{product-title} can provision persistent volumes (PVs) using the Container Storage Interface (CSI) VMware vSphere driver for Virtual Machine Disk (VMDK) volumes.
Familiarity with persistent storage and configuring CSI volumes is recommended when working with a CSI Operator and driver.
To create CSI-provisioned persistent volumes (PVs) that mount to vSphere storage assets, {product-title} installs the vSphere CSI Driver Operator and the vSphere CSI driver by default in the openshift-cluster-csi-drivers
namespace.
-
vSphere CSI Driver Operator: The Operator provides a storage class, called
thin-csi
, that you can use to create persistent volumes claims (PVCs). The vSphere CSI Driver Operator supports dynamic volume provisioning by allowing storage volumes to be created on-demand, eliminating the need for cluster administrators to pre-provision storage. You can disable this default storage class if desired (see Managing the default storage class). -
vSphere CSI driver: The driver enables you to create and mount vSphere PVs. In {product-title} 4.17, the driver version is 3.2.0 The vSphere CSI driver supports all of the file systems supported by the underlying Red Hat Core operating system release, including XFS and Ext4. For more information about supported file systems, see Overview of available file systems.
Note
|
For new installations, {product-title} 4.13 and later provides automatic migration for the vSphere in-tree volume plugin to its equivalent CSI driver. Updating to {product-title} 4.15 and later also provides automatic migration. For more information about updating and migration, see CSI automatic migration. CSI automatic migration should be seamless. Migration does not change how you use all existing API objects, such as persistent volumes, persistent volume claims, and storage classes. |
To remove a third-party CSI driver, see Removing a third-party vSphere CSI Driver.
You can encrypt virtual machines (VMs) and dynamically provisioned persistent volumes (PVs) on {product-title} running on top of vSphere.
Note
|
{product-title} does not support RWX-encrypted PVs. You cannot request RWX PVs out of a storage class that uses an encrypted storage policy. |
You must encrypt VMs before you can encrypt PVs, which you can do during or after installation.
For information about encrypting VMs, see:
After encrypting VMs, you can configure a storage class that supports dynamic encryption volume provisioning using the vSphere Container Storage Interface (CSI) driver. This can be accomplished in one of two ways using:
-
Datastore URL: This approach is not very flexible, and forces you to use a single datastore. It also does not support topology-aware provisioning.
-
Tag-based placement: Encrypts the provisioned volumes and uses tag-based placement to target specific datastores.