-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.16, 4.17
-
Quality / Stability / Reliability
-
False
-
-
3
-
Low
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The OpenStack Manila CSI Driver Operator does not document how to define subnet/ip restrictions, to limit which pods can mount the Shares (PVs).
Version-Release number of selected component (if applicable):
All versions where the Manila CSI driver operator documentation exists.
How reproducible:
Always.
Steps to Reproduce:
1. In the OpenStack Manila CSI driver operator documentation [1], search for instructions on how to limit which pods can mount the shares based on their IPs/Subnets, using the `nfs-shareClient` [2] storage class parameter.
[1] https://docs.openshift.com/container-platform/4.17/storage/container_storage_interface/persistent-storage-csi-manila.html
[2] https://github.com/kubernetes/cloud-provider-openstack/blob/c3ab4ebb2221357ae6a8f38a85b9e1b468624549/docs/manila-csi-plugin/using-manila-csi-plugin.md
Actual results:
The documentation doesn't have any instructions on how to limit IPs or Subnets that can mount the Manila share/PV and the default Manila access rule is too permissive (0.0.0.0/0).
Expected results:
There are instructions on how to configure the access rules details.
Additional info: