Authorization v2.0
Starting with CSM 1.12, all deployments will need to use images from quay.io. Please note that from CSM 1.14 (May 2025), upgrading with helm will fail if it attempts to use images from Docker Hub.
- Helm Chart Upgrade
- Upgrading the Dell CSI drivers with CSM for Authorization enabled
Upgrade Notice: CSM v1.14 → CSM v1.15 (Authorization v2.2.0 → v2.3.0)
Starting with CSM 1.15, CSM Authorization (v2.3.0) requires users to configure storage credentials prior to deployment. This is a mandatory step to ensure proper access to external storage systems.
You can configure storage credentials using one of the following methods:
-
Dynamic Secrets via SecretProviderClass
Use this method if you are integrating with external secret management systems (e.g., HashiCorp Vault, CyberArk Conjur) through the Secrets Store CSI Driver.
-
Static Credentials via Kubernetes Secret
Use this method if you prefer to manually manage credentials within Kubernetes.
Note: Only one of SecretProviderClass or Secret can be used at a time.
-
Install a supported External Secret Provider to integrate with the Secrets Store CSI Driver. For guidance on setting up Vault, refer to our Vault installation guide. For Conjur, refer to our Conjur installation guide.
-
Install the Secrets Store CSI Driver enabling the
Sync as Kubernetes Secret
andSecret Auto Rotation
features.Note: If you are using Conjur with the Secrets Store CSI Driver, be sure to configure
--set 'tokenRequests[0].audience=conjur'
when installing the Secrets Store CSI Driver. -
Create your own SecretProviderClass Object based on your external secret provider. You also have the option to create your own Redis secret in the SecretProviderClass.
-
For OpenShift environments, label the namespace:
kubectl label namespace authorization \ pod-security.kubernetes.io/enforce=privileged \ security.openshift.io/MinimallySufficientPodSecurityStandard=privileged \ --overwrite
-
Create a YAML file (in this example,
storage-secret.yaml
) containing the credentials:# Username and password for accessing storage system username: "username" password: "password"
-
Create the Secret:
kubectl create secret generic storage-secret -n authorization --from-file=storage-secret.yaml
Helm Chart Upgrade
-
To upgrade an existing Helm installation of CSM for Authorization to the latest release, download the latest Helm charts.
helm repo update
-
Check if the latest Helm chart version is available:
helm search repo dell
NAME CHART VERSION APP VERSION DESCRIPTION dell/csm-authorization 2.3.0 2.3.0 CSM for Authorization is part of the [Container...
-
Ensure your myvalues.yaml file is updated to align with the latest configuration changes—this includes adding new parameters, removing deprecated ones, and adjusting any modified values introduced in the upgrade.
-
Upgrade to the latest CSM for Authorization release:
helm upgrade --version $latest_chart_version -f myvalues.yaml authorization dell/csm-authorization -n authorization
-
Update your Storage, Role, and Tenant resource definitions with the latest configuration schema. Apply changes using the Kubernetes CLI:
kubectl apply -f <file-name> -n authorization
Upgrading Dell CSI Driver(s) with CSM for Authorization enabled
Given a setup where the CSM for Authorization proxy server is already upgraded to the latest version, follow the upgrade instructions for the applicable CSI Driver(s) to upgrade the driver and the CSM for Authorization sidecar