Authorization v1.x

Installing Authorization via Container Storage Module Operator
  1. Starting with Container Storage Module 1.12, all deployments will use images from quay.io by default. New release images will be available on Docker Hub until CSM 1.14 (May 2025), and existing releases will remain on Docker Hub.

  2. Starting with CSM 1.13, Authorization v1.x will be deprecated and will be officially discontinued by CSM 1.15 in September 2025. Please switch to Authorization v2.0 before then to avoid any issues. Migration steps are available here.

Install CSM Authorization via Container Storage Module Operator

Prerequisite

  1. Execute kubectl create namespace authorization to create the authorization namespace (if not already present). Note that the namespace can be any user-defined name, in this example, we assume that the namespace is ‘authorization’.

  2. Install cert-manager CRDs

    kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.11.0/cert-manager.crds.yaml
    
  3. Prepare samples/authorization/config.yaml which contains the JWT signing secret. The following table lists the configuration parameters.

    Parameter Description Required Default
    web.jwtsigningsecret String used to sign JSON Web Tokens true secret

    Example:

    web:
      jwtsigningsecret: randomString123
    

    After editing the file, run this command to create a secret called karavi-config-secret:

    kubectl create secret generic karavi-config-secret -n authorization --from-file=config.yaml=samples/authorization/config.yaml
    

    Use this command to replace or update the secret:

    kubectl create secret generic karavi-config-secret -n authorization --from-file=config.yaml=samples/authorization/config.yaml -o yaml --dry-run=client | kubectl replace -f -
    
  4. Create the karavi-storage-secret to store storage system credentials.

    Use this command to create the secret:

    kubectl create -f samples/authorization/karavi-storage-secret.yaml
    

Note:

  • If you are installing CSM Authorization in a different namespace than authorization, edit the namespace field in this file to your namespace.

Install CSM Authorization Proxy Server

  1. Create a CR (Custom Resource) for Authorization from a sample manifest. This file can be modified to use custom parameters if needed.

  2. Users should configure the parameters in the CR. This table lists the primary configurable parameters of the Authorization Proxy Server and their default values:

    Parameters

    Note:

    • If you are installing CSM Authorization in a different namespace than authorization, edit the namespace fields in this file to your namespace.
    • If you specify storageclass, the storage class must NOT be provisioned by the Dell CSI Driver to be configured with this installation of CSM Authorization.

    Optional: To enable reporting of trace data with Zipkin, use the csm-config-params configMap in the sample CR or dynamically by editing the configMap.

    Add the Zipkin values to the configMap where ZIPKIN_ADDRESS is the IP address or hostname of the Zipkin server.

    ZIPKIN_URI: "http://ZIPKIN_ADDRESS:9411/api/v2/spans"
    ZIPKIN_PROBABILITY: "1.0"
    
  1. Execute this command to create the Authorization CR:

    kubectl create -f <SAMPLE FILE>
    

Note:

  • This command will deploy the Authorization Proxy Server in the namespace specified in the input YAML file.

Verify Installation of the CSM Authorization Proxy Server

Once the Authorization CR is created, you can verify the installation as mentioned below:

kubectl describe csm/<name-of-custom-resource> -n authorization

Install Karavictl

Follow the instructions available in Authorization for Installing karavictl.

Configure the Container Storage Module Authorization Proxy Server

Authorization v1.x

Follow the instructions available in Authorization for Configuring the Container Storage Module Authorization Proxy Server.

Configure a Dell CSI Driver with Container Storage Module Authorization

Authorization v1.x

Follow the instructions available in Authorization for Configuring a CSI Driver with Container Storage Module for Authorization.