-
Feature
-
Resolution: Done
-
Major
-
None
Feature Overview (aka. Goal Summary)
Graduate the SMB CSI driver and its operator to GA
Goals (aka. expected user outcomes)
The Goal is to write an operator to deploy and maintain the SMB CSI driver
https://github.com/kubernetes-csi/csi-driver-smb
- Provide a day 2 OLM based operator that deploys the SMB CSI driver.
- Ensure the driver passes all CSI related tests.
- Identify all upstream capabilities and limitation. Define what we will support at GA.
Authentication will be limited to a secret in the storage class. NTLM style authentication only, no kerberos support until we have it officialy supported and documented. This limits the CSI to run on non FIPS environments.
We're also excluding support for DFS (Distributed File System) at GA, we will look at possible support in a future OCP release.
Requirements (aka. Acceptance Criteria):
A list of specific needs or objectives that a feature must deliver in order to be considered complete. Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc. Initial completion during Refinement status.
Operator and driver meets the GA quality criteria. We have a good way to deploy a CIFS backend for CI/Testing.
Identify all upstream capabilities and limitation. Define what we support at GA.
Anyone reviewing this Feature needs to know which deployment configurations that the Feature will apply to (or not) once it's been completed. Describe specific needs (or indicate N/A) for each of the following deployment scenarios. For specific configurations that are out-of-scope for a given release, ensure you provide the OCPSTRAT (for the future to be supported configuration) as well.
| Deployment considerations | List applicable specific needs (N/A = not applicable) |
| Self-managed, managed, or both | Self-managed |
| Classic (standalone cluster) | Yes |
| Hosted control planes | Should work |
| Multi node, Compact (three node), or Single node (SNO), or all | all |
| Connected / Restricted Network | yes |
| Architectures, e.g. x86_x64, ARM (aarch64), IBM Power (ppc64le), and IBM Z (s390x) | x86_x64 |
| Operator compatibility | OLM |
| Backport needed (list applicable versions) | No |
| UI need (e.g. OpenShift Console, dynamic plugin, OCM) | No |
| Other (please specify) |
Use Cases (Optional):
Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.
We have several customer's request to allows pods to access storage shared exposed as SMB/CIFS. This can be because of already existing data generated outside OCP or because the customer's environment already integrates an AD/SMB NAS infrastructure. This is fairly common in on-prem environments.
Questions to Answer (Optional):
Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.
How do automatically deploy a SMB server for automated testing?
What authentication method will we support? - NTLM style only
Out of Scope
High-level list of items that are out of scope. Initial completion during Refinement status.
Support of SMB server
Authentication beyond the default one which references secrets in the SC & static provisioning, NTLM style only.
No kerberos support until we have it officialy supported and documented. This limits the CSI to run on non FIPS environments.
Background
Provide any additional context is needed to frame the feature. Initial completion during Refinement status.
The windows container team can't directly leverage this work atm because they can't ship CSI drivers for windows.
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
Customers may want to run these on FIPS enabled clusters which requires keberos authentication as NTLM is not FIPS compliant. Unfortunately there is no official OCP kerberos support today. This will be reassessed when we have it.
Documentation Considerations
Provide information that needs to be considered and planned so that documentation will meet customer needs. If the feature extends existing functionality, provide a link to its current documentation. Initial completion during Refinement status.
Reuse the TP doc, remove TP warning. Change any delta content between TP and GA. Be explicit on supported authentification (NTML/ no FIPS) and samba / windows versions supported.
We're also excluding support for DFS (Distributed File System) at GA, we will look at possible support in a future OCP release.
Interoperability Considerations
Which other projects, including ROSA/OSD/ARO, and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.
Customers using windows containers may be interested by that feature.
- depends on
-
-
- Closed
-
- links to
