The HPE Alletra 6000 and Nimble Storage Container Storage Provider ("CSP") for Kubernetes is the reference implementation for the HPE CSI Driver for Kubernetes. The CSP abstracts the data management capabilities of the array for use by Kubernetes. The documentation found herein is mainly geared towards day-2 operations and reference documentation for the
VolumeSnapshotClass parameters but also contains important array setup requirements.
For a successful deployment, it's important to understand the array platform requirements found within the CSI driver (compute node OS and Kubernetes versions) and the CSP.
- Platform Requirements
- StorageClass Parameters
There's a brief introduction on how to use HPE Nimble Storage with the HPE CSI Driver in the Video Gallery. It also applies broadly to HPE Alletra 6000.
Always check the corresponding CSI driver version in compatibility and support for the required array Operating System ("OS") version for a particular release of the driver. If a certain feature is gated against a certain version of the array OS it will be called out where applicable.
The documentation reflected here always corresponds to the latest supported version and may contain references to future features and capabilities.
Setting Up the Array¶
How to deploy an HPE storage array is beyond the scope of this document. Please refer to HPE InfoSight for further reading.
The HPE Nimble Storage Linux Toolkit (NLT) is not compatible with the HPE CSI Driver for Kubernetes. Do not install NLT on Kubernetes compute nodes. It may be installed on Kubernetes control plane nodes if they use iSCSI or FC storage from the array.
Single Tenant Deployment¶
The CSP requires access to a user with either
poweruser or the
administrator role. It's recommended to use the
poweruser role for least privilege practices.
It's highly recommended to deploy a multitenant setup.
In array OS 6.0.0 and newer it's possible to create separate tenants using the
tenantadmin CLI to assign folders to a tenant. This creates a secure and logical separation of storage resources between Kubernetes clusters.
No special configuration is needed on the Kubernetes cluster when using a tenant account or a regular user account. It's important to understand from a provisioning perspective that if the tenant account being used has been assigned multiple folders, the CSP will pick the folder with the most space available. If this is not desirable and a 1:1
StorageClass to Folder mapping is needed, the "folder" parameter needs to be called out in the
Some features may be limited and restricted in a multitenant deployment, such as arbitrarily import volumes in folders from the array the tenant isn't a user of.
- Visit the array admin guide on HPE InfoSight to learn more about how to use the
An in-depth tutorial on how to use multitenancy and the
tenantadmin CLI is available on HPE DEV: Multitenancy for Kubernetes clusters using HPE Alletra 6000 and Nimble Storage.
Consult the compatibility and support table for supported array OS versions. CSI and CSP specific limitations are listed below.
- Striped volumes on grouped arrays are not supported by the CSI driver.
- The CSP is not capable of provisioning or importing volumes protected by Peer Persistence.
StorageClass is used to provision or clone a persistent volume. It can also be used to import an existing volume or clone a snapshot into the Kubernetes cluster. The parameters are grouped below by those same workflows.
- Common parameters for provisioning and cloning
- Provisioning Parameters
- Cloning Parameters
- Import Parameters
- Pod Inline Volume Parameters (Local Ephemeral Volumes)
- VolumeGroupClass Parameters
- VolumeSnapshotClass Parameters
Backward compatibility with the HPE Nimble Storage FlexVolume driver is being honored to a certain degree.
StorageClass API objects needs be rewritten and parameters need to be updated regardless.
Please see using the HPE CSI Driver for base
StorageClass examples. All parameters enumerated reflects the current version and may contain unannounced features and capabilities.
These are optional parameters unless specified.
Common Parameters for Provisioning and Cloning¶
These parameters are mutable between a parent volume and creating a clone from a snapshot.
|accessProtocol1||Text||The access protocol to use when accessing the persistent volume ("fc" or "iscsi"). Defaults to "iscsi" when unspecified.|
|destroyOnDelete||Boolean||Indicates the backing Nimble volume (including snapshots) should be destroyed when the PVC is deleted. Defaults to "false" which means volumes needs to be pruned manually.|
|limitIops||Integer||The IOPS limit of the volume. The IOPS limit should be in the range 256 to 4294967294, or -1 for unlimited (default).|
|limitMbps||Integer||The MB/s throughput limit for the volume between 1 and 4294967294, or -1 for unlimited (default).|
|description||Text||Text to be added to the volume's description on the array. Empty string by default.|
|performancePolicy2||Text||The name of the performance policy to assign to the volume. Default example performance policies include "Backup Repository", "Exchange 2003 data store", "Exchange 2007 data store", "Exchange 2010 data store", "Exchange log", "Oracle OLTP", "Other Workloads", "SharePoint", "SQL Server", "SQL Server 2012", "SQL Server Logs". Defaults to the "default" performance policy.|
|protectionTemplate1||Text||The name of the protection template to assign to the volume. Default examples of protection templates include "Retain-30Daily", "Retain-48Hourly-30Daily-52Weekly", and "Retain-90Daily".|
|folder||Text||The name of the folder in which to place the volume. Defaults to the root of the "default" pool.|
|thick||Boolean||Indicates that the volume should be thick provisioned. Defaults to "false"|
|dedupeEnabled3||Boolean||Indicates that the volume should enable deduplication. Defaults to "true" when available.|
|syncOnDetach||Boolean||Indicates that a snapshot of the volume should be synced to the replication partner each time it is detached from a node. Defaults to "false".|
Restrictions applicable when using the CSI volume mutator:
1 = Parameter is immutable and can't be altered after provisioning/cloning. This parameter is removed in HPE CSI Driver 1.4.0 and replaced with
2 = Performance policies may only be mutated between performance polices with the same block size.
3 = Deduplication may only be mutated within the same performance policy application category and block size.
Performance Policies, Folders and Protection Templates are array OS specific constructs that can be created on the array itself to address particular requirements or workloads. Please consult with the storage admin or read the admin guide found on HPE InfoSight.
These parameters are immutable for both volumes and clones once created, clones will inherit parent attributes.
|encrypted||Boolean||Indicates that the volume should be encrypted. Defaults to "false".|
|pool||Text||The name of the pool in which to place the volume. Defaults to the "default" pool.|
Cloning supports two modes of cloning. Either use
cloneOf and reference a PVC in the current namespace or use
importVolAsClone and reference an array volume name to clone and import to Kubernetes.
|cloneOf||Text||The name of the PV to be cloned.
|importVolAsClone||Text||The name of the array volume to clone and import.
|snapshot||Text||The name of the snapshot to base the clone on. This is optional. If not specified, a new snapshot is created.|
|createSnapshot||Boolean||Indicates that a new snapshot of the volume should be taken matching the name provided in the
Importing volumes to Kubernetes requires the source array volume to be offline. In case of reverse replication, the upstream volume should be in offline state. All previous Access Control Records and Initiator Groups will be stripped from the volume when put under control of the HPE CSI Driver.
|importVolumeName||Text||The name of the array volume to import.|
|snapshot||Text||The name of the array snapshot to restore the imported volume to after takeover. If not specified, the volume will not be restored.|
|takeover||Boolean||Indicates the current group will takeover ownership of the array volume and volume collection. This should be performed against a downstream replica.|
|reverseReplication||Boolean||Reverses the replication direction so that writes to the array volume are replicated back to the group where it was replicated from.|
|forceImport||Boolean||Forces the import of a volume that is not owned by the group and is not part of a volume collection. If the volume is part of a volume collection, use takeover instead.|
Pod Inline Volume Parameters (Local Ephemeral Volumes)¶
These parameters are applicable only for Pod inline volumes and to be specified within Pod spec.
|csi.storage.k8s.io/ephemeral||Boolean||Indicates that the request is for ephemeral inline volume. This is a mandatory parameter and must be set to "true".|
|inline-volume-secret-name||Text||A reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume call.|
|inline-volume-secret-namespace||Text||The namespace of
|size||Text||The size of ephemeral volume specified in MiB or GiB. If unspecified, a default value will be used.|
|accessProtocol||Text||Storage access protocol to use, "iscsi" or "fc".|
All parameters are required for inline ephemeral volumes.
If basic data protection is required and performed on the array,
VolumeGroups needs to be created, even it's just a single volume that needs data protection using snapshots and replication. Learn more about
VolumeGroups in the provisioning concepts documentation.
|description||Text||Text to be added to the volume collection description on the array. Empty by default.|
|protectionTemplate||Text||The name of the protection template to assign to the volume collection. Default examples of protection templates include "Retain-30Daily", "Retain-48Hourly-30Daily-52Weekly", and "Retain-90Daily". Empty by default, meaning no array snapshots are performed on the
VolumeGroupClasses were introduced with version 1.4.0 of the CSI driver. Learn more in the Using section.
These parametes are for
VolumeSnapshotClass objects when using CSI snapshots. The external snapshotter needs to be deployed on the Kubernetes cluster and is usually performed by the Kubernetes vendor. Check enabling CSI snapshots for more information.
How to use
VolumeSnapshot objects is elaborated on in using CSI snapshots.
|description||Text||Text to be added to the snapshot's description on the array.|
|writable||Boolean||Indicates if the snapshot is writable on the array. Defaults to "false".|
|online||Boolean||Indicates if the snapshot is set to online on the array. Defaults to "false".|