Skip to content

Commit

Permalink
enable authorization for csm observability powerscale (#135)
Browse files Browse the repository at this point in the history
  • Loading branch information
taohe1012 authored Aug 12, 2022
1 parent 0cf6a65 commit 481a746
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ spec:
env:
- name: PROXY_HOST
value: "{{ .Values.karaviMetricsPowerflex.authorization.proxyHost }}"
- name: INSECURE
- name: SKIP_CERTIFICATE_VALIDATION
value: "{{ .Values.karaviMetricsPowerflex.authorization.skipCertificateValidation }}"
- name: PLUGIN_IDENTIFIER
value: powerflex
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ metadata:
labels:
app.kubernetes.io/name: karavi-metrics-powerscale
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if hasKey .Values "karaviMetricsPowerscale.authorization" }}
{{- if eq .Values.karaviMetricsPowerscale.authorization.enabled true }}
annotations:
com.dell.karavi-authorization-proxy: "true"
{{ end }}
{{ end }}
spec:
selector:
matchLabels:
Expand Down Expand Up @@ -61,6 +67,37 @@ spec:
readOnly: true
- name: karavi-metrics-powerscale-configmap
mountPath: /etc/config
{{- if hasKey .Values.karaviMetricsPowerscale "authorization" }}
{{- if eq .Values.karaviMetricsPowerscale.authorization.enabled true }}
- name: karavi-authorization-proxy
imagePullPolicy: IfNotPresent
image: {{ required "Must provide the authorization sidecar container image." .Values.karaviMetricsPowerscale.authorization.sidecarProxyImage }}
env:
- name: PROXY_HOST
value: "{{ .Values.karaviMetricsPowerscale.authorization.proxyHost }}"
- name: SKIP_CERTIFICATE_VALIDATION
value: "{{ .Values.karaviMetricsPowerscale.authorization.skipCertificateValidation }}"
- name: PLUGIN_IDENTIFIER
value: powerscale
- name: ACCESS_TOKEN
valueFrom:
secretKeyRef:
name: isilon-proxy-authz-tokens
key: access
- name: REFRESH_TOKEN
valueFrom:
secretKeyRef:
name: isilon-proxy-authz-tokens
key: refresh
volumeMounts:
- name: karavi-authorization-config
mountPath: /etc/karavi-authorization/config
- name: proxy-server-root-certificate
mountPath: /etc/karavi-authorization/root-certificates
- name: isilon-config-params
mountPath: /etc/karavi-authorization
{{ end }}
{{ end }}
volumes:
- name: isilon-creds
secret:
Expand All @@ -74,6 +111,19 @@ spec:
- name: karavi-metrics-powerscale-configmap
configMap:
name: karavi-metrics-powerscale-configmap
{{- if hasKey .Values.karaviMetricsPowerscale "authorization" }}
{{- if eq .Values.karaviMetricsPowerscale.authorization.enabled true }}
- name: karavi-authorization-config
secret:
secretName: isilon-karavi-authorization-config
- name: proxy-server-root-certificate
secret:
secretName: isilon-proxy-server-root-certificate
- name: isilon-config-params
configMap:
name: isilon-config-params
{{ end }}
{{ end }}
restartPolicy: Always
status: {}

Expand Down
14 changes: 14 additions & 0 deletions charts/karavi-observability/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,20 @@ karaviMetricsPowerscale:
# set isiLogVerbose to 0/1/2 decide High/Medium/Low content of the OneFS REST API message should be logged in debug level logs
# default isiLogVerbose: 0 to log full content of the HTTP request and response
isiLogVerbose: 0
authorization:
enabled: false
# sidecarProxyImage: the container image used for the csm-authorization-sidecar.
# Default value: dellemc/csm-authorization-sidecar:v1.3.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.3.0
# proxyHost: hostname of the csm-authorization server
# Default value: None
proxyHost:
# skipCertificateValidation: certificate validation of the csm-authorization server
# Allowed Values:
# "true" - TLS certificate verification will be skipped
# "false" - TLS certificate will be verified
# Default value: "true"
skipCertificateValidation: true

otelCollector:
image: otel/opentelemetry-collector:0.42.0
Expand Down

0 comments on commit 481a746

Please sign in to comment.