From a79a753b4ba8dbf8ad22b666da544663676b754b Mon Sep 17 00:00:00 2001 From: Fernando Alfaro Campos Date: Mon, 20 Jan 2025 11:35:28 -0500 Subject: [PATCH 1/5] Add PowerMax Mount Credentials for installation with Operator --- content/docs/csidriver/features/powermax.md | 23 ++++ .../csmoperator/drivers/powermax.md | 100 ++++++------------ layouts/shortcodes/message.html | 2 + 3 files changed, 60 insertions(+), 65 deletions(-) diff --git a/content/docs/csidriver/features/powermax.md b/content/docs/csidriver/features/powermax.md index 46dd48103f..edd3afb3a9 100644 --- a/content/docs/csidriver/features/powermax.md +++ b/content/docs/csidriver/features/powermax.md @@ -678,3 +678,26 @@ These are the CSM modules not supported with NVMeTCP protocol: - CSM Observability - CSM Application Mobility - Metro Replication + +## Mount Credentials Support + +The CSI Driver for Dell PowerMax supports Mount Credentials from v2.14.0 and the configMap will be deprecated. In previous versions of the PowerMax Reverse Proxy, in order to configure it, a config map needed to be created and the credentials for the arrays would be stored in secrets which the config map would reference. To simplify this solution, a mountable secret can be used which contains the array information and credentials all in one location. +```yaml +storageArrays: + - storageArrayId: "000000000001" + primaryEndpoint: https://primary-1.unisphe.re:8443 + backupEndpoint: https://backup-1.unisphe.re:8443 +managementServers: + - endpoint: https://primary-1.unisphe.re:8443 + username: admin + password: password + skipCertificateValidation: true + - endpoint: https://backup-1.unisphe.re:8443 + username: admin2 + password: password2 + skipCertificateValidation: false +``` + +This approach is supported in both `helm` and `operator` installation for PowerMax. Both installation will automatically mount the secret to be used by the PowerMax driver/node and the Reverse Proxy. + +**Note:** The config map approach is being deprecated but to adhere to backwards compatibility, one can still configure and use the PowerMax driver with the config map. diff --git a/content/docs/deployment/csmoperator/drivers/powermax.md b/content/docs/deployment/csmoperator/drivers/powermax.md index da746d1e1e..e4b29e61fa 100644 --- a/content/docs/deployment/csmoperator/drivers/powermax.md +++ b/content/docs/deployment/csmoperator/drivers/powermax.md @@ -5,7 +5,9 @@ description: > Installing the CSI Driver for Dell PowerMax via Dell CSM Operator --- {{% pageinfo color="primary" %}} -{{< message text="1" >}} +1. {{< message text="1" >}} + +2. {{< message text="11" >}} {{% /pageinfo %}} The CSI Driver for Dell PowerMax can be installed via the Dell CSM Operator. To deploy the Operator, follow the instructions available [here](../../#installation). @@ -367,73 +369,40 @@ Create a secret named powermax-certs in the namespace where the CSI PowerMax dri ### Install Driver -1. Create namespace: - Run `kubectl create namespace ` using the desired name to create the namespace. -2. Create PowerMax credentials: - Create a file called powermax-creds.yaml with the following content: - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: powermax-creds - # Replace driver-namespace with the namespace where driver is being deployed - namespace: - type: Opaque - data: - # set username to the base64 encoded username - username: - # set password to the base64 encoded password - password: - # Uncomment the following key if you wish to use ISCSI CHAP authentication (v1.3.0 onwards) - # chapsecret: - ``` - Replace the values for the username and password parameters. These values can be obtained using base64 encoding as described in the following example: +1. Create a namespace in which the driver will be installed. ```bash - echo -n "myusername" | base64 - echo -n "mypassword" | base64 - # If mychapsecret is the iSCSI CHAP secret - echo -n "mychapsecret" | base64 + kubectl create namespace ``` - Run the `kubectl create -f powermax-creds.yaml` command to create the secret. -3. Create a configmap using sample [here](https://github.com/dell/csm-operator/tree/master/samples/csireverseproxy). Fill in the appropriate values for driver configuration. - Example: config.yaml - ```yaml - port: 2222 # Port on which reverseproxy will listen - logLevel: debug - logFormat: text - config: - storageArrays: - - storageArrayId: "000000000001" # arrayID - primaryURL: https://primary-1.unisphe.re:8443 # primary unisphere for arrayID - backupURL: https://backup-1.unisphe.re:8443 # backup unisphere for arrayID - proxyCredentialSecrets: - - primary-unisphere-secret-1 # credential secret for primary unisphere, e.g., powermax-creds - - backup-unisphere-secret-1 # credential secret for backup unisphere, e.g., powermax-creds - - storageArrayId: "000000000002" - primaryURL: https://primary-2.unisphe.re:8443 - backupURL: https://backup-2.unisphe.re:8443 - proxyCredentialSecrets: - - primary-unisphere-secret-2 - - backup-unisphere-secret-2 - managementServers: - - url: https://primary-1.unisphe.re:8443 # primary unisphere endpoint - arrayCredentialSecret: primary-unisphere-secret-1 # primary credential secret e.g., powermax-creds - skipCertificateValidation: true - - url: https://backup-1.unisphe.re:8443 # backup unisphere endpoint - arrayCredentialSecret: backup-unisphere-secret-1 # backup credential secret e.g., powermax-creds - skipCertificateValidation: false # value false, to verify unisphere certificate and provide certSecret - certSecret: primary-certs # unisphere verification certificate - - url: https://primary-2.unisphe.re:8443 - arrayCredentialSecret: primary-unisphere-secret-2 - skipCertificateValidation: true - - url: https://backup-2.unisphe.re:8443 - arrayCredentialSecret: backup-unisphere-secret-2 - skipCertificateValidation: false - certSecret: primary-certs - ``` - After editing the file, run this command to create a secret called `powermax-reverseproxy-config`. If you are using a different namespace/secret name, just substitute those into the command. +2. Create the `powermax-reverseproxy-secret` secret. + + - *storageArrays*: A list of storage arrays and their associated details. + - *storageArrayId*: A unique PowerMax Symmetrix ID. + - *primaryEndpoint*: The URL of the Unisphere server managing this storage array. + - *backupEndpoint*: The URL of the backup Unisphere server managing this storage array; utilized if the primary server is unreachable. + - *managementServers*: A list of Unisphere management server endpoints and resources used to make connections with those servers. + - *endpoint*: The URL of the Unisphere server (primary or backup). This should match one of the URLs listed under `storageArrays`. + - *username*: The username to be used when connecting to the `endpoint`. + - *password*: The password to be used when connecting to the `endpoint`. + - *skipCertificateValidation*: Set to `false` to perform client-side TLS certificate verification for the Unisphere instance, `true` to skip verification. + + ```yaml + storageArrays: + - storageArrayId: "000000000001" + primaryEndpoint: https://primary-1.unisphe.re:8443 + backupEndpoint: https://backup-1.unisphe.re:8443 + managementServers: + - endpoint: https://primary-1.unisphe.re:8443 + username: admin + password: password + skipCertificateValidation: true + - endpoint: https://backup-1.unisphe.re:8443 + username: admin2 + password: password2 + skipCertificateValidation: false + ``` + After editing the file, run this command to create a secret called `powermax-reverseproxy-config`. If you are using a different namespace/secret name, just substitute those into the command. ```bash - kubectl create configmap powermax-reverseproxy-config --from-file config.yaml -n powermax + kubectl create secret generic powermax-reverseproxy-secret --namespace powermax --from-file=config=samples/secret/secret.yaml ``` 4. Create a configmap using the sample file [here](https://github.com/dell/csi-powermax/blob/main/samples/configmap/powermax-array-config.yaml). Fill in the appropriate values for driver configuration. ```yaml @@ -510,6 +479,7 @@ Example: | X_CSI_VSPHERE_PORTGROUP | Existing portGroup that driver will use for vSphere | Yes | "" | | X_CSI_VSPHERE_HOSTNAME | Existing host(initiator group)/host group(cascaded initiator group) that driver will use for vSphere | Yes | "" | | X_CSI_VCenter_HOST | URL/endpoint of the vCenter where all the ESX are present | Yes | "" | + | X_CSI_REVPROXY_USE_SECRET | Define whether or not to use the new secret format for the PowerMax and the Reverse Proxy. The secret used will be whatever secret is defined in the `authSecret`. **Note:** If this paramter remains `false`, PowerMax and the reverse proxy will use the configMap approach. | Yes | "false" | | ***Node parameters*** | | | | | X_CSI_POWERMAX_ISCSI_ENABLE_CHAP | Enable ISCSI CHAP authentication. For more details on this feature see the related [documentation](../../../../csidriver/features/powermax/#iscsi-chap) | No | false | | X_CSI_TOPOLOGY_CONTROL_ENABLED | Enable/Disabe topology control. It filters out arrays, associated transport protocol available to each node and creates topology keys based on any such user input. | No | false | diff --git a/layouts/shortcodes/message.html b/layouts/shortcodes/message.html index 7f91233736..72bcc38643 100644 --- a/layouts/shortcodes/message.html +++ b/layouts/shortcodes/message.html @@ -18,6 +18,8 @@ We are thrilled to announce the launch of our brand-new Documentation Portal! {{ else if eq (.Get "text") "10" }} Application Mobility will be part of the Container Storage Modules open-source suite in an upcoming release. +{{ else if eq (.Get "text") "11" }} +Starting with CSM 1.14, CSI PowerMax Reverse Proxy Config Map will be deprecated and will be officially discontinued by CSM 1.16. Please switch to using the CSI PowerMax Mount Credentials. Installation instrucation are stated for both Helm and Operator. {{else}}

Default text if no valid parameter is passed.

{{ end }} From d1b0876204306059298fb8700b68d1007fe82120 Mon Sep 17 00:00:00 2001 From: Fernando Alfaro Campos Date: Wed, 22 Jan 2025 20:14:17 +0000 Subject: [PATCH 2/5] Address pull request comments --- content/docs/csidriver/features/powermax.md | 6 +++--- .../deployment/csmoperator/drivers/powermax.md | 14 +++++++------- layouts/shortcodes/message.html | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/content/docs/csidriver/features/powermax.md b/content/docs/csidriver/features/powermax.md index edd3afb3a9..13a2d1493c 100644 --- a/content/docs/csidriver/features/powermax.md +++ b/content/docs/csidriver/features/powermax.md @@ -681,7 +681,7 @@ These are the CSM modules not supported with NVMeTCP protocol: ## Mount Credentials Support -The CSI Driver for Dell PowerMax supports Mount Credentials from v2.14.0 and the configMap will be deprecated. In previous versions of the PowerMax Reverse Proxy, in order to configure it, a config map needed to be created and the credentials for the arrays would be stored in secrets which the config map would reference. To simplify this solution, a mountable secret can be used which contains the array information and credentials all in one location. +From version 2.14.0, the CSI Driver for Dell PowerMax supports Mount Credentials, making the configMap obsolete. In earlier versions of the PowerMax Reverse Proxy, configuring it required creating a config map that referenced credentials stored in secrets. Now, a single mountable secret can be used to store both array information and credentials, simplifying the setup. ```yaml storageArrays: - storageArrayId: "000000000001" @@ -698,6 +698,6 @@ managementServers: skipCertificateValidation: false ``` -This approach is supported in both `helm` and `operator` installation for PowerMax. Both installation will automatically mount the secret to be used by the PowerMax driver/node and the Reverse Proxy. +This method works with both `helm` and `operator` installations for PowerMax, automatically mounting the secret for use by the PowerMax driver/node and the Reverse Proxy. -**Note:** The config map approach is being deprecated but to adhere to backwards compatibility, one can still configure and use the PowerMax driver with the config map. +**Note:** The config map approach is being phased out. However, for backwards compatibility, you can still configure and use the PowerMax driver with the config map. diff --git a/content/docs/deployment/csmoperator/drivers/powermax.md b/content/docs/deployment/csmoperator/drivers/powermax.md index e4b29e61fa..6cdf72b753 100644 --- a/content/docs/deployment/csmoperator/drivers/powermax.md +++ b/content/docs/deployment/csmoperator/drivers/powermax.md @@ -5,9 +5,9 @@ description: > Installing the CSI Driver for Dell PowerMax via Dell CSM Operator --- {{% pageinfo color="primary" %}} -1. {{< message text="1" >}} +1. {{< message text="11" >}} -2. {{< message text="11" >}} +2. {{< message text="1" >}} {{% /pageinfo %}} The CSI Driver for Dell PowerMax can be installed via the Dell CSM Operator. To deploy the Operator, follow the instructions available [here](../../#installation). @@ -371,9 +371,9 @@ Create a secret named powermax-certs in the namespace where the CSI PowerMax dri 1. Create a namespace in which the driver will be installed. ```bash - kubectl create namespace + kubectl create namespace powermax ``` -2. Create the `powermax-reverseproxy-secret` secret. +2. Create the `powermax-creds` secret. - *storageArrays*: A list of storage arrays and their associated details. - *storageArrayId*: A unique PowerMax Symmetrix ID. @@ -400,9 +400,9 @@ Create a secret named powermax-certs in the namespace where the CSI PowerMax dri password: password2 skipCertificateValidation: false ``` - After editing the file, run this command to create a secret called `powermax-reverseproxy-config`. If you are using a different namespace/secret name, just substitute those into the command. + After editing the file, run this command to create a secret called `powermax-creds`. If you are using a different namespace/secret name, just substitute those into the command. ```bash - kubectl create secret generic powermax-reverseproxy-secret --namespace powermax --from-file=config=samples/secret/secret.yaml + kubectl create secret generic powermax-creds --namespace powermax --from-file=config=samples/secret/secret.yaml ``` 4. Create a configmap using the sample file [here](https://github.com/dell/csi-powermax/blob/main/samples/configmap/powermax-array-config.yaml). Fill in the appropriate values for driver configuration. ```yaml @@ -479,7 +479,7 @@ Example: | X_CSI_VSPHERE_PORTGROUP | Existing portGroup that driver will use for vSphere | Yes | "" | | X_CSI_VSPHERE_HOSTNAME | Existing host(initiator group)/host group(cascaded initiator group) that driver will use for vSphere | Yes | "" | | X_CSI_VCenter_HOST | URL/endpoint of the vCenter where all the ESX are present | Yes | "" | - | X_CSI_REVPROXY_USE_SECRET | Define whether or not to use the new secret format for the PowerMax and the Reverse Proxy. The secret used will be whatever secret is defined in the `authSecret`. **Note:** If this paramter remains `false`, PowerMax and the reverse proxy will use the configMap approach. | Yes | "false" | + | X_CSI_REVPROXY_USE_SECRET | Define whether or not to use the new secret format for the PowerMax and the Reverse Proxy. The secret format will be determined by the contents of the secret specified in the `authSecret`. **Note:** If this paramter remains `false`, PowerMax and the reverse proxy will use the configMap approach. | Yes | "false" | | ***Node parameters*** | | | | | X_CSI_POWERMAX_ISCSI_ENABLE_CHAP | Enable ISCSI CHAP authentication. For more details on this feature see the related [documentation](../../../../csidriver/features/powermax/#iscsi-chap) | No | false | | X_CSI_TOPOLOGY_CONTROL_ENABLED | Enable/Disabe topology control. It filters out arrays, associated transport protocol available to each node and creates topology keys based on any such user input. | No | false | diff --git a/layouts/shortcodes/message.html b/layouts/shortcodes/message.html index 72bcc38643..d6d227c9ab 100644 --- a/layouts/shortcodes/message.html +++ b/layouts/shortcodes/message.html @@ -19,7 +19,7 @@ {{ else if eq (.Get "text") "10" }} Application Mobility will be part of the Container Storage Modules open-source suite in an upcoming release. {{ else if eq (.Get "text") "11" }} -Starting with CSM 1.14, CSI PowerMax Reverse Proxy Config Map will be deprecated and will be officially discontinued by CSM 1.16. Please switch to using the CSI PowerMax Mount Credentials. Installation instrucation are stated for both Helm and Operator. +The CSI PowerMax Reverse Proxy Config Map will no longer be supported as of May 30, 2025 and completely deprecated by January 31, 2026. Please switch to using the CSI PowerMax Mount Credentials before these dates to prevent any potential disruptions. Migration steps are available for both Helm and Operator. {{else}}

Default text if no valid parameter is passed.

{{ end }} From 919fa9e750825a263e9d60bde25b12838be715fe Mon Sep 17 00:00:00 2001 From: Fernando Alfaro Campos Date: Fri, 24 Jan 2025 16:56:51 +0000 Subject: [PATCH 3/5] Add deprecation banner to helm installation for Powermax --- content/docs/deployment/helm/drivers/installation/powermax.md | 4 +++- layouts/shortcodes/message.html | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/content/docs/deployment/helm/drivers/installation/powermax.md b/content/docs/deployment/helm/drivers/installation/powermax.md index 3d8d5be578..5c2a6f26f6 100644 --- a/content/docs/deployment/helm/drivers/installation/powermax.md +++ b/content/docs/deployment/helm/drivers/installation/powermax.md @@ -5,7 +5,9 @@ description: > Installing the CSI Driver for Dell PowerMax via Helm --- {{% pageinfo color="primary" %}} -{{< message text="1" >}} +1. {{< message text="11" >}} + +2. {{< message text="1" >}} {{% /pageinfo %}} The CSI Driver for Dell PowerMax can be deployed by using the provided Helm v3 charts and installation scripts on both Kubernetes and OpenShift platforms. For more detailed information on the installation scripts, see the script [documentation](https://github.com/dell/csi-powermax/tree/master/dell-csi-helm-installer). diff --git a/layouts/shortcodes/message.html b/layouts/shortcodes/message.html index d6d227c9ab..4de69d7b60 100644 --- a/layouts/shortcodes/message.html +++ b/layouts/shortcodes/message.html @@ -19,7 +19,7 @@ {{ else if eq (.Get "text") "10" }} Application Mobility will be part of the Container Storage Modules open-source suite in an upcoming release. {{ else if eq (.Get "text") "11" }} -The CSI PowerMax Reverse Proxy Config Map will no longer be supported as of May 30, 2025 and completely deprecated by January 31, 2026. Please switch to using the CSI PowerMax Mount Credentials before these dates to prevent any potential disruptions. Migration steps are available for both Helm and Operator. +The CSI PowerMax Reverse Proxy Config Map will no longer be supported as of May 30, 2025 and completely deprecated by January 31, 2026. Please switch to using the CSI PowerMax Mount Credentials before these dates to prevent any potential disruptions. Migration steps are available for both Helm and Operator. {{else}}

Default text if no valid parameter is passed.

{{ end }} From c55de1e7e5376e5726f47cc1a7a1a58e461a68a7 Mon Sep 17 00:00:00 2001 From: Fernando Alfaro Campos Date: Fri, 24 Jan 2025 17:10:44 +0000 Subject: [PATCH 4/5] Fix link path --- layouts/shortcodes/message.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layouts/shortcodes/message.html b/layouts/shortcodes/message.html index 4de69d7b60..c1dd96d0f4 100644 --- a/layouts/shortcodes/message.html +++ b/layouts/shortcodes/message.html @@ -19,7 +19,7 @@ {{ else if eq (.Get "text") "10" }} Application Mobility will be part of the Container Storage Modules open-source suite in an upcoming release. {{ else if eq (.Get "text") "11" }} -The CSI PowerMax Reverse Proxy Config Map will no longer be supported as of May 30, 2025 and completely deprecated by January 31, 2026. Please switch to using the CSI PowerMax Mount Credentials before these dates to prevent any potential disruptions. Migration steps are available for both Helm and Operator. +The CSI PowerMax Reverse Proxy Config Map will no longer be supported as of May 30, 2025 and completely deprecated by January 31, 2026. Please switch to using the CSI PowerMax Mount Credentials before these dates to prevent any potential disruptions. Migration steps are available for both Helm and Operator. {{else}}

Default text if no valid parameter is passed.

{{ end }} From 67675c98df60a9d981dfa05fe45b9a9d966247c0 Mon Sep 17 00:00:00 2001 From: Fernando Alfaro Campos Date: Fri, 24 Jan 2025 21:03:01 +0000 Subject: [PATCH 5/5] Add certSecret for mount credentials --- content/docs/csidriver/features/powermax.md | 1 + content/docs/deployment/csmoperator/drivers/powermax.md | 1 + 2 files changed, 2 insertions(+) diff --git a/content/docs/csidriver/features/powermax.md b/content/docs/csidriver/features/powermax.md index 13a2d1493c..6b4d23028e 100644 --- a/content/docs/csidriver/features/powermax.md +++ b/content/docs/csidriver/features/powermax.md @@ -696,6 +696,7 @@ managementServers: username: admin2 password: password2 skipCertificateValidation: false + certSecret: primary-cert ``` This method works with both `helm` and `operator` installations for PowerMax, automatically mounting the secret for use by the PowerMax driver/node and the Reverse Proxy. diff --git a/content/docs/deployment/csmoperator/drivers/powermax.md b/content/docs/deployment/csmoperator/drivers/powermax.md index 6cdf72b753..b2e39505f7 100644 --- a/content/docs/deployment/csmoperator/drivers/powermax.md +++ b/content/docs/deployment/csmoperator/drivers/powermax.md @@ -399,6 +399,7 @@ Create a secret named powermax-certs in the namespace where the CSI PowerMax dri username: admin2 password: password2 skipCertificateValidation: false + certSecret: primary-cert ``` After editing the file, run this command to create a secret called `powermax-creds`. If you are using a different namespace/secret name, just substitute those into the command. ```bash