Skip to content

Latest commit

 

History

History
82 lines (56 loc) · 5.4 KB

README.md

File metadata and controls

82 lines (56 loc) · 5.4 KB

Dell Container Storage Modules (CSM) for Authorization

Contributor Covenant License Docker Pulls Go version GitHub release (latest by date including pre-releases)

CSM for Authorization is part of the CSM (Container Storage Modules) open-source suite of Kubernetes storage enablers for Dell products. CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell CSI Drivers. It does this by deploying a proxy between the CSI driver and the storage system to enforce role-based access and usage rules.

Storage administrators of compatible storage platforms will be able to apply quota and RBAC rules that instantly and automatically restrict cluster tenants usage of storage resources. Users of storage through CSM for Authorization do not need to have storage admin root credentials to access the storage system.

For documentation, please visit Container Storage Modules documentation.

Table of Contents

Building CSM for Authorization

If you wish to clone and build CSM for Authorization, a Linux host is required with the following installed:

Component Version Additional Information
Docker v19+ Docker installation
Golang v1.16 Golang installation
git latest Git installation
kubectl 1.17-1.19 Ensure you copy the kubeconfig file from the Kubernetes cluster to the linux host. kubectl installation
Helm v.3.3.0 Helm installation

Once all prerequisites are on the Linux host, follow the steps below to clone, build and deploy CSM for Authorization:

  1. Clone the repository: git clone https://github.com/dell/karavi-authorization.git
  2. In the karavi-authorization directory, run the following to build and deploy: make build docker dist deploy

Testing CSM for Authorization

From the root directory where the repo was cloned, the unit tests can be executed as follows:

make test

This will also provide code coverage statistics for the various Go packages.

Test setup

To test the setup, follow the steps below:

  • Create a StorageClass
  • Create a PVC request from the StorageClass with any storage capacity less than the RoleQuota you specified during configuration
  • Request a Pod to consume the PVC created above. If everything is well configured, the PVC will be bound to storage and the volume will be created on the storage system.

You can also test failure cases, by repeating the above steps but specify a quota larger than RoleQuota you specified. Conversely, when you request a Pod to use PVC, you'll get the request is denied as PVC exceeds capacity and PV will be in a pending state.

Versioning

This project is adhering to Semantic Versioning.

About

Dell Container Storage Modules (CSM) is 100% open source and community-driven. All components are available under Apache 2 License on GitHub.