Loading...

XML

Word

Printable

Epic Name:
Manila CSI: Allow multiple CIDRs when creating volumes
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
In Progress
Parent Link:
RFE-7091Manila CSI driver should allow a list of CIDRs, instead of just one
Release Note Text:

Hide
**OpenStack Manila CSI Driver: Enhanced Client Access Control**

The OpenStack Manila CSI driver now supports specifying multiple clients for volume access. This allows administrators to use the `nfs-ShareClient` parameter in a custom storage class to list specific client IP addresses or subnets. This feature enhances security in multi-tenant environments by restricting access to authorized clients, moving beyond the default behavior of granting access to all IPv4 clients.

Show
**OpenStack Manila CSI Driver: Enhanced Client Access Control** The OpenStack Manila CSI driver now supports specifying multiple clients for volume access. This allows administrators to use the `nfs-ShareClient` parameter in a custom storage class to list specific client IP addresses or subnets. This feature enhances security in multi-tenant environments by restricting access to authorized clients, moving beyond the default behavior of granting access to all IPv4 clients.
Release Note Type:
Enhancement

Goal

This parameter default to 0.0.0.0/0 and it's only possible to specify a single CIDR.
In multi tenant OSP / Multi OCP environments it's important to be able to specify a list of IPs / CIDR that have access to the NFS shares (volumes) created from given a OCP SC (often maps to an OCP environment)

As an admin I want to limit access to the Manila CSI volumes that are created from a given SC by specifying multiple IPs or CIDRs

split from

OSPRH-18263 Finish CSI changes for multi CIDR

links to