forked from enix/san-iscsi-csi
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for enabling CHAP at the storageclass level. CHAP secrets can be specified in a secrets object and are passed to NodePublishVolume
- Loading branch information
1 parent
9f2bcc0
commit f2a5d45
Showing
5 changed files
with
73 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: seagate-exos-x-csi-secrets | ||
namespace: default | ||
type: Opaque | ||
data: | ||
apiAddress: aHR0cDovLzxpcGFkZHJlc3M+ # base64 encoded api address 'http://<ipaddress>' | ||
username: dXNlcm5hbWU= # base64 encoded 'username' | ||
password: cGFzc3dvcmQ= # base64 encoded 'password' | ||
CHAPusername: ZXhhbXBsZVVzZXJuYW1l # base64 'exampleUsername'. The CHAP username | ||
CHAPpassword: ZXhhbXBsZXNlY3JldA== # base64 'examplesecret'. The secret that the recipient uses to authenticate the originator. The secret is case sensitive and can include from 12 to 16 bytes. The value can include spaces and printable UTF-8 characters except: " < | ||
CHAPusernameIn: aXFuLjE5OTItMDkuY29tLmV4YW1wbGU6MDEuYXJyYXkuMDAxMjM0YQ== # base64 'iqn.1992-09.com.example:01.array.001234a'. The target name, typically in IQN format. This value is optional, used for Mutual CHAP. | ||
CHAPpasswordIn: bXV0dWFsc2VjcmV0 # base64 encoded 'mutualsecret'. The secret is case sensitive, can include from 12 to 16 bytes, and must differ from the originator secret. This value is optional, used for Mutual CHAP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
apiVersion: storage.k8s.io/v1 | ||
kind: StorageClass | ||
provisioner: csi-exos-x.seagate.com # Check pkg/driver.go, Required for the plugin to recognize this storage class as handled by itself. | ||
volumeBindingMode: WaitForFirstConsumer # Prefer this value to avoid unschedulable pods (https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode) | ||
allowVolumeExpansion: true | ||
metadata: | ||
name: systems-storageclass # Choose the name that fits the best with your StorageClass. | ||
parameters: | ||
# Secrets name and namespace, they can be the same for provisioner, controller-publish and controller-expand sections. node-publish secrets are for CHAP authentication | ||
csi.storage.k8s.io/provisioner-secret-name: seagate-exos-x-csi-secrets | ||
csi.storage.k8s.io/provisioner-secret-namespace: default | ||
csi.storage.k8s.io/controller-publish-secret-name: seagate-exos-x-csi-secrets | ||
csi.storage.k8s.io/controller-publish-secret-namespace: default | ||
csi.storage.k8s.io/controller-expand-secret-name: seagate-exos-x-csi-secrets | ||
csi.storage.k8s.io/controller-expand-secret-namespace: default | ||
csi.storage.k8s.io/node-publish-secret-name: seagate-exos-x-csi-secrets # Secrets for CHAP authentication | ||
csi.storage.k8s.io/node-publish-secret-namespace: default # If you are not using CHAP authentication, these lines may be omitted. | ||
csi.storage.k8s.io/fstype: ext4 # Desired filesystem | ||
pool: A # Pool to use on the IQN to provision volumes | ||
volPrefix: csi # Desired prefix for volume naming. 3 chars max; an underscore will be appended. | ||
storageProtocol: iscsi # The storage interface (iscsi, fc, sas) being used for storage i/o |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters