diff --git a/e2e/nfs.go b/e2e/nfs.go index d06e06e4e82d..8ac7ea7b8f29 100644 --- a/e2e/nfs.go +++ b/e2e/nfs.go @@ -440,6 +440,23 @@ var _ = Describe("nfs", func() { } }) + By("create a storageclass with a list of clients allowed to mount it and a PVC then bind it to an app", func() { + err := createNFSStorageClass(f.ClientSet, f, false, map[string]string{ + "clients": "192.168.1.29,10.0.0.0/24", + }) + if err != nil { + framework.Failf("failed to create NFS storageclass: %v", err) + } + err = validatePVCAndAppBinding(pvcPath, appPath, f) + if err != nil { + framework.Failf("failed to validate NFS pvc and application binding: %v", err) + } + err = deleteResource(nfsExamplePath + "storageclass.yaml") + if err != nil { + framework.Failf("failed to delete NFS storageclass: %v", err) + } + }) + By("create a PVC and bind it to an app", func() { err := createNFSStorageClass(f.ClientSet, f, false, nil) if err != nil { diff --git a/examples/nfs/storageclass.yaml b/examples/nfs/storageclass.yaml index 7bc21af15c64..7d55d9375ec2 100644 --- a/examples/nfs/storageclass.yaml +++ b/examples/nfs/storageclass.yaml @@ -51,5 +51,10 @@ parameters: # This option is available with Ceph v17.2.6 and newer. # secTypes: + # (optional) List of IP addresses, hostnames or IPv4 network addresses that + # that these export permissions apply to. The is a comma + # delimited string, for example: "192.168.0.10,192.168.1.0/8" + # clients: + reclaimPolicy: Delete allowVolumeExpansion: true diff --git a/internal/nfs/controller/volume.go b/internal/nfs/controller/volume.go index 2249f8c61706..271393d97706 100644 --- a/internal/nfs/controller/volume.go +++ b/internal/nfs/controller/volume.go @@ -132,6 +132,7 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error { nfsCluster := backend.VolumeContext["nfsCluster"] path := backend.VolumeContext["subvolumePath"] secTypes := backend.VolumeContext["secTypes"] + clients := backend.VolumeContext["clients"] err := nv.setNFSCluster(nfsCluster) if err != nil { @@ -157,6 +158,10 @@ func (nv *NFSVolume) CreateExport(backend *csi.Volume) error { } } + if clients != "" { + export.ClientAddr = strings.Split(clients, ",") + } + _, err = nfsa.CreateCephFSExport(export) switch { case err == nil: