IBM Cloud Docs
VMware Block Container Storage Interface (CSI) Driver

VMware Block Container Storage Interface (CSI) Driver

The VMware Container Storage Interface (CSI) Driver allows you to manage the lifecycle of your VMware Block Data volumes.

Prerequisites

Before you can create a VMware block storage configuration, you must satisfy the following prerequisites.

  1. Verify that you are running vSphere version 6.7U3 or later.
  2. Verify that your virtual machine hardware version is version 15 or later.
  3. Verify that master nodes can communicate with the vCenter management interface.
  4. Disable Swap on all nodes.
  5. Enable Disk UUID on all node virtual machines.
  6. Deploy vSAN in your vSphere environment. For more information, see the vSAN documentation.

Before you can deploy storage templates to clusters in your location, make sure you set up Satellite Config by selecting the Enable cluster admin access for Satellite Config option in the console or including the --enable-config-admin option when you create your cluster.

You cannot scope Satellite storage service to resource groups. However, if you are scoping other resources such as location and cluster to resource groups, you need to add Satellite reader and link administrator role for all resources in the account.

Creating and assigning a configuration in the console

  1. Review the parameter reference.

  2. From the Locations console, select the location where you want to create a storage configuration.

  3. Select Storage > Create storage configuration

  4. Enter a name for your configuration.

  5. Select the Storage type.

  6. Select the Version and click Next

  7. If the Storage type that you selected accepts custom parameters, enter them on the Parameters tab.

  8. If the Storage type that you selected requires secrets, enter them on the Secrets tab.

  9. On the Storage classes tab, review the storage classes that are deployed by the configuration or create a custom storage class.

  10. On the Assign to service tab, select the service that you want to assign your configuration to.

  11. Click Complete to assign your storage configuration.

Creating a configuration in the CLI

  1. Review the parameter reference for the template version that you want to use.

  2. Log in to the IBM Cloud CLI.

    ibmcloud login
    
  3. List your Satellite locations and note the Managed from column.

    ibmcloud sat location ls
    
  4. Target the Managed from region of your Satellite location. For example, for wdc target us-east. For more information, see Satellite regions.

    ibmcloud target -r us-east
    
  5. If you use a resource group other than default, target it.

    ibmcloud target -g <resource-group>
    
  6. Copy one of the following example command for the template version that you want to use. For more information about the command, see ibmcloud sat storage config create in the command reference.

    Example command to create a version 2.5.1 configuration.

    ibmcloud sat storage config create --location LOCATION --name NAME --template-name vsphere-csi-driver --template-version 2.5.1 --param "vcenter-username=VCENTER-USERNAME"  --param "vcenter-password=VCENTER-PASSWORD"  --param "insecure-flag=INSECURE-FLAG"  --param "host=HOST"  --param "datacenters=DATACENTERS"  [--param "thumbprint=THUMBPRINT"] 
    

    Example command to create a version 2.7.0 configuration.

    ibmcloud sat storage config create --location LOCATION --name NAME --template-name vsphere-csi-driver --template-version 2.7.0 --param "vcenter-username=VCENTER-USERNAME"  --param "vcenter-password=VCENTER-PASSWORD"  --param "insecure-flag=INSECURE-FLAG"  --param "host=HOST"  --param "datacenters=DATACENTERS"  [--param "thumbprint=THUMBPRINT"] 
    
  7. Customize the command based on the settings that you want to use.

  8. Run the command to create a configuration.

  9. Verify your configuration was created.

    ibmcloud sat storage config get --config CONFIG
    

Creating a configuration in the API

  1. Generate an API key, then request a refresh token. For more information, see Generating an IBM Cloud IAM token by using an API key.

  2. Review the parameter reference for the template version that you want to use.

  3. Copy one of the following example requests and replace the variables that you want to use.

    Example request to create a version 2.5.1 configuration.

    curl -X POST "https://containers.cloud.ibm.com/global/v2/storage/satellite/createStorageConfigurationByController" -H "accept: application/json" -H "Authorization: TOKEN" -H "Content-Type: application/json" -d "{ \"config-name\": \"string\", \"controller\": \"string\", \"storage-class-parameters\": [ { \"additionalProp1\": \"string\", \"additionalProp2\": \"string\", \"additionalProp3\": \"string\" } ], \"storage-template-name\": \"vsphere-csi-driver\", \"storage-template-version\": \"2.5.1\", \"update-assignments\": true, \"user-config-parameters\": { \"entry.name\": \"INSECURE-FLAG\", { \"entry.name\": \"HOST\", { \"entry.name\": \"DATACENTERS\",\"user-secret-parameters\": { \"entry.name\": \"VCENTER-USERNAME\",{ \"entry.name\": \"VCENTER-PASSWORD\",{ \"entry.name\": \"THUMBPRINT\",}
    

    Example request to create a version 2.7.0 configuration.

    curl -X POST "https://containers.cloud.ibm.com/global/v2/storage/satellite/createStorageConfigurationByController" -H "accept: application/json" -H "Authorization: TOKEN" -H "Content-Type: application/json" -d "{ \"config-name\": \"string\", \"controller\": \"string\", \"storage-class-parameters\": [ { \"additionalProp1\": \"string\", \"additionalProp2\": \"string\", \"additionalProp3\": \"string\" } ], \"storage-template-name\": \"vsphere-csi-driver\", \"storage-template-version\": \"2.7.0\", \"update-assignments\": true, \"user-config-parameters\": { \"entry.name\": \"INSECURE-FLAG\", { \"entry.name\": \"HOST\", { \"entry.name\": \"DATACENTERS\",\"user-secret-parameters\": { \"entry.name\": \"VCENTER-USERNAME\",{ \"entry.name\": \"VCENTER-PASSWORD\",{ \"entry.name\": \"THUMBPRINT\",}
    

Creating an assignment in the CLI

  1. List your storage configurations and make a note of the storage configuration that you want to assign to your clusters.

    ibmcloud sat storage config ls
    
  2. Get the ID of the cluster, cluster group, or service that you want to assign storage to.

    To make sure that your cluster is registered with Satellite Config or to create groups, see Setting up clusters to use with Satellite Config.

    Example command to list cluster groups.

    ibmcloud sat group ls
    

    Example command to list clusters.

    ibmcloud oc cluster ls --provider satellite
    

    Example command to list Satellite services.

    ibmcloud sat service ls --location <location>
    
  3. Assign your storage configuration to the cluster, group, or service that you retrieved earlier. For more information, see the ibmcloud sat storage assignment create command.

    Example command to assign a configuration to a cluster group.

    ibmcloud sat storage assignment create --group GROUP --config CONFIG --name NAME
    

    Example command to assign a configuration to a cluster.

    ibmcloud sat storage assignment create --cluster CLUSTER --config CONFIG --name NAME
    

    Example command to assign a configuration to a service cluster.

    ibmcloud sat storage assignment create --service-cluster-id CLUSTER --config CONFIG --name NAME
    
  4. Verify that your assignment is created.

    ibmcloud sat storage assignment ls (--cluster CLUSTER | --config CONFIG | --location LOCATION | --service-cluster-id CLUSTER)
    

Creating a storage assignment in the API

  1. Copy one of the following example requests.

    Example request to assign a configuration to a cluster.

    curl -X POST "https://containers.cloud.ibm.com/global/v2/storage/satellite/createAssignmentByCluster" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{ \"channelName\": \"CONFIGURATION-NAME\", \"cluster\": \"CLUSTER-ID\", \"controller\": \"LOCATION-ID\", \"name\": \"ASSIGNMENT-NAME\"}"
    

    Example request to assign configuration to a cluster group.

    curl -X POST "https://containers.cloud.ibm.com/global/v2/storage/satellite/createAssignment" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{ \"channelName\": \"CONFIGURATION-NAME\", \"cluster\": \"string\", \"groups\": [ \"CLUSTER-GROUP\" ], \"name\": \"ASSIGNMENT-NAME\"}"
    
  2. Replace the variables with your details and run the request.

  3. Verify the assignment was created by listing your assignments.

    curl -X GET "https://containers.cloud.ibm.com/global/v2/storage/satellite/getAssignments" -H "accept: application/json" -H "Authorization: Bearer TOKEN"
    

Updating storage assignments in the console

You can use the Satellite console to apply the latest patch updates to your assignments.

  1. From the Locations page in the Satellite console, select your location.

  2. Click the Storage tab to view your configurations.

  3. Click the configuration you want to update.

  4. Click information Information (i) icon to apply the latest revision or patch.

  5. Optional: Enable automatic patch updates for your storage assignment. Enabling automatic patch updates ensures that your assignment always has the latest security fixes.

If you enable automatic patch updates, you must still apply major updates manually.

Manually upgrading assignments in the CLI

Upgrade an assignment to use the latest storage template revision.

  1. List your Satellite storage assignments, make a note of the Satellite assignment you want to upgrade.

    ibmcloud sat storage assignment ls
    
  2. List the Satellite storage templates to see the latest available versions.

    ibmcloud sat storage template ls
    
  3. Upgrade the Satellite assignment.

    Example command to upgrade an assignment.

    ibmcloud sat storage assignment upgrade --assignment ASSIGNMENT
    

Enabling automatic patch updates for configurations and assignments in the CLI

You can use the sat storage assignment autopatch enable CLI to enable automatic patch updates for your assignments. Enabling automatic patch updates applies the latest storage template revisions (patches) automatically. You must still apply major updates manually.

  1. List your Satellite storage configurations. Make a note of the configuration ID.

    ibmcloud sat storage assignment ls
    
  2. Run one of the following example commands to enable automatic patch updates for your configuration and its associated assignments. Enter the configuration ID that you retrieved in the previous step.

    Example command to enable automatic patch updates for an assignment.

    ibmcloud sat storage assignment autopatch enable --config CONFIG  (--all | --assignment ASSIGNMENT-ID [--assignment ASSIGNMENT-ID])
    

    Example command to enable automatic patch updates for all storage assignments under a given configuration.

    ibmcloud sat storage assignment autopatch enable --config CONFIG --all
    

    Example command to disable automatic patch updates for all assignments under a specific configuration.

    ibmcloud sat storage assignment autopatch disable --config CONFIG --all
    

    Example command to disable automatic patch updates for an single assignment and a specific configuration.

    ibmcloud sat storage assignment autopatch disable --config CONFIG --assignment ASSIGNMENT-ID
    

    Example command to disable automatic patch updates for an multiple assignment and a specific configuration.

    ibmcloud sat storage assignment autopatch disable --config CONFIG --assignment ASSIGNMENT-ID --assignment ASSIGNMENT-ID
    

Upgrading a configuration and assignments in the API

You can use the /v2/storage/satellite/updateAssignment API to update your assignments with new clusters or cluster groups. Set updateConfigVersion to true to apply the revision update.

  1. Copy the following example request and replace the variables for the cluster groups and assignments that you want to update.

    curl -X PATCH "https://containers.cloud.ibm.com/global/v2/storage/satellite/updateAssignment" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{ \"groups\": [ \"CLUSTER-GROUPS\" ], \"name\": \"ASSIGNMENT-NAME\", \"updateConfigVersion\": true, \"uuid\": \"ASSIGNMENT-ID\"}"
    
  2. Run the request.

  3. Get the details of you assignment to verify the update.

    curl -X GET "https://containers.cloud.ibm.com/global/v2/storage/satellite/getAssignment?uuid=ASSIGNMENT-ID" -H "accept: application/json" -H "Authorization: Bearer TOKEN"
    

Enabling automatic patch updates for assignments in the API

You can use the /v2/storage/satellite/setAssignmentAutoupgrade API to enable automatic patch updates for your assignments. Enabling automatic patch updates applies the latest storage template revisions (patches) automatically. You must still apply major updates manually.

  1. Copy the following example request and replace the variables for the cluster groups and assignments that you want to update.

    curl -X PATCH "https://containers.cloud.ibm.com/global/v2/storage/satellite/setAssignmentAutoupgrade" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d { "config": "string", "controller": "string", "autopatch": boolean,"assignment" : { "all": boolean, "uuid": ["string", "string", ...], } }
    
  2. Run the request.

  3. Get the details of you assignment to verify the upgrade.

    curl -X GET "https://containers.cloud.ibm.com/global/v2/storage/satellite/getAssignment?uuid=ASSIGNMENT-ID" -H "accept: application/json" -H "Authorization: Bearer TOKEN"
    

Deploying an app that uses VMware

You can use the vmware-csi-driver to create PVCs that you can use in your cluster workloads.

  1. Create a PVC that references the storage class that you created earlier.

        kind: PersistentVolumeClaim
        apiVersion: v1
        metadata:
            name: podpvc
        spec:
            accessModes:
             - ReadWriteOnce
            storageClassName: sat-vsphere-vsan-block-metro
            resources:
                requests:
                storage: 10Gi
    
  2. Create the PVC in your cluster.

    oc apply -f podpvc.yaml
    
  3. Create a YAML configuration file for a pod that mounts the PVC that you created.

        apiVersion: v1
        kind: Pod
        metadata:
        name: web-server
        spec:
        containers:
        - name: #web-server
            image: nginx
            command:
                - "/bin/sh"
                - "-c"
                - while true; do echo $(date) >> /mnt/vmwaredisk/outfile; sleep 1; done
            volumeMounts:
             mountPath:  /mnt/vmwaredisk
                name: mypvc
        volumes:
        - name: mypvc
            persistentVolumeClaim:
            claimName: podpvc
            readOnly: false
    
    
  4. Create the pod in your cluster.

    oc apply -f mypvc.yaml
    
  5. Verify that the pod is deployed. Note that it might take a few minutes for your app to get into a Running state.

    oc get pods
    
    NAME                                READY   STATUS    RESTARTS   AGE
    my-pvc                              1/1     Running   0          2m58s
    
  6. Verify that the app can write to your block storage volume by logging in to your pod.

    oc exec -it web-server /bin/bash
    
  7. View the contents of the outfile file to confirm that your app can write data to your persistent storage.

    cat outfile
    

    Example output

    Fri Jul 16 07:49:39 EDT 2021
    Fri Jul 16 07:49:39 EDT 2021
    Fri Jul 16 07:49:39 EDT 2021
    
  8. Exit the pod.

    exit
    

Removing VMWare storage from your apps

If you no longer need your VMware configuration, you can remove your apps, PVCs, PVs, and assignment from your clusters.

  1. List your PVCs and note the name of the PVC that you want to remove.

    oc get pvc
    
  2. Remove any pods that mount the PVC.

    1. List all the pods that currently mount the PVC that you want to delete. If no pods are returned, you do not have any pods that currently use your PVC.

      oc get pods --all-namespaces -o=jsonpath='{range .items[*]}{"\n"}{.metadata.name}{":\t"}{range .spec.volumes[*]}{.persistentVolumeClaim.claimName}{" "}{end}{end}' | grep "<pvc_name>"
      

      Example output

      NAME         READY   STATUS    RESTARTS   AGE
      web-server   1/1     Running   0          55s
      
    2. Remove the pod that uses the PVC. If the pod is part of a deployment or statefulset, remove the deployment or statefulset.

      oc delete pod <pod_name>
      
      oc delete deployment <deployment_name>
      
      oc delete statefulset <statefulset_name>
      
    3. Verify that the pod, deployment, or statefulset is removed.

      oc get pods
      
      oc get deployments
      
      oc get statefulset
      
  3. Delete the PVC.

    oc delete pvc <pvc_name>
    
  4. Verify that your PV is automatically removed.

    oc get pv
    

Removing the VMware storage configuration from your cluster

If you no longer plan on using VMware in your cluster, you can use the CLI unassign your cluster from the storage configuration.

Removing the storage configuration removes the driver from all assigned clusters. Your PVCs, PVs, and data are not removed. However, you might not be able to access your data until you re-install the driver in your cluster again.

Removing the VMWare storage configuration using the console

  1. From the Satellite storage dashboard, select the storage configuration you want to delete.
  2. Select Actions > Delete
  3. Enter the name of your storage configuration.
  4. Select Delete.

Removing the VMWare storage configuration using the command line

  1. List your storage assignments and find the one that you used for your cluster.

    ibmcloud sat storage assignment ls (--cluster CLUSTER | --config CONFIG | --location LOCATION | --service-cluster-id CLUSTER)
    
  2. Remove the assignment. After the assignment is removed, the driver pods and storage classes are removed from all clusters that were part of the storage assignment.

    ibmcloud sat storage assignment rm --assignment <assignment_ID>
    
  3. Verify that the driver is removed from your cluster.

    1. List of the storage classes in your cluster and verify that the storage classes are removed.

      oc get sc
      
    2. List the pods in the kube-system namespace and verify that the storage driver pods are removed.

      oc get pods -n kube-system | grep vsphere
      
  4. Optional: Remove the storage configuration.

    1. List the storage configurations.

      ibmcloud sat storage config ls
      
    2. Remove the storage configuration.

      ibmcloud sat storage config rm --config <config_name>
      

Parameter reference

2.5.1 parameter reference

2.5.1 parameter reference
Display name CLI option Type Description Required? Default value
vCenter username vcenter-username Secret The vCenter username. You must specify the username along with the domain name. For example: Administrator@vsphere.local. true N/A
vCenter password vcenter-password Secret The vCenter server user password. true N/A
Insecure connection insecure-flag Config Include the insecure-flag. true indicates that you want to include the flag, which uses self-signed certificate for login. false indicates that you use a secure connection. If you select false, you must provide an SSL thumbprint. true false
vCenter host host Config The vCenter server IP address. true N/A
vCenter data centers datacenters Config List all data center paths where host VMs are present, separated by commas. Provide the name of the data center when it is located at the root. When it is placed in the folder, you need to specify the path as folder/data-center-name true N/A
SSL certificate thumbprint thumbprint Secret The SSL thumbprint to be used to establish a secure connection to VC. false N/A

2.7.0 parameter reference

2.7.0 parameter reference
Display name CLI option Type Description Required? Default value
vCenter username vcenter-username Secret The vCenter username. You must specify the username along with the domain name. For example: Administrator@vsphere.local. true N/A
vCenter password vcenter-password Secret The vCenter server user password. true N/A
Insecure connection insecure-flag Config Include the insecure-flag. true indicates that you want to include the flag, which uses self-signed certificate for login. false indicates that you use a secure connection. If you select false, you must provide an SSL thumbprint. true false
vCenter host host Config The vCenter server IP address. true N/A
vCenter data centers datacenters Config List all data center paths where host VMs are present, separated by commas. Provide the name of the data center when it is located at the root. When it is placed in the folder, you need to specify the path as folder/data-center-name true N/A
SSL certificate thumbprint thumbprint Secret The SSL thumbprint to be used to establish a secure connection to VC. false N/A

Getting help and support for VMWare

If you run into an issue with VMware submit a support request with VMware Support.