| title | linktitle | weight | description |
|---|---|---|---|
CLI |
CLI |
4 |
Dell Technologies (Dell) Container Storage Modules (CSM) for Authorization CLI
|
{{% pageinfo color="primary" %}} The CSM Authorization karavictl CLI is no longer actively maintained or supported. It will be deprecated in CSM 2.0. {{% /pageinfo %}}
karavictl is a command-line interface (CLI) used to interact with and manage your Container Storage Modules (CSM) Authorization deployment. This document outlines all karavictl commands, their intended use, options that can be provided to alter their execution, and expected output from those commands.
If you feel that something is unclear or missing in this document, please open up an issue.
| Command | Description |
|---|---|
| karavictl | karavictl is used to interact with CSM Authorization Server |
| karavictl admin token | Generate admin tokens |
| karavictl cluster-info | Display the state of resources within the cluster |
| karavictl generate | Generate resources for use with CSM |
| karavictl generate token | Generate tokens |
| karavictl role | Manage role |
| karavictl role get | Get role |
| karavictl role list | List roles |
| karavictl role create | Create one or more CSM roles |
| karavictl role update | Update the quota of one or more CSM roles |
| karavictl role delete | Delete role |
| karavictl rolebinding | Manage role bindings |
| karavictl rolebinding create | Create a rolebinding between role and tenant |
| karavictl rolebinding delete | Delete a rolebinding between role and tenant |
| karavictl storage | Manage storage systems |
| karavictl storage get | Get details on a registered storage system |
| karavictl storage list | List registered storage systems |
| karavictl storage create | Create and register a storage system |
| karavictl storage update | Update a registered storage system |
| karavictl storage delete | Delete a registered storage system |
| karavictl tenant | Manage tenants |
| karavictl tenant create | Create a tenant resource within CSM |
| karavictl tenant get | Get a tenant resource within CSM |
| karavictl tenant list | Lists tenant resources within CSM |
| karavictl tenant revoke | Get a tenant resource within CSM |
| karavictl tenant delete | Deletes a tenant resource within CSM |
| karavictl tenant update | Updates a tenant resource within CSM |
karavictl is used to interact with CSM Authorization Server
karavictl provides security, RBAC, and quota limits for accessing Dell storage products from Kubernetes clusters
admin Generate admin token for use with CSM Authorization
cluster-info Display the state of resources within the cluster
completion Generate the autocompletion script for the specified shell
generate Generate resources for use with Karavi
help Help about any command
role Manage roles
rolebinding Manage role bindings
storage Manage storage systems
tenant Manage tenants
-h, --help Help for karavictl
-f, --admin-token Path to admin token file; required for all commands except `admin token` and `cluster-info`
--addr Address of the CSM Authorization Proxy Server; required for all commands except `admin token` and `cluster-info`
--insecure Skip certificate validation of the CSM Authorization Proxy Server
Outputs help text
Generate admin tokens
Generate admin token for use with CSM Authorization commands. The tokens output in YAML format, which can be saved in a file.
karavictl admin token [flags] -n, --name Name of the admin
-h, --help Help for token
-s, --jwt-signing-secret Specify JWT signing secret, or omit to use stdin
--refresh-token-expiration Expiration time of the refresh token, e.g. 48h (default 720h0m0s)
--access-token-expiration Expiration time of the access token, e.g. 1m30s (default 1m0s)
$ karavictl admin token --name admin --access-token-expiration 30s --refresh-token-expiration 120m
$ Enter JWT Signing Secret: ***********
{
"Access": <ACCESS-TOKEN>,
"Refresh": <REFRESH-TOKEN>
}
Alternatively, one can supply JWT signing secret with command.
$ karavictl admin token --name admin --jwt-signing-secret secret --access-token-expiration 30s --refresh-token-expiration 120m
{
"Access": <ACCESS-TOKEN>,
"Refresh": <REFRESH-TOKEN>
}
Display the state of resources within the cluster
Prints table of resources within the cluster, including their readiness
karavictl cluster-info [flags] -h, --help Help for cluster-info
-w, --watch Watch for changes
karavictl cluster-infoNAME READY UP-TO-DATE AVAILABLE AGE
tenant-service 1/1 1 1 59m
redis-primary 1/1 1 1 59m
proxy-server 1/1 1 1 59m
redis-commander 1/1 1 1 59m
storage-service 1/1 1 1 59m
role-service 1/1 1 1 59m
Generate resources for use with CSM
Generates resources for use with CSM
karavictl generate [flags] -h, --help Help for generate
Generate tokens
Generate tokens for use with the CSI Driver when in proxy mode The tokens are output as a Kubernetes Secret resource, so the results may be piped directly to kubectl:
Example:
karavictl generate token --tenant Alice --admin-token admintoken.yaml --addr csm-authorization.host.com | kubectl apply -f - -t, --tenant Name of the tenant
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for token
--insecure Skip certificate validation of the CSM Authorization Proxy Server
--access-token-expiration Expiration time of the access token, e.g. 1m30s (default 1m0s)
--refresh-token-expiration Expiration time of the refresh token, e.g. 48h (default 720h0m0s)
karavictl generate token --tenant Alice --admin-token admintoken.yaml --addr csm-authorization.host.comapiVersion: v1
data:
access: <ACCESS-TOKEN>
refresh: <REFRESH-TOKEN>
kind: Secret
metadata:
creationTimestamp: null
name: proxy-authz-tokens
type: OpaqueUsually, you will want to pipe the output to kubectl to apply the secret
karavictl generate token --tenant Alice --admin-token admintoken.yaml --addr csm-authorization.host.com | kubectl apply -f -The token is read once when the driver pods are started and is not dynamically updated. If you are applying a new token in an existing driver installation, restart the driver pods for the new token to take effect.
kubectl -n <driver-namespace> rollout restart deploy/<driver>-controller
kubectl -n <driver-namespace> rollout restart ds/<driver>-nodeManage roles
Manage roles
karavictl role [flags] -h, --help Help for role
Get role
Get role
karavictl role get [flags] -n, --name Name of the role
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for get
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl role get CSISilver --admin-token admintoken.yaml --addr csm-authorization.host.com{
"Name": "CSISilver",
"StorageSystem": "3000000000011111",
"PoolQuotas": [
{
"Pool": "mypool",
"Quota": "16 GB"
}
]
}List roles
List roles
karavictl role list [flags] -f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for list
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl role list --admin-token admintoken.yaml --addr csm-authorization.host.com{
"CSIGold": [
{
"storage_system_id": "3000000000011111",
"pool_quotas": [
{
"pool": "mypool",
"quota": 32000000
}
]
}
],
"CSISilver": [
{
"storage_system_id": "3000000000011111",
"pool_quotas": [
{
"pool": "mypool",
"quota": 16000000
}
]
}
]
}Create one or more CSM roles
Creates one or more CSM roles
karavictl role create [flags] --role Role in the form <name>=<type>=<id>=<pool>=<quota>
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for create
--insecure Skip certificate validation of the CSM Authorization Proxy Server
NOTE:
- Setting the
quotato 0 will not enforce storage quota
karavictl role create --role=role-name=system-type=000000000001=mypool=200000000 --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl role get <role-name> to confirm the creation occurred.
Update the quota of one or more CSM roles
Updates the quota of one or more CSM roles
karavictl role update [flags] --role Role in the form <name>=<type>=<id>=<pool>=<quota>
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for update
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl role update --role=role-name=system-type=000000000001=mypool=400000000 --admin-token admintoken.yamlOn success, there will be no output. You may run karavictl role get <role-name> to confirm the update occurred.
Delete role
Delete role
karavictl role delete [flags] --role Role in the form <name>=<type>=<id>=<pool>=<quota>
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl role delete --name CSISilver --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl role get <role-name> to confirm the deletion occurred.
Manage role bindings
Management for role bindings
karavictl rolebinding [flags] -h, --help help for rolebinding
Create a rolebinding between role and tenant
Creates a rolebinding between role and tenant
karavictl rolebinding create [flags] -r, --role Role name
-t, --tenant Tenant name
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for create
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl rolebinding create --role CSISilver --tenant Alice --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl tenant get --name <tenant-name> to confirm the rolebinding creation occurred.
Delete a rolebinding between role and tenant
Deletes a rolebinding between role and tenant
karavictl rolebinding delete [flags] -r, --role Role name
-t, --tenant Tenant name
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl rolebinding delete --role CSISilver --tenant Alice --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output.
Manage storage systems
Manages storage systems
karavictl storage [flags] -h, --help Help for storage
Get details on a registered storage system.
Gets details on a registered storage system.
karavictl storage get [flags] -s, --system-id System identifier (default "systemid")
-t, --type Type of storage system ("powerflex", "powermax", "powerscale")
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl storage get --type powerflex --system-id 3000000000011111 --admin-token admintoken.yaml --addr csm-authorization.host.com
{
"User": "admin",
"Password": "(omitted)",
"Endpoint": "https://1.1.1.1",
"Insecure": true
}List registered storage systems.
Lists registered storage systems.
karavictl storage list [flags] -t, --type Type of storage system ("powerflex", "powermax", "powerscale")
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl storage list --admin-token admintoken.yaml --addr csm-authorization.host.com
{
"storage": {
"powerflex": {
"3000000000011111": {
"Endpoint": "https://1.1.1.1",
"Insecure": true,
"Password": "(omitted)",
"User": "admin"
}
}
}
}Create and register a storage system.
Creates and registers a storage system.
karavictl storage create [flags] -e, --endpoint Endpoint of REST API gateway
-p, --password Password (default "****")
-s, --system-id System identifier (default "systemid")
-t, --type Type of storage system ("powerflex", "powermax")
-u, --user Username (default "admin")
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
-a, --array-insecure Skip certificate validation of the storage array
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl storage create --endpoint https://1.1.1.1 --insecure --array-insecure --system-id 3000000000011111 --type powerflex --user admin --password ******** --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl storage get --type <storage-system-type> --system-id <storage-system-id> to confirm the creation occurred.
Update a registered storage system.
Updates a registered storage system.
karavictl storage update [flags] -e, --endpoint Endpoint of REST API gateway
-p, --pass Password (default "****")
-s, --system-id System identifier (default "systemid")
-t, --type Type of storage system ("powerflex", "powermax")
-u, --user Username (default "admin")
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
-a, --array-insecure Skip certificate validation of the storage array
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl storage update --endpoint https://1.1.1.1 --insecure --array-insecure --system-id 3000000000011111 --type powerflex --user admin --password ******** --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl storage get --type <storage-system-type> --system-id <storage-system-id> to confirm the update occurred.
Delete a registered storage system.
Deletes a registered storage system.
karavictl storage delete [flags] -s, --system-id System identifier (default "systemid")
-t, --type Type of storage system ("powerflex", "powermax")
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl storage delete --type powerflex --system-id 3000000000011111 --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl storage get --type <storage-system-type> --system-id <storage-system-id> to confirm the deletion occurred.
Manage tenants
Management for tenants
karavictl tenant [flags] -h, --help help for tenant
Create a tenant resource within CSM
Creates a tenant resource within CSM
karavictl tenant create [flags] -n, --name Tenant name
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
-a, --approvesdc To allow/deny SDC approval requests (default true | This flag is only applicable to PowerFlex. This flag will Approve/Deny a tenant's SDC request)
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl tenant create --name Alice --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl tenant get --name <tenant-name> to confirm the creation occurred.
Get a tenant resource within CSM
Gets a tenant resource and its assigned roles within CSM
karavictl tenant get [flags] -n, --name Tenant name
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl tenant get --name Alice --admin-token admintoken.yaml --addr csm-authorization.host.com
{
"name": "Alice"
"roles": "role-1,role-2"
}
Lists tenant resources within CSM
Lists tenant resources within CSM
karavictl tenant list [flags] -f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl tenant list --admin-token admintoken.yaml --addr csm-authorization.host.com
{
"tenants": [
{
"name": "Alice"
}
]
}
Revokes access for a tenant
Revokes access to storage resources for a tenant
karavictl tenant revoke [flags] -n, --name Tenant name
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-c, --cancel Cancel a previous tenant revocation
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl tenant revoke --name Alice --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output.
Deletes a tenant resource within CSM
Deletes a tenant resource within CSM
karavictl tenant delete [flags] -n, --name Tenant name
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl tenant delete --name Alice --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl tenant get --name <tenant-name> to confirm the deletion occurred.
Updates a tenant's resource within CSM
Updates a tenant resource within CSM
karavictl tenant update [flags] -n, --name Tenant name
-f, --admin-token Path to admin token file
--addr Address of the CSM Authorization Proxy Server
-h, --help Help for delete
-a, --approvesdc To allow/deny SDC approval requests (default true | This flag is only applicable to PowerFlex. This flag will Approve/Deny a tenant's SDC request)
--insecure Skip certificate validation of the CSM Authorization Proxy Server
karavictl tenant update --name Alice --approvesdc=false --admin-token admintoken.yaml --addr csm-authorization.host.comOn success, there will be no output. You may run karavictl tenant get --name <tenant-name> to confirm the update was persisted.