-
Task
-
Resolution: Done
-
Undefined
-
ACM 2.8.0
Docs required for parent: https://issues.redhat.com/browse/ACM-2199 (Reduce VolSync to align with Least Privilege principle - RSync)
Create an informative issue (See each section, incomplete templates/issues won't be triaged)
Using the current documentation as a model, please complete the issue template.
Note: Doc team updates the current version and the two previous versions (n-2). For earlier versions, we will address only high-priority, customer-reported issues for releases in support.
Prerequisite: Start with what we have
Always look at the current documentation to describe the change that is needed. Use the source or portal link for Step 3:
- Use the Customer Portal: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6
- Use the GitHub link to find the staged docs in the repository: https://github.com/stolostron/rhacm-docs/blob/2.7_stage/add-ons/volsync/volsync_replicate.adoc#configuring-an-rsync-replication
Describe the changes in the doc and link to your dev story
Provide info for the following steps:
- - [X] Mandatory Choose the documentation release (Published releases are refreshed ~weekly after publication).
- [ ] ACM 2.5
- [ ] ACM 2.6
- [ ] ACM 2.7
- [X]ACM 2.8 (upcoming release)
- [ ] MCE 2.1
- [ ] MCE 2.2
- [ ] MCE 2.3 (upcoming release)
- - [X] Mandatory Choose the type of documentation change.
- [X] New topic in an existing section or new section
- [ ] Update to an existing topic
- - [ ] Mandatory for bugs: What is the diff? Clearly define what the problem is, what the change is, and link to the current documentation:
- - [X] Mandatory for GA content:
- [X] Add steps and/or other important conceptual information here:
This is new for VolSync 0.7.0 (ACM 2.8). Previously in ACM 2.7 we added reduced mover permissions for the rsync/restic/syncthing movers and this was documented.
However for Rsync, the permissions cannot be solved by simply modifying the existing mover, so a new mover was created "rsync-TLS". Going forward this should be the preferred mover to use if rsync is required (rather than the "rsync" mover).
We could perhaps put a note about rsync-TLS being preferred, and can perhaps replace the rsync section of docs with docs on rsync-TLS instead? Specifically this would be the section we could perhaps move to rsync-tls: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#rsync-replication-volsync
In the rsync section, we have the following example yaml:
```
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: <destination>
namespace: <destination-ns>
spec:
rsync:
serviceType: LoadBalancer
copyMethod: Snapshot
capacity: 2Gi
accessModes: [ReadWriteOnce]
storageClassName: gp2-csi
volumeSnapshotClassName: csi-aws-vsc
```
The rsync-tls version of this would be:
```
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: <destination>
namespace: <destination-ns>
spec:
rsyncTLS:
serviceType: LoadBalancer
copyMethod: Snapshot
capacity: 2Gi
accessModes: [ReadWriteOnce]
storageClassName: gp2-csi
volumeSnapshotClassName: csi-aws-vsc
```
Basically the difference is rsyncTLS in the spec instead of rsync here.
rsyncTLS uses the same concept of address, so where we mention .status.rsync.address - the change would be that this field would now be found in .status.rsyncTLS.address.
Similarly, instead of sshKeys, this field for rsyncTLS is called `keySecret`.
I can definitely help do the modifications, or have a meeting to discuss. If it helps, the original rsync steps were taken from the upstream docs, so for rsyncTLS here is the doc reference: https://volsync.readthedocs.io/en/latest/usage/rsync-tls/index.html
- [ ] Add Required access level for the user to complete the task here:
- [ ] Add verification at the end of the task, how does the user verify success (a command to run or a result to see?)
- [ ] Add link to dev story here: https://issues.redhat.com/browse/ACM-2199
- depends on
-
-
- Closed
-