diff --git a/content/docs/csidriver/features/powerstore.md b/content/docs/csidriver/features/powerstore.md index 291499bb25..96cc564bcc 100644 --- a/content/docs/csidriver/features/powerstore.md +++ b/content/docs/csidriver/features/powerstore.md @@ -576,6 +576,32 @@ parameters: > The 1.4 version and later of the driver also enables any container user, to have full access to provisioned NFS volume, in earlier versions only `root` user had access + +## POSIX and NFSv4 ACLs + +CSI PowerStore driver version 2.2.0 and later allows users to set user-defined permissions on NFS target mount directory using POSIX mode bits or NFSv4 ACLs. + +NFSv4 ACLs are supported for NFSv4 shares on NFSv4 enabled NAS servers only. Please ensure the order when providing the NFSv4 ACLs. + +To use this feature, provide permissions in `nfsAcls` parameter in values.yaml, secrets or NFS storage class. + +For example: + +1. POSIX mode bits + +```yaml +nfsAcls: "0755" +``` + +2. NFSv4 ACLs + +```yaml +nfsAcls: "A::OWNER@:rwatTnNcCy,A::GROUP@:rxtncy,A::EVERYONE@:rxtncy,A::user@domain.com:rxtncy" +``` + +If no values are specified, default value of "0777" is set. + + ## Dynamic Logging Configuration This feature is introduced in CSI Driver for PowerStore version 2.0.0. diff --git a/content/docs/csidriver/installation/helm/powerstore.md b/content/docs/csidriver/installation/helm/powerstore.md index e60827d549..40283a5942 100644 --- a/content/docs/csidriver/installation/helm/powerstore.md +++ b/content/docs/csidriver/installation/helm/powerstore.md @@ -141,8 +141,8 @@ CRDs should be configured during replication prepare stage with repctl as descri - *isDefault*: defines if we should treat the current array as a default. - *blockProtocol*: defines what SCSI transport protocol we should use (FC, ISCSI, None, or auto). - *nasName*: defines what NAS should be used for NFS volumes. - - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. - NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only. + - *nfsAcls* (Optional): defines permissions - POSIX or NFSv4 ACLs, to be set on NFS target mount directory. + NFSv4 ACls are supported for NFSv4 shares on NFSv4 enabled NAS servers only . Add more blocks similar to above for each PowerStore array if necessary. 5. Create storage classes using ones from `samples/storageclass` folder as an example and apply them to the Kubernetes cluster by running `kubectl create -f `