*** |
    | X_CSI_POWERSTORE_ENABLE_CHAP | Set to true if you want to enable iSCSI CHAP feature | No | false | 
 6.  Execute the following command to create PowerStore custom resource:`kubectl create -f <input_sample_file.yaml>`. The above command will deploy the CSI-PowerStore driver.

content/docs/csidriver/installation/operator/unity.md

@@ -19,7 +19,7 @@ The following table lists driver configuration parameters for multiple storage a
 | password | Password for accessing Unity system  | true | - |
 | restGateway | REST API gateway HTTPS endpoint Unity system| true | - |
 | arrayId | ArrayID for Unity system | true | - |
-| isDefaultArray | An array having isDefaultArray=true is for backward compatibility. This parameter should occur once in the list. | false | false |
+| isDefaultArray | An array having isDefaultArray=true is for backward compatibility. This parameter should occur once in the list. | true | - |
 
 Ex: secret.yaml
 
@@ -118,7 +118,7 @@ data:
     CSI_LOG_LEVEL: "info"
     ALLOW_RWO_MULTIPOD_ACCESS: "false"
     MAX_UNITY_VOLUMES_PER_NODE: "0"
-    SYNC_NODE_INFO_TIME_INTERVAL: "0"
+    SYNC_NODE_INFO_TIME_INTERVAL: "15"
     TENANT_NAME: ""
 ```
 

content/docs/csidriver/installation/test/powermax.md

@@ -82,4 +82,92 @@ Application prefix is the name of the application that can be used to group the
   # Examples: APP, app, sanity, tests
   ApplicationPrefix: <application prefix>  
 ```
->Note: Supported length of storage group for PowerMax is 64 characters. Storage group name is of the format "csi-`clusterprefix`-`application prefix`-`SLO name`-`SRP name`-SG". Based on the other inputs like clusterprefix,SLO name and SRP name maximum length of the ApplicationPrefix can vary.
+>Note: Supported length of storage group for PowerMax is 64 characters. Storage group name is of the format "csi-`clusterprefix`-`application prefix`-`SLO name`-`SRP name`-SG". Based on the other inputs like clusterprefix,SLO name and SRP name maximum length of the ApplicationPrefix can vary.
+
+## Consuming existing volumes with static provisioning
+
+Use this procedure to consume existing volumes with static provisioning.
+
+1. Open your Unisphere for Powermax, and take a note of volume-id.
+2. Create PersistentVolume and use this volume-id as a volumeHandle in the manifest. Modify other parameters according to your needs.
+3. In the following example, storage class is assumed as 'powermax', cluster prefix as 'ABC' and volume's internal name as '00001', array ID as '000000000001', volume ID as '1abc23456'. The volume-handle should be in the format of `csi`-`clusterPrefix`-`volumeNamePrefix`-`id`-`arrayID`-`volumeID`.
+
+```yaml
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pvol
+  namespace: test  
+spec:
+  accessModes:
+  - ReadWriteOnce
+  capacity:
+    storage: 8Gi
+  csi:
+    driver: csi-powermax.dellemc.com
+    volumeHandle: csi-ABC-pmax-1abc23456-000000000001-00001
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: powermax
+  volumeMode: Filesystem
+```
+
+3. Create PersistentVolumeClaim to use this PersistentVolume.
+
+```yaml
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: pvc
+  namespace: test
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
+  storageClassName: powermax
+  volumeMode: Filesystem
+  volumeName: pvol         
+```
+
+4. Then use this PVC as a volume in a pod.
+
+```yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: powermaxtest
+  namespace: test
+---
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: powermaxtest
+  namespace: test
+spec:
+  selector:
+    matchLabels:
+     app: powermaxtest
+  serviceName: staticprovisioning
+  template:
+   metadata:
+    labels:
+     app: powermaxtest
+   spec:
+    serviceAccount: powermaxtest
+    containers:
+     - name: test 
+      image: docker.io/centos:latest
+      command: [ "/bin/sleep", "3600" ]
+      volumeMounts:
+       - mountPath: "/data"
+        name: pvc
+    volumes:
+     - name: pvc
+      persistentVolumeClaim:
+       claimName: pvc
+```
+
+5. After the pod becomes `Ready` and `Running`, you can start to use this pod and volume.
+
+>Note: CSI driver for PowerMax will create the necessary objects like Storage group, HostID and Masking View. They must not be created manually.