Home > Storage > PowerFlex > White Papers > Container Storage Modules for Dell PowerFlex : Authorization Module > Configuring PowerFlex CSI Driver with CSM for Authorization
The following are the requirements that must be met before installing the CSI Driver:
Configuring the PowerFlex CSI driver for CSM Authorization requires that the Kubernetes cluster, PowerFlex cluster, and CSM Authorization proxy server all be deployed. The following are the steps to configure the CSI driver to successfully work with the Authorization sidecar.
$ kubectl create namespace vxflexos
$ kubectl apply -f Tenant01.yaml -n vxflexos
$ git clone -b v2.7.0 https://github.com/dell/csi-powerflex.git
$ cd root/CSM-Module/auth-installers/csi-powerflex
$ vi /samples/secret/karavi-authorization-config.json
[{"username":"","password":"","intendedEndpoint":"https://192.168.105.205/","endpoint":"https://localhost:9400","systemID":"cf786ba3109e8e0f","skipCertificateValidation":true,"isDefault":true}]
Note: Username and password fields are not updated; intended endpoint is the https address of PowerFlex; endpoint is the local proxy server address; system id used is PowerFlex system ID.
$ kubectl -n vxflexos create secret generic karavi-authorization-config --from-file=config=samples/secret/karavi-authorization-config.json -o yaml --dry-run=client | kubectl apply -f -
$ kubectl -n vxflexos create secret generic proxy-server-root-certificate --from-literal=rootCertificate.pem= -o yaml --dry-run=client | kubectl apply -f -
For more information about the CSM Authorization deployment, see Authorization.
For deploying the CSI driver, the csi secret file and values.yaml files must be prepared, as described in the following steps:
$ vi samples/config.yaml
- username: "ignored"
password: "ignored"
systemID: "cf786ba3109e8e0f"
endpoint: “https://localhost:9400”
skipCertificateValidation: true
isDefault: true
mdm: "192.168.xxx.xxx,192.168.xxx.xxx"
$ kubectl create secret generic vxflexos-config -n vxflexos --from-file=config=samples/secret.yaml
$ cd helm && cp csi-vxflexos/values.yaml myvalues.yaml
$ vi csi-powerflex/helm/csi-vxflexos/myvalues.yaml
# CSM module attributes
# Default value: "false"
authorization:
enabled: true
# sidecarProxyImage: the container image used for the csm-authorization-sidecar.
# Default value: dellemc/csm-authorization-sidecar:v1.7.0
sidecarProxyImage: dellemc/csm-authorization-sidecar:v1.7.0
# proxyHost: hostname of the csm-authorization server
# Default value: None
proxyHost: authorization-ingress-nginx-controller.authorization.svc.cluster.local #From Step 6
# skipCertificateValidation: certificate validation of the csm-authorization server
# Allowed Values:
# "true" - TLS certificate verification will be skipped
# "false" - TLS certificate will be verified
# Default value: "true"
skipCertificateValidation: true
$ cd dell-csi-helm-installer
$ ./csi-install.sh --namespace vxflexos --values ../helm/myvalues.yaml --node-verify-user root
$ kubectl create -f storageclass.yaml
For more information about the PowerFlex CSI deployment, see PowerFlex CSI Documentation.