dell · rajendraindukuri · Feb 10, 2025 · Feb 10, 2025
@@ -0,0 +1,114 @@
+apiVersion: storage.dell.com/v1
+kind: ContainerStorageModule
+metadata:
+  name: authorization
+  namespace: authorization
+spec:
+  modules:
+    # Authorization: enable csm-authorization proxy server for RBAC
+    - name: authorization-proxy-server
+      # enable: Enable/Disable csm-authorization
+      enabled: true
+      configVersion: v2.1.0
+      forceRemoveModule: true
+      components:
+        # For Kubernetes Container Platform only
+        # enabled: Enable/Disable NGINX Ingress Controller
+        # Allowed values:
+        #   true: enable deployment of NGINX Ingress Controller
+        #   false: disable deployment of NGINX Ingress Controller only if you have your own ingress controller. Set the appropriate annotations for the ingresses in the proxy-server section
+        # Default value: true
+        - name: nginx
+          enabled: true
+        # enabled: Enable/Disable cert-manager
+        # Allowed values:
+        #   true: enable deployment of cert-manager
+        #   false: disable deployment of cert-manager only if it's already deployed
+        # Default value: true
+        - name: cert-manager
+          enabled: true
+        - name: proxy-server
+          # enable: Enable/Disable csm-authorization proxy server
+          enabled: true
+          proxyService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-proxy@sha256:ac2beadc372fc94e654d0665a8bec1b450411d28cbace66472178e10a8f28d28
+          proxyServiceReplicas: 1
+          tenantService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-tenant@sha256:ec63ee8d53ebacd4b3dbcc0e43ea678e88b4c604a7c6cbebffb9c00ad1ceb05c
+          tenantServiceReplicas: 1
+          roleService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-role@sha256:d8b646b0eeeecb4cfb16bf28cc3e946badea8279118445c980b9e8b6ec9cb6bd
+          roleServiceReplicas: 1
+          storageService: registry.connect.redhat.com/dell-emc/dell-csm-authorization-storage@sha256:2011148a509b2c4e8b42e6476eeaa622eb6bd179517cbe94939366212e929abc
+          storageServiceReplicas: 1
+          opa: docker.io/openpolicyagent/opa@sha256:aa45afb240037ad19f548cea8c8f1610dc238599dbb79a5f8f3f08a2b8eb90fa
+          opaKubeMgmt: docker.io/openpolicyagent/kube-mgmt@sha256:8b9db2e7af5a237a8cea8f090484f29ddc34c88e30a58a6f5617b45ab5420d22
+          authorizationController: registry.connect.redhat.com/dell-emc/dell-csm-authorization-controller@sha256:922af647e4cfffdba2fd95ffeea86c0efe2f7d9c6843b0a0459b533fdca961bc
+          authorizationControllerReplicas: 1
+          leaderElection: true
+          # controllerReconcileInterval: interval for the authorization controllers to reconcile with Redis.
+          controllerReconcileInterval: 5m
+          # certificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates
+          # for self-signed certs, leave empty string
+          # Allowed values: string
+          certificate: ""
+          # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates
+          # for self-signed certs, leave empty string
+          # Allowed values: string
+          privateKey: ""
+          # proxy-server ingress will use this hostname
+          # NOTE: an additional hostname can be configured in proxyServerIngress.hosts
+          # NOTE: proxy-server ingress is configured to accept IP address connections so hostnames are not required
+          hostname: "csm-authorization.com"
+          # proxy-server ingress configuration
+          proxyServerIngress:
+            - ingressClassName: nginx
+              # additional host rules for the proxy-server ingress
+              hosts: []
+              # - [application name]-ingress-nginx-controller.[namespace].svc.cluster.local
+
+              # additional annotations for the proxy-server ingress
+              annotations: {}
+          # openTelemetryCollectorAddress: the OTLP receiving endpoint using gRPC
+          openTelemetryCollectorAddress: ""
+        - name: redis
+          redis: docker.io/redis@sha256:c1e88455c85225310bbea54816e9c3f4b5295815e6dbf80c34d40afc6df28275
+          commander: docker.io/rediscommander/redis-commander@sha256:19cd0c49f418779fa2822a0496c5e6516d0c792effc39ed20089e6268477e40a
+          redisName: redis-csm
+          redisCommander: rediscommander
+          sentinel: sentinel
+          redisReplicas: 5
+        - name: vault
+          vaultConfigurations:
+            - identifier: vault0
+              address: https://10.0.0.1:8400
+              role: csm-authorization
+              skipCertificateValidation: true
+              # clientCertificate: base64-encoded certificate for cert/private-key pair -- add certificate here to use custom certificates
+              # for self-signed certs, leave empty string
+              # Allowed values: string
+              clientCertificate: ""
+              # clientKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates
+              # for self-signed certs, leave empty string
+              # Allowed values: string
+              clientKey: ""
+              # certificateAuthority: base64-encoded certificate authority for validating vault server certificate -- add certificate authority here to use custom certificates
+              #  for self-signed certs, leave empty string
+              # Allowed values: string
+              certificateAuthority: ""
+#            - identifier: vault0
+#              address: https://10.0.0.1:8400
+#              role: csm-authorization
+#              skipCertificateValidation: true
+#              clientCertificate:
+#              clientKey:
+#              certificateAuthority:
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: csm-config-params
+  namespace: authorization
+data:
+  csm-config-params.yaml: |-
+    CONCURRENT_POWERFLEX_REQUESTS: 10
+    CONCURRENT_POWERSCALE_REQUESTS: 10
+    LOG_LEVEL: debug
+    STORAGE_CAPACITY_POLL_INTERVAL: 5m