Skip to content

Commit dee40b5

Browse files
authored
Merge pull request #75920 from lpettyjo/OSDOCS-9171
OSDOCS-9171#Add SMB CIFS CSI Driver Operator
2 parents cd2edb3 + 4e01e67 commit dee40b5

11 files changed

+603
-30
lines changed

_topic_maps/_topic_map.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1276,7 +1276,7 @@ Topics:
12761276
File: accessing-hosts
12771277
- Name: Networking dashboards
12781278
File: networking-dashboards
1279-
- Name: Network security
1279+
- Name: OpenShift network security
12801280
Dir: network_security
12811281
Distros: openshift-enterprise,openshift-origin
12821282
Topics:
@@ -1717,6 +1717,8 @@ Topics:
17171717
File: persistent-storage-csi-manila
17181718
- Name: Secrets Store CSI Driver Operator
17191719
File: persistent-storage-csi-secrets-store
1720+
- Name: CIFS/SMB CSI Driver Operator
1721+
File: persistent-storage-csi-smb-cifs
17201722
- Name: VMware vSphere CSI Driver Operator
17211723
File: persistent-storage-csi-vsphere
17221724
- Name: Generic ephemeral volumes
Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,80 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * storage/container_storage_interface/persistent-storage-csi-smb-cifs.adoc
4+
5+
:_mod-docs-content-type: PROCEDURE
6+
[id="persistent-storage-csi-smb-cifs-create-sc_{context}"]
7+
= Creating a storage class for CIFS/SMB
8+
9+
After installing the Operator, you should create a storage class for dynamic provisioning of Common Internet File System (CIFS) dialect/Server Message Block (SMB) protocol volumes.
10+
11+
.Prerequisites
12+
* You are logged in to the running {product-title} cluster.
13+
14+
* You have SMB server installed and know the following information about the server:
15+
** Hostname
16+
** Share name
17+
** Username and password
18+
19+
.Procedure
20+
To create a storage class:
21+
22+
. Create a Secret for access to the Samba server using the following command with the following example YAML file:
23+
+
24+
[source,cli]
25+
--
26+
$ oc create -f <file_name>.yaml
27+
--
28+
+
29+
[source,yaml]
30+
.Secret example YAML file
31+
--
32+
apiVersion: v1
33+
kind: Secret
34+
metadata:
35+
name: smbcreds <1>
36+
namespace: samba-server <2>
37+
stringData:
38+
username: <username> <3>
39+
password: <password> <4>
40+
--
41+
<1> Name of the Secret.
42+
<2> Namespace for the Secret.
43+
<3> Username for the Secret.
44+
<4> Password for the Secret.
45+
46+
. Create a storage class using the following command with the following example YAML file:
47+
+
48+
[source,cli]
49+
--
50+
$ oc create -f <file_name>.yaml
51+
--
52+
+
53+
[source,yaml]
54+
.Storage class example YAML file
55+
--
56+
apiVersion: storage.k8s.io/v1
57+
kind: StorageClass
58+
metadata:
59+
name: samba
60+
provisioner: smb.csi.k8s.io
61+
parameters:
62+
source: //<hostname>/<shares> <1>
63+
csi.storage.k8s.io/provisioner-secret-name: smbcreds <2>
64+
csi.storage.k8s.io/provisioner-secret-namespace: samba-server <3>
65+
csi.storage.k8s.io/node-stage-secret-name: smbcreds <2>
66+
csi.storage.k8s.io/node-stage-secret-namespace: samba-server <3>
67+
reclaimPolicy: Delete
68+
volumeBindingMode: Immediate
69+
mountOptions:
70+
- dir_mode=0777
71+
- file_mode=0777
72+
- noperm
73+
- mfsymlinks
74+
- cache=strict
75+
- noserverino
76+
--
77+
<1> The Samba server must be installed somewhere and reachable from the cluster with `<hostname>` being the hostname for the Samba server and `<shares>` the path the server is configured to have among the exported shares.
78+
<2> Name of Secret that was set in the previous step.
79+
<3> Namespace for the Secret that was set in the previous step.
80+

modules/persistent-storage-csi-drivers-supported.adoc

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -38,26 +38,27 @@ endif::openshift-rosa,openshift-aro[]
3838
[cols=",^v,^v,^v,^v,^v width="100%",options="header"]
3939
|===
4040
|CSI driver |CSI volume snapshots |CSI cloning |CSI resize |Inline ephemeral volumes
41-
|AWS EBS | ✅ | - | ✅| -
42-
|AWS EFS | - | - | -| -
41+
|AWS EBS | ✅ | | ✅|
42+
|AWS EFS | | | |
4343
ifndef::openshift-rosa[]
44-
|Google Compute Platform (GCP) persistent disk (PD)| ✅| ✅ | ✅| -
45-
|GCP Filestore | ✅ | - | ✅| -
44+
|Google Compute Platform (GCP) persistent disk (PD)| ✅| ✅ | ✅|
45+
|GCP Filestore | ✅ | | ✅|
4646
endif::openshift-rosa[]
4747
ifndef::openshift-dedicated,openshift-rosa[]
48-
|{ibm-power-server-name} Block | - | - | ✅ | -
49-
|{ibm-cloud-name} Block | ✅^[3]^ | - | ✅^[3]^| -
48+
|{ibm-power-server-name} Block | | | ✅ |
49+
|{ibm-cloud-name} Block | ✅^[3]^ | | ✅^[3]^|
5050
endif::openshift-dedicated,openshift-rosa[]
51-
|LVM Storage | ✅ | ✅ | ✅ | -
51+
|LVM Storage | ✅ | ✅ | ✅ |
5252
ifndef::openshift-dedicated,openshift-rosa[]
53-
|Microsoft Azure Disk | ✅ | ✅ | ✅| -
54-
|Microsoft Azure Stack Hub | ✅ | ✅ | ✅| -
55-
|Microsoft Azure File | - | ✅^[4]^ | ✅| ✅
56-
|OpenStack Cinder | ✅ | ✅ | ✅| -
57-
|OpenShift Data Foundation | ✅ | ✅ | ✅| -
58-
|OpenStack Manila | ✅ | - | -| -
59-
|Shared Resource | - | - | - | ✅
60-
|VMware vSphere | ✅^[1]^ | - | ✅^[2]^| -
53+
|Microsoft Azure Disk | ✅ | ✅ | ✅|
54+
|Microsoft Azure Stack Hub | ✅ | ✅ | ✅|
55+
|Microsoft Azure File | | | ✅| ✅
56+
|OpenStack Cinder | ✅ | ✅ | ✅|
57+
|OpenShift Data Foundation | ✅ | ✅ | ✅|
58+
|OpenStack Manila | ✅ | | |
59+
|Shared Resource | | | | ✅
60+
|CIFS/SMB | | ✅ | |
61+
|VMware vSphere | ✅^[1]^ | | ✅^[2]^|
6162
endif::openshift-dedicated,openshift-rosa[]
6263
|===
6364
ifndef::openshift-dedicated,openshift-rosa[]

modules/persistent-storage-csi-olm-operator-install.adoc

Lines changed: 37 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,29 @@
22
//
33
// * storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc
44
// * storage/container_storage_interface/osd-persistent-storage-csi-aws-efs.adoc
5+
// * storage/persistent_storage/rosa-persistent-storage-aws-efs-csi.adoc
6+
// * storage/container_storage_interface/persistent-storage-csi-smb-cifs.adoc
57

68
:_mod-docs-content-type: PROCEDURE
79
[id="persistent-storage-csi-olm-operator-install_{context}"]
810
= Installing the {FeatureName} CSI Driver Operator
911

10-
The link:https://github.com/openshift/aws-efs-csi-driver-operator[AWS EFS CSI Driver Operator] (a Red Hat operator) is not installed in {product-title} by default. Use the following procedure to install and configure the {FeatureName} CSI Driver Operator in your cluster.
12+
The {FeatureName} CSI Driver Operator (a Red{nbsp}Hat Operator) is not installed in {product-title} by default. Use the following procedure to install and configure the {FeatureName} CSI Driver Operator in your cluster.
13+
14+
// The following ifeval and restricted ifdef statements exclude STS and a note about avoiding
15+
// installing community operator content for CSI drivers other than EWS
16+
17+
ifeval::["{context}" == "persistent-storage-csi-aws-efs"]
18+
:restricted:
19+
endif::[]
20+
21+
ifeval::["{context}" == "osd-persistent-storage-aws-efs-csi"]
22+
:restricted:
23+
endif::[]
24+
25+
ifeval::["{context}" == "rosa-persistent-storage-aws-efs-csi"]
26+
:restricted:
27+
endif::[]
1128

1229
.Prerequisites
1330
* Access to the {product-title} web console.
@@ -24,24 +41,42 @@ To install the {FeatureName} CSI Driver Operator from the web console:
2441
.. Locate the {FeatureName} CSI Operator by typing *{FeatureName} CSI* in the filter box.
2542

2643
.. Click the *{FeatureName} CSI Driver Operator* button.
44+
45+
ifdef::restricted[]
2746
+
2847
[IMPORTANT]
2948
====
3049
Be sure to select the *{FeatureName} CSI Driver Operator* and not the *{FeatureName} Operator*. The *{FeatureName} Operator* is a community Operator and is not supported by Red Hat.
3150
====
51+
endif::restricted[]
3252

3353
.. On the *{FeatureName} CSI Driver Operator* page, click *Install*.
3454

3555
.. On the *Install Operator* page, ensure that:
3656
+
57+
ifdef::restricted[]
3758
ifdef::openshift-rosa,openshift-enterprise[]
3859
* If you are using {FeatureName} with AWS Secure Token Service (STS), in the *role ARN* field, enter the ARN role copied from the last step of the _Obtaining a role Amazon Resource Name for Security Token Service_ procedure.
3960
endif::[]
61+
endif::restricted[]
4062
* *All namespaces on the cluster (default)* is selected.
4163
* *Installed Namespace* is set to *openshift-cluster-csi-drivers*.
4264

4365
.. Click *Install*.
4466
+
4567
After the installation finishes, the {FeatureName} CSI Operator is listed in the *Installed Operators* section of the web console.
4668

47-
.Next steps
69+
// The following ifeval statements exclude STS and a note about avoiding
70+
// installing community operator content for CSI drivers other than EWS
71+
72+
ifeval::["{context}" == "persistent-storage-csi-aws-efs"]
73+
:!restricted:
74+
endif::[]
75+
76+
ifeval::["{context}" == "osd-persistent-storage-aws-efs-csi"]
77+
:!restricted:
78+
endif::[]
79+
80+
ifeval::["{context}" == "rosa-persistent-storage-aws-efs-csi"]
81+
:!restricted:
82+
endif::[]
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * storage/container_storage_interface/persistent-storage-csi-smb-cifs.adoc
4+
5+
:_mod-docs-content-type: CONCEPT
6+
[id="persistent-storage-csi-smb-cifs-limits_{context}"]
7+
= Limitations
8+
9+
The following limitations apply to the Common Internet File System (CIFS)/Server Message Block (SMB) Container Storage Interface (CSI) Driver Operator:
10+
11+
* FIPS mode is not supported:
12+
+
13+
When Federal Information Processing Standards (FIPS) mode is enabled, the use of md4 and md5 are disabled, which prevents users from using ntlm, ntlmv2, or ntlmssp authentication. Also, signing cannot be used because it uses md5. Any CIFS mount that uses these methods fails when FIPS mode is enabled.
14+
15+
* Using HTTP proxy configuration to connect to outside of the cluster SMB servers is not supported by the CSI driver.
16+
+
17+
Since CIFS/SMB is a LAN protocol, and though it can be routed to subnets, it is not designed to be extended over the WAN, and does not support HTTP proxy settings.
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * storage/container_storage_interface/persistent-storage-csi-smb-cifs.adoc
4+
5+
:_mod-docs-content-type: PROCEDURE
6+
[id="persistent-storage-csi-smb-cifs-driver-install_{context}"]
7+
= Installing the {FeatureName} CSI Driver
8+
9+
After installing the {FeatureName} Container Storage Interface (CSI) Driver Operator, install the {FeatureName} CSI driver.
10+
11+
.Prerequisites
12+
* Access to the {product-title} web console.
13+
* {FeatureName} CSI Driver Operator installed.
14+
15+
.Procedure
16+
17+
. Click *Administration* -> *CustomResourceDefinitions* -> *ClusterCSIDriver*.
18+
19+
. On the *Instances* tab, click *Create ClusterCSIDriver*.
20+
21+
. Use the following YAML file:
22+
+
23+
[source,yaml]
24+
----
25+
apiVersion: operator.openshift.io/v1
26+
kind: ClusterCSIDriver
27+
metadata:
28+
name: smb.csi.k8s.io
29+
spec:
30+
managementState: Managed
31+
----
32+
33+
. Click *Create*.
34+
35+
. Wait for the following Conditions to change to a "True" status:
36+
+
37+
38+
* `SambaDriverControllerServiceControllerAvailable`
39+
40+
* `SambaDriverNodeServiceControllerAvailable`

0 commit comments

Comments
 (0)