DSM System Namespace

DSM System Namespace

DSM System Namespace

Overview

The dsm-system namespace is designated for storing and managing system-wide secrets and configurations in DSM. It is intended to centralize system resources, ensuring they are secure and easily accessible for administrative tasks. DSM Admins have the ability to create, update, and read resources in this namespace, while DSM Users can only read specific resources.

Capabilities

DSM Admins

  • Create, update, and read:

    • ConfigMaps

    • Secrets

    • BackupLocations

    • DirectoryServices

    • ImageRegistry

DSM Users

  • Read-only access to:

    • BackupLocations

    • DirectoryServices

    • ConfigMaps

Note: DSM Users cannot read Secrets.

Key Actions for DSM Admins

  • ConfigMaps and Secrets:

    • Create or update trust bundles.

    • Manage system-wide backup locations.

    • Configure system-wide ldap directory service.

  • User Access:

    • Allow users to read backup locations, directory services, and ConfigMaps.

    • Restrict users from reading Secrets.

Pre-defined Well-Known Resources

  1. ConfigMap trusted-root-ca

    • Contains the list of trusted root CAs used by DSM as a trust bundle.

  2. Directory Service ldap-default

    • The directory service used by DSM Appliance and Database clusters for authentication.

  3. ConfigMap vcenter-ca

    • Contains the server issuer CA of the vCenter server connected to DSM.

  4. BackupLocation default-provider-log-repo

    • An S3-compatible object store for saving log bundles generated on the Provider VM.

  5. BackupLocation default-provider-backup-repo

    • An S3-compatible object store for periodically backing up the Provider VM database.

By managing these resources, DSM Admins ensure that the DSM environment remains secure and properly configured, while allowing DSM Users appropriate access to necessary configurations and services.