Bug 2060249 - [KMS] Update documentation to use CamelCase parameters in csi-kms-connection-details configmap
Summary: [KMS] Update documentation to use CamelCase parameters in csi-kms-connection-...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenShift Data Foundation
Classification: Red Hat Storage
Component: documentation
Version: 4.10
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ODF 4.10.0
Assignee: Olive Lakra
QA Contact: Rachael
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-03-03 04:46 UTC by Rachael
Modified: 2023-08-09 16:43 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-04-21 09:12:51 UTC
Embargoed:

Attachments (Terms of Use)
Storageclass creation page (41.29 KB, image/png)
2022-03-03 04:46 UTC, Rachael 		no flags Details
View All

Description Rachael 2022-03-03 04:46:24 UTC 
Created attachment 1863922 [details]
Storageclass creation page

Describe the issue:
-------------------

With the fix for this bug: https://bugzilla.redhat.com/show_bug.cgi?id=2005801 the csi-kms-connection-details configmap will now use CamelCase parameters instead of UPPER_CASE. The changes for the same needs to be made in the examples shown in the docs.


Suggestions for improvement: 
----------------------------

In section 2.2.3. Procedure for creating a storage class for PV encryption:

 - step 8 -> Create new KMS connection, after step i, a new step needs to be added and the exisitng step ii needs to be modified:
   
       * Create new KMS connection: This is applicable for vaulttokens only.

            i. Key Management Service Provider is set to Vault by default.
            ii. The Authentication Method is set to token by default.
            iii. Enter a unique Connection Name, host Address of the Vault server (https://<hostname or ip>), and Port number.

 - step 10. Remove all mentions of VAULT_BACKEND. The edited text would look like:
     Edit the ConfigMap to add the vaultBackend parameter if the HashiCorp Vault setup does not allow automatic detection of the Key/Value (KV) secret engine API version used by the backend path.

     NOTE
     vaultBackend are optional parameters that has added to the configmap to specify the version of the KV secret engine API associated with the backend path. Ensure that the value matches the KV secret engine API version that is set for the backend path, otherwise it might result in a failure during persistent volume claim (PVC) creation.

 - Step 10. iv.ii needs to be modified as shown below:
     Add the vaultBackend parameter depending on the backend that is configured for the previously identified encryptionKMSID.

     You can assign kv for KV secret engine API, version 1 and kv-v2 for KV secret engine API, version 2.

     Example:

     kind: ConfigMap
     apiVersion: v1
     metadata:
       name: csi-kms-connection-details
     [...]
     data:
       1-vault: |-
         {
           "encryptionKMSType":"vaulttokens",
           "kmsServiceName":"1-vault",
           [...]
           "vaultBackend": "kv-v2"
         }
       2-vault: |-
         {
           "encryptionKMSType": "vaulttenantsa",
           [...]
           "vaultBackend": "kv"
         }



Document URL:
-------------

https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.9/html-single/managing_and_allocating_storage_resources#procedure_for_creating_a_storage_class_for_pv_encryption


Chapter/Section Number and Title: 
---------------------------------

2.2.3. Procedure for creating a storage class for PV encryption:

Product Version:
----------------
ODF 4.10

Environment Details:

Any other versions of this document that also needs this update: N/A
Note You need to log in before you can comment on or make changes to this bug.