Container Storage Modules Authorization Does Not Validate the Certificate When "skipCertificateValidation" is False
Summary: When "skipCertificateValidation" is false for Container Storage Modules Authorization in the driver custom resource, the Authorization sidecar proxy (karavi-authorization-proxy container) does not validate the certificate. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
The user is unable to validate the Authorization proxy-server certificate even when "skipCertificateValidation" is false in the authorization section of the driver custom resource (CR) installed by the Container Storage Modules Operator.
There are no error logs.
With this set in the driver CR:
There are no error logs.
With this set in the driver CR:
- name: "SKIP_CERTIFICATE_VALIDATION" value: "false"The resulting configuration in the Authorization sidecar proxy is:
- name: INSECURE value: "true"It should be false.
Cause
The Container Storage Modules Operator does not properly set the "skipCertificateValidation" environment variable in the karavi-authorization-proxy when Authorization is enabled in the driver custom resource.
Resolution
Workaround:
After the driver customer resource is deployed with Authorization enabled, edit the driver deployment and daemon set to update the INSECURE environment variable for the karavi-authorization-proxy container from true to false.Kubectl -n <driver-namespace> edit deploy/<driver>-controller Kubectl –n <driver-namespace> edit ds/<driver>-node
Resolution
Engineering has provided a patch for Dell Container Storage Interface (CSI) Driver for Container Storage Modules Operator 2.9.1, where the skip certificate validation flow is addresses.Article Properties
Article Number: 000221766
Article Type: Solution
Last Modified: 09 Feb 2024
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.