From ac5ada72741f89a2ca77a07b72482f911f81d83b Mon Sep 17 00:00:00 2001 From: Aaron Tye Date: Wed, 13 Nov 2024 21:33:54 +0000 Subject: [PATCH] add sample --- .../csm-config-params_v1_configmap.yaml | 10 ++ .../storage_v1_csm_authorization_v2.yaml | 114 ++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 bundle/manifests/csm-config-params_v1_configmap.yaml create mode 100644 config/samples/storage_v1_csm_authorization_v2.yaml diff --git a/bundle/manifests/csm-config-params_v1_configmap.yaml b/bundle/manifests/csm-config-params_v1_configmap.yaml new file mode 100644 index 000000000..21fd3f3f3 --- /dev/null +++ b/bundle/manifests/csm-config-params_v1_configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + CONCURRENT_POWERSCALE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m +kind: ConfigMap +metadata: + name: csm-config-params diff --git a/config/samples/storage_v1_csm_authorization_v2.yaml b/config/samples/storage_v1_csm_authorization_v2.yaml new file mode 100644 index 000000000..2d0ec9289 --- /dev/null +++ b/config/samples/storage_v1_csm_authorization_v2.yaml @@ -0,0 +1,114 @@ +apiVersion: storage.dell.com/v1 +kind: ContainerStorageModule +metadata: + name: authorization + namespace: authorization +spec: + modules: + # Authorization: enable csm-authorization proxy server for RBAC + - name: authorization-proxy-server + # enable: Enable/Disable csm-authorization + enabled: true + configVersion: v2.0.0 + forceRemoveModule: true + components: + # For Kubernetes Container Platform only + # enabled: Enable/Disable NGINX Ingress Controller + # Allowed values: + # true: enable deployment of NGINX Ingress Controller + # false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section + # Default value: true + - name: nginx + enabled: true + # enabled: Enable/Disable cert-manager + # Allowed values: + # true: enable deployment of cert-manager + # false: disable deployment of cert-manager only if it's already deployed + # Default value: true + - name: cert-manager + enabled: true + - name: proxy-server + # enable: Enable/Disable csm-authorization proxy server + enabled: true + proxyService: quay.io/dell/container-storage-modules/csm-authorization-proxy:v2.0.0 + proxyServiceReplicas: 1 + tenantService: quay.io/dell/container-storage-modules/csm-authorization-tenant:v2.0.0 + tenantServiceReplicas: 1 + roleService: quay.io/dell/container-storage-modules/csm-authorization-role:v2.0.0 + roleServiceReplicas: 1 + storageService: quay.io/dell/container-storage-modules/csm-authorization-storage:v2.0.0 + storageServiceReplicas: 1 + opa: docker.io/openpolicyagent/opa:latest + opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt:8.5.7 + authorizationController: quay.io/dell/container-storage-modules/csm-authorization-controller:v2.0.0 + authorizationControllerReplicas: 1 + leaderElection: true + # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis. + controllerReconcileInterval: 5m + # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" + # proxy-server ingress will use this hostname + # NOTE: an additional hostname can be configured in proxyServerIngress.hosts + # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required + hostname: "csm-authorization.com" + # proxy-server ingress configuration + proxyServerIngress: + - ingressClassName: nginx + # additional host rules for the proxy-server ingress + hosts: [] + # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local + + # additional annotations for the proxy-server ingress + annotations: {} + # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC + openTelemetryCollectorAddress: "" + - name: redis + redis: docker.io/redis:7.4.0-alpine + commander: docker.io/rediscommander/redis-commander:latest + redisName: redis-csm + redisCommander: rediscommander + sentinel: sentinel + redisReplicas: 5 + - name: vault + vaultConfigurations: + - identifier: vault0 + address: https://10.0.0.1:8400 + role: csm-authorization + skipCertificateValidation: true + # clientCertificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientCertificate: "" + # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + clientKey: "" + # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificateAuthority: "" +# - identifier: vault0 +# address: https://10.0.0.1:8400 +# role: csm-authorization +# skipCertificateValidation: true +# clientCertificate: +# clientKey: +# certificateAuthority: +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: csm-config-params + namespace: authorization +data: + csm-config-params.yaml: |- + CONCURRENT_POWERFLEX_REQUESTS: 10 + CONCURRENT_POWERSCALE_REQUESTS: 10 + LOG_LEVEL: debug + STORAGE_CAPACITY_POLL_INTERVAL: 5m