# Dell CSI Operator ###### tags: `OpenShift` ###### tags: `Storage` ### Install Operator [Link to Dell documentation.](https://dell.github.io/csm-docs/docs/csidriver/installation/operator/isilon/) #### Pre-Requisite for installation Please run the following commands for creating the required ConfigMap before installing the dell-csi-operator using OLM. ``` $ git clone https://github.com/dell/dell-csi-operator.git $ cd dell-csi-operator $ tar -czf config.tar.gz driverconfig/ # Replace operator-namespace in the below command with the actual namespace where the operator will be deployed by OLM $ kubectl create configmap dell-csi-operator-config --from-file config.tar.gz -n <operator-namespace> ``` #### Install the Operator Install the operator from "Operators --> OperatorHUB" in OPenShift Console. #### Install the driver for Isilon ##### Create namespace ``` kubectl create namespace isilon ``` ##### Create isilon-cred secret. Create secret.yaml insert proper values in the example file. ``` isilonClusters: # logical name of PowerScale Cluster - clusterName: "cluster1" # username for connecting to PowerScale OneFS API server # Default value: None username: "user" # password for connecting to PowerScale OneFS API server password: "password" # HTTPS endpoint of the PowerScale OneFS API server # Default value: None # Examples: "1.2.3.4", "https://1.2.3.4", "https://abc.myonefs.com" endpoint: "1.2.3.4" # Is this a default cluster (would be used by storage classes without ClusterName parameter) # Allowed values: # true: mark this cluster config as default # false: mark this cluster config as not default # Default value: false isDefault: true # Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. # Allowed values: # true: skip OneFS API server's certificate verification # false: verify OneFS API server's certificates # Default value: default value specified in values.yaml # skipCertificateValidation: true # The base path for the volumes to be created on PowerScale cluster # This will be used if a storage class does not have the IsiPath parameter specified. # Ensure that this path exists on PowerScale cluster. # Allowed values: unix absolute path # Default value: default value specified in values.yaml # Examples: "/ifs/data/csi", "/ifs/engineering" # isiPath: "/ifs/data/csi" # The permissions for isi volume directory path # This will be used if a storage class does not have the IsiVolumePathPermissions parameter specified. # Allowed values: valid octal mode number # Default value: "0777" # Examples: "0777", "777", "0755" # isiVolumePathPermissions: "0777" - clusterName: "cluster2" username: "user" password: "password" endpoint: "1.2.3.4" endpointPort: "8080" ``` Apply the secret. ``` kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml ``` To replace or update the secret use the following command. ``` kubectl create secret generic isilon-creds -n isilon --from-file=config=secret.yaml -o yaml --dry-run | kubectl replace -f - ``` ##### Create an empty certificate secret yaml. ``` apiVersion: v1 kind: Secret metadata: name: isilon-certs-0 namespace: isilon type: Opaque data: cert-0: "" ``` Apply the yaml. ``` kubectl create -f empty-secret.yaml ``` ##### Create the custom resource to install the driver. Sample files found [here](https://github.com/dell/dell-csi-operator/tree/master/samples). Using [isilon_v210_ops_48.yaml](https://github.com/dell/dell-csi-operator/tree/master/samples/isilon_v210_ops_48.yaml) for Isilon on OpenShift 4.8. Edit the file and change the vaules according to your needs. ``` apiVersion: storage.dell.com/v1 kind: CSIIsilon metadata: name: isilon namespace: isilon spec: driver: # Config version for CSI PowerScale v2.1.0 driver configVersion: v2.1.0 replicas: 2 dnsPolicy: ClusterFirstWithHostNet forceUpdate: false common: # Image for CSI PowerScale driver v2.1.0 image: "dellemc/csi-isilon:v2.1.0" imagePullPolicy: IfNotPresent envs: # X_CSI_VERBOSE: Indicates what content of the OneFS REST API message should be logged in debug level logs # Allowed Values: # 0: log full content of the HTTP request and response # 1: log without the HTTP response body # 2: log only 1st line of the HTTP request and response # Default value: 0 - name: X_CSI_VERBOSE value: "1" # X_CSI_ISI_PORT: Specify the HTTPs port number of the PowerScale OneFS API server # This value acts as a default value for endpointPort, if not specified for a cluster config in secret # Allowed value: valid port number # Default value: 8080 - name: X_CSI_ISI_PORT value: "8080" # X_CSI_ISI_PATH: The base path for the volumes to be created on PowerScale cluster. # This value acts as a default value for isiPath, if not specified for a cluster config in secret # Ensure that this path exists on PowerScale cluster. # Allowed values: unix absolute path # Default value: /ifs # Examples: /ifs/data/csi, /ifs/engineering - name: X_CSI_ISI_PATH value: "/ifs/data/csi" # X_CSI_ISI_NO_PROBE_ON_START: Indicates whether the controller/node should probe all the PowerScale clusters during driver initialization # Allowed values: # true : do not probe all PowerScale clusters during driver initialization # false: probe all PowerScale clusters during driver initialization # Default value: false - name: X_CSI_ISI_NO_PROBE_ON_START value: "false" # X_CSI_ISI_AUTOPROBE: automatically probe the PowerScale cluster if not done already during CSI calls. # Allowed values: # true : enable auto probe. # false: disable auto probe. # Default value: false - name: X_CSI_ISI_AUTOPROBE value: "true" # X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION: Specify whether the PowerScale OneFS API server's certificate chain and host name should be verified. # Formerly this attribute was named as "X_CSI_ISI_INSECURE" # This value acts as a default value for skipCertificateValidation, if not specified for a cluster config in secret # Allowed values: # true: skip OneFS API server's certificate verification # false: verify OneFS API server's certificates # Default value: false - name: X_CSI_ISI_SKIP_CERTIFICATE_VALIDATION value: "true" # X_CSI_CUSTOM_TOPOLOGY_ENABLED: Specify if custom topology label <provisionerName>.dellemc.com/<powerscalefqdnorip>:<provisionerName> # has to be used for making connection to backend PowerScale Array. # If X_CSI_CUSTOM_TOPOLOGY_ENABLED is set to true, then do not specify allowedTopologies in storage class. # Allowed values: # true : enable custom topology # false: disable custom topology # Default value: false - name: X_CSI_CUSTOM_TOPOLOGY_ENABLED value: "false" controller: envs: # X_CSI_ISI_QUOTA_ENABLED: Indicates whether the provisioner should attempt to set (later unset) quota # on a newly provisioned volume. # This requires SmartQuotas to be enabled on PowerScale cluster. # Allowed values: # true: set quota for volume # false: do not set quota for volume - name: X_CSI_ISI_QUOTA_ENABLED value: "true" # X_CSI_ISI_ACCESS_ZONE: The name of the access zone a volume can be created in. # If storageclass is missing with AccessZone parameter, then value of X_CSI_ISI_ACCESS_ZONE is used for the same. # Default value: System # Examples: System, zone1 - name: X_CSI_ISI_ACCESS_ZONE value: "System" # X_CSI_ISI_VOLUME_PATH_PERMISSIONS: The permissions for isi volume directory path # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret # Allowed values: valid octal mode number # Default value: "0777" # Examples: "0777", "777", "0755" - name: X_CSI_ISI_VOLUME_PATH_PERMISSIONS value: "0770" nodeSelector: node-role.kubernetes.io/infra: "" tolerations: - effect: NoSchedule key: node-function value: infra node: envs: # X_CSI_MAX_VOLUMES_PER_NODE: Specify default value for maximum number of volumes that controller can publish to the node. # If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node. # This limit is applicable to all the nodes in the cluster for which node label 'max-isilon-volumes-per-node' is not set. # Allowed values: n, where n >= 0 # Default value: 0 - name: X_CSI_MAX_VOLUMES_PER_NODE value: "0" # X_CSI_ALLOWED_NETWORKS: Custom networks for PowerScale export # Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used. # Allowed values: list of one or more networks # Default value: None # Provide them in the following format: "[net1, net2]" # CIDR format should be used # eg: "[192.168.1.0/24, 192.168.100.0/22]" - name: X_CSI_ALLOWED_NETWORKS value: "" tolerations: - effect: NoSchedule key: node-function value: infra sideCars: - name: provisioner args: ["--volume-name-prefix=csipscale"] --- apiVersion: v1 kind: ConfigMap metadata: name: isilon-config-params namespace: isilon data: driver-config-params.yaml: | CSI_LOG_LEVEL: "debug" ``` Apply the file. ``` kubectl create -f isilon_v210_ops_48.yaml ``` #### Create storageclass and volumesnapshotclass. ##### Create storageclass yaml one per Isilon system. ``` apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: isilon-se1isl001 provisioner: csi-isilon.dellemc.com reclaimPolicy: Delete allowVolumeExpansion: true parameters: # The name of the access zone a volume can be created in # Optional: true # Default value: default value specified in values.yaml # Examples: System, zone1 AccessZone: System # The base path for the volumes to be created on PowerScale cluster. # Ensure that this path exists on PowerScale cluster. # Allowed values: unix absolute path # Optional: true # Default value: value specified in values.yaml for isiPath # Examples: /ifs/data/csi, /ifs/engineering IsiPath: /ifs/se1isl001/proj # The permissions for isi volume directory path # This value overrides the isiVolumePathPermissions attribute of corresponding cluster config in secret, if present # Allowed values: valid octal mode number # Default value: "0777" # Examples: "0777", "777", "0755" #IsiVolumePathPermissions: "0777" # AccessZone groupnet service IP. Update AzServiceIP if different than endpoint. # Optional: true # Default value: endpoint of the cluster ClusterName AzServiceIP : Se1isl001.i1.int.autoheim.net # When a PVC is being created, this parameter determines, when a node mounts the PVC, # whether to add the k8s node to the "Root clients" field or "Clients" field of the NFS export # Allowed values: # "true": adds k8s node to the "Root clients" field of the NFS export # "false": adds k8s node to the "Clients" field of the NFS export # Optional: true # Default value: "false" RootClientEnabled: "false" # Name of PowerScale cluster, where pv will be provisioned. # This name should match with name of one of the cluster configs in isilon-creds secret. # If this parameter is not specified, then default cluster config in isilon-creds secret # will be considered if available. # Optional: true ClusterName: Se1isl001 # volumeBindingMode controls when volume binding and dynamic provisioning should occur. # Allowed values: # Immediate: indicates that volume binding and dynamic provisioning occurs once the # PersistentVolumeClaim is created # WaitForFirstConsumer: will delay the binding and provisioning of a PersistentVolume # until a Pod using the PersistentVolumeClaim is created # Default value: Immediate volumeBindingMode: Immediate # allowedTopologies helps scheduling pods on worker nodes which match all of below expressions. # If enableCustomTopology is set to true in helm values.yaml, then do not specify allowedTopologies # Change all instances of <ISILON_IP> to the IP of the PowerScale OneFS API server #allowedTopologies: # - matchLabelExpressions: # - key: csi-isilon.dellemc.com/<ISILON_IP> # values: # - csi-isilon.dellemc.com # specify additional mount options for when a Persistent Volume is being mounted on a node. # To mount volume with NFSv4, specify mount option vers=4. Make sure NFSv4 is enabled on the Isilon Cluster #mountOptions: ["<mountOption1>", "<mountOption2>", ..., "<mountOptionN>"] ``` Apply the yaml. ``` oc apply -f <storageclass.yaml> ``` ##### Create the volumesnapshotclass yaml one per Isilon system. ``` # For kubernetes version 20 (v1 snaps) apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshotClass metadata: name: isilon-se1isl002-snapclass driver: csi-isilon.dellemc.com # Configure what happens to a VolumeSnapshotContent when the VolumeSnapshot object # it is bound to is to be deleted # Allowed values: # Delete: the underlying storage snapshot will be deleted along with the VolumeSnapshotContent object. # Retain: both the underlying snapshot and VolumeSnapshotContent remain. deletionPolicy: Delete parameters: # The base path of the volumes on Isilon cluster for which snapshot is being created. # This path should be same as the IsiPath from the storageClass. # Optional: false IsiPath: /ifs/se1isl002/data ``` Apply the yaml. ``` oc apply -f <volumesnapshotclass.yaml> ```