Bug 2060249

Summary:

[KMS] Update documentation to use CamelCase parameters in csi-kms-connection-details configmap

Product:

[Red Hat Storage] Red Hat OpenShift Data Foundation

Reporter:

Rachael <rgeorge>

Component:

documentation

Assignee:

Olive Lakra <olakra>

Status:

CLOSED CURRENTRELEASE

QA Contact:

Rachael <rgeorge>

Severity:

high

Docs Contact:

Priority:

unspecified

Version:

4.10

CC:

asriram, mmuench, nberry, ocs-bugs, odf-bz-bot, olakra

Target Milestone:

---

Target Release:

ODF 4.10.0

Hardware:

Unspecified

OS:

Unspecified

Whiteboard:

Fixed In Version:

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2022-04-21 09:12:51 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Storageclass creation page	none

Description Rachael 2022-03-03 04:46:24 UTC

Created attachment 1863922 [details]
Storageclass creation page

Describe the issue:
-------------------

With the fix for this bug: https://bugzilla.redhat.com/show_bug.cgi?id=2005801 the csi-kms-connection-details configmap will now use CamelCase parameters instead of UPPER_CASE. The changes for the same needs to be made in the examples shown in the docs.


Suggestions for improvement: 
----------------------------

In section 2.2.3. Procedure for creating a storage class for PV encryption:

 - step 8 -> Create new KMS connection, after step i, a new step needs to be added and the exisitng step ii needs to be modified:
   
       * Create new KMS connection: This is applicable for vaulttokens only.

            i. Key Management Service Provider is set to Vault by default.
            ii. The Authentication Method is set to token by default.
            iii. Enter a unique Connection Name, host Address of the Vault server (https://<hostname or ip>), and Port number.

 - step 10. Remove all mentions of VAULT_BACKEND. The edited text would look like:
     Edit the ConfigMap to add the vaultBackend parameter if the HashiCorp Vault setup does not allow automatic detection of the Key/Value (KV) secret engine API version used by the backend path.

     NOTE
     vaultBackend are optional parameters that has added to the configmap to specify the version of the KV secret engine API associated with the backend path. Ensure that the value matches the KV secret engine API version that is set for the backend path, otherwise it might result in a failure during persistent volume claim (PVC) creation.

 - Step 10. iv.ii needs to be modified as shown below:
     Add the vaultBackend parameter depending on the backend that is configured for the previously identified encryptionKMSID.

     You can assign kv for KV secret engine API, version 1 and kv-v2 for KV secret engine API, version 2.

     Example:

     kind: ConfigMap
     apiVersion: v1
     metadata:
       name: csi-kms-connection-details
     [...]
     data:
       1-vault: |-
         {
           "encryptionKMSType":"vaulttokens",
           "kmsServiceName":"1-vault",
           [...]
           "vaultBackend": "kv-v2"
         }
       2-vault: |-
         {
           "encryptionKMSType": "vaulttenantsa",
           [...]
           "vaultBackend": "kv"
         }



Document URL:
-------------

https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.9/html-single/managing_and_allocating_storage_resources#procedure_for_creating_a_storage_class_for_pv_encryption


Chapter/Section Number and Title: 
---------------------------------

2.2.3. Procedure for creating a storage class for PV encryption:

Product Version:
----------------
ODF 4.10

Environment Details:

Any other versions of this document that also needs this update: N/A