Introduction¶
The HPE Alletra Storage MP B10000, Alletra 9000 and Primera and 3PAR Storage Container Storage Provider (CSP) for Kubernetes is part of the HPE CSI Driver for Kubernetes. The CSP abstract the data management capabilities of the array for use by Kubernetes.
Note
For help getting started with deploying the HPE CSI Driver using HPE Alletra Storage MP B10000, Alletra 9000, Primera or 3PAR storage, check out the tutorial over at HPE Developer.
Platform Requirements¶
Check the corresponding CSI driver version in the compatibility and support table for the latest updates on supported Kubernetes version, orchestrators and host OS.
Network Port Requirements¶
The HPE Alletra Storage MP B10000, Alletra 9000, Primera and 3PAR Container Storage Provider requires the following TCP ports to be open inbound to the array from the Kubernetes cluster worker nodes running the HPE CSI Driver for Kubernetes.
Port | Protocol | Description |
---|---|---|
443 | HTTPS | WSAPI (HPE Alletra Storage MP B10000, Alletra 9000/Primera) |
8080 | HTTPS | WSAPI (HPE 3PAR) |
22 | SSH | Array communication |
User Role Requirements¶
The CSP requires access to a local user with either edit
or the super
role. It's recommended to use the edit
role for security best practices.
Note
LDAP users are not supported by the CSP.
Virtual Domains¶
Virtual Domains are not yet fully supported by the CSP. From HPE CSI Driver v2.5.0, it's possible to manually create the Kubernetes hosts connecting to storage within the Virtual Domain. Once the hosts have been created, deploy the CSI driver with the Helm chart using the "disableHostDeletion" parameter set to "true". The Virtual Domain user may create the hosts through the Virtual Domain if the "AllowDomainUsersAffectNoDomain" parameter is set to either "hostonly" or "yes" on the array.
Detailed steps to use Virtual Domains¶
These steps assumes access to the storage platform with privileges to create domains and change settings.
Login to the storage platform with SSH. Create an new domain:
cli% createdomain -comment "This is a test domain." my-kubernetes-domain-0
Then, create a new user and assign to the domain. These credentials will be used by the CSI driver.
cli% createuser -c my-password-0 domain-user-0 my-kubernetes-domain-0 edit
Next, make sure domain users are allowed to create hosts outside the domain.
cli% setsys AllowDomainUsersAffectNoDomain hostonly
The next steps involve installing the HPE CSI Driver for Kubernetes with disableHostDeletion
set to true
. The steps to supply the parameter depends on if the Helm chart or Operator is being used.
- Helm chart install from ArtifactHub.io.
- Operator install for OpenShift.
Once the CSI driver is installed and running, add an HPE storage backend with the credentials provided in the steps above.
Note
Remote Copy Groups managed by the CSP have not been tested with Virtual Domains at this time.
VLUN Templates¶
A VLUN template enables the export of a virtual volume as a VLUN to hosts. For more information, see the HPE Primera OS Commmand Line Interface - Installation and Reference Guide.
The CSP supports the following types of VLUN templates:
Template | Description |
---|---|
Matched set | The default VLUN template. The VLUN is visible to initiators with the host's WWNs only on the specified port(s). |
Host sees | The VLUN is visible to the initiators with any of the host's WWNs. |
The boolean string "hostSeesVLUN" StorageClass
parameter controls which VLUN template to use.
Recommendation
In most scenarios, "hostSeesVLUN" should be set to "true".
Change VLUN Template for existing PVCs¶
To modify an existing PVC
, "hostSeesVLUN" needs to be specified with the "allowMutations" parameter along with adding the PVC
annotation "csi.hpe.com/hostSeesVLUN" with the string values of either "true" or "false". The HPE CSI Driver creates the VLUN template based upon the hostSeesVLUN
parameter during the volume publish operation. For the change to take effect, the Pod
will need to be scheduled on another node by either deleting the Pod
or draining the node.
StorageClass Parameters¶
All parameters enumerated reflects the current version and may contain unannounced features and capabilities.
Common Provisioning Parameters¶
Parameter | Option | Description |
---|---|---|
accessProtocol (Required) | fc or iscsi | The access protocol to use when attaching the persistent volume. |
cpg 1 | Text | The name of existing CPG to be used for volume provisioning. If the cpg parameter is not specified, the CSP will select a CPG available to the array. |
snapCpg 1 | Text | The name of the snapshot CPG to be used for volume provisioning. Needs to be set if any kind of VolumeSnapshots or PVC cloning parameters are used. |
compression 1 | Boolean | Indicates that the volume should be compressed. (3PAR only) |
provisioningType 1 | tpvv | Default. Indicates Thin provisioned volume type. |
full 3 | Indicates Full provisioned volume type. | |
dedup 3 | Indicates Thin Deduplication volume type. | |
reduce 4 | Indicates Data Reduction volume type. | |
hostSeesVLUN | Boolean | Enable "host sees" VLUN template. |
importVolumeName | Text | Name of the volume to import. |
importVolAsClone | Text | Name of the volume to clone and import. |
cloneOf 2 | Text | Name of the PersistentVolumeClaim to clone. |
virtualCopyOf 2 | Text | Name of the PersistentVolumeClaim to snapshot. |
qosName | Text | Name of the volume set which has QoS rules applied. |
remoteCopyGroup 1 | Text | Name of a new or existing Remote Copy group on the array. |
replicationDevices | Text | Indicates name of custom resource of type hpereplicationdeviceinfos . |
allowBatchReplicatedVolumeCreation | Boolean | Enable the batch processing of persistent volumes in 10 second intervals and add them to a single Remote Copy group. During this process, the Remote Copy group is stopped and started once. |
oneRcgPerPvc | Boolean | Creates a dedicated Remote Copy group per persistent volume. |
iscsiPortalIps | Text | Comma separated list of the array iSCSI port IPs. |
fcPortsList | Text | Comma separated list of available FC ports. Example: "0:5:1,1:4:2,2:4:1,3:4:2" Default: Use all available ports. |
Restrictions applicable when using the CSI volume mutator:
1 = Parameters that are editable after provisioning.
2 = Volumes with snapshots/clones can't be modified.
3 = HPE 3PAR only parameter
4 = HPE Primera/Alletra 9000 only parameter
Please see using the HPE CSI Driver for additional StorageClass
examples like CSI snapshots and clones.
Important
The HPE CSI Driver allows the PersistentVolumeClaim
to override the StorageClass
parameters by annotating the PersistentVolumeClaim
. Please see Using PVC Overrides for more details.
Cloning Parameters¶
Cloning supports two modes of cloning. Either use cloneOf
and reference a PersistentVolumeClaim
in the current namespace to clone or use importVolAsClone
and reference an array volume name to clone and import into the Kubernetes cluster. Volumes with clones are immutable once created.
Parameter | Option | Description |
---|---|---|
cloneOf | Text | The name of the PersistentVolumeClaim to be cloned. cloneOf and importVolAsClone are mutually exclusive. |
importVolAsClone | Text | The name of the array volume to clone and import. importVolAsClone and cloneOf are mutually exclusive. |
accessProtocol | fc or iscsi | The access protocol to use when attaching the cloned volume. |
Important
• No other parameters are required in the StorageClass
while cloning outside of those parameters listed in the table above.
• Cloning using above parameters is independent of snapshot CRD
availability on Kubernetes and it can be performed on any supported Kubernetes version.
• Support for importVolAsClone
and cloneOf
is available from HPE CSI Driver 1.3.0+.
Array Snapshot Parameters¶
During the snapshotting process, any existing PersistentVolumeClaim
defined in the virtualCopyOf
parameter within a StorageClass
, will be snapped as PersistentVolumeClaim
and exposed through the HPE CSI Driver and made available to the Kubernetes cluster. Volumes with snapshots are immutable once created.
Parameter | Option | Description |
---|---|---|
accessProtocol | fc or iscsi | The access protocol to use when attaching the snapshot volume. |
virtualCopyOf | Text | The name of existing PersistentVolumeClaim to be snapped |
Important
• No other parameters are required in the StorageClass
when snapshotting a volume outside of those parameters listed in the table above.
• Snapshotting using virtualCopyOf
is independent of snapshot CRD
availability on Kubernetes and it can be performed on any supported Kubernetes version.
• Support for virtualCopyOf
is available from HPE CSI Driver 1.3.0+.
Import Parameters¶
During the import volume process, any legacy (non-container volumes) defined in the ImportVol parameter, within a StorageClass
, will be renamed to match the PersistentVolumeClaim
that leverages the StorageClass
. The new volumes will be exposed through the HPE CSI Driver and made available to the Kubernetes cluster. Note: All previous Access Control Records and Initiator Groups will be removed from the volume when it is imported.
Parameter | Option | Description |
---|---|---|
accessProtocol | fc or iscsi | The access protocol to use when importing the volume. |
importVolumeName | Text | The name of the array volume to import. |
Important
• No other parameters are required in the StorageClass
when importing a volume outside of those parameters listed in the table above.
• Support for importVolumeName
is available from HPE CSI Driver 1.2.0+.
Remote Copy with Peer Persistence Synchronous Replication Parameters¶
To enable replication within the HPE CSI Driver, the following steps must be completed:
- Create
Secrets
for both primary and target arrays. Refer to Configuring Additional Storage Backends. - Create replication custom resource.
- Create replication enabled
StorageClass
.
For a tutorial on how to enable replication, check out the blog Enabling Remote Copy using the HPE CSI Driver for Kubernetes on HPE Primera
Warning
Be understood with the limitations of the Remote Copy Peer Persistence integration with the HPE CSI Driver before proceeding.
A Custom Resource Definition (CRD) of type hpereplicationdeviceinfos.storage.hpe.com
must be created to define the target array information. The CRD object name will be used to define the StorageClass
parameter replicationDevices. CRD mandatory parameters: targetCpg
, targetName
, targetSecret
and targetSecretNamespace
.
apiVersion: storage.hpe.com/v2
kind: HPEReplicationDeviceInfo
metadata:
name: r1
spec:
target_array_details:
- targetCpg: <cpg_name>
targetSnapCpg: <snapcpg_name> #optional.
targetName: <target_array_name>
targetSecret: <target_secret_name>
targetSecretNamespace: hpe-storage
apiVersion: storage.hpe.com/v1
kind: HPEReplicationDeviceInfo
metadata:
name: r1
spec:
target_array_details:
- targetCpg: <cpg_name>
targetSnapCpg: <snapcpg_name> #optional.
targetName: <target_array_name>
targetSecret: <target_secret_name>
targetSecretNamespace: hpe-storage
Important
The HPE CSI Driver only supports Remote Copy Peer Persistence mode.
These parameters are applicable only for replication. Both parameters are mandatory. If the Remote Copy volume group (RCG) name, as defined within the StorageClass
, does not exist on the array, then a new RCG will be created.
Parameter | Option | Description |
---|---|---|
remoteCopyGroup | Text | Name of new or existing Remote Copy group 1 on the array. |
replicationDevices | Text | Indicates name of hpereplicationdeviceinfos Custom Resource Definition (CRD). |
allowBatchReplicatedVolumeCreation | Boolean | Enable the batch processing of persistent volumes in 10 second intervals and add them to a single Remote Copy group. (Optional) During this process, the Remote Copy group is stopped and started once. |
oneRcgPerPvc | Boolean | Creates a dedicated Remote Copy group per persistent volume. (Optional) |
Remote Copy additional details:
1 = Existing RCG must have CPG and Copy CPG configured.
Link to HPE Primera OS: Configuring data replication using Remote Copy
Important
Remote Copy groups (RCG) created by the HPE CSI driver 2.1 and later have the Auto synchronize and Auto recover policies applied.
To add or remove these policies from RCGs, modify the existing RCG using the SSMC or CLI with the following command:
Add
setrcopygroup pol auto_recover,auto_synchronize <group_name>
Remove
setrcopygroup pol no_auto_recover,no_auto_synchronize <group_name>
Add Non-Replicated Volume to Remote Copy group¶
To add a non-replicated volume to an existing Remote Copy group, allowMutations: description
at minimum must be defined within the StorageClass
. Refer to Remote Copy with Peer Persistence Replication for more details.
Edit the non-replicated PVC and annotate the following parameters:
Parameter | Option | Description |
---|---|---|
remoteCopyGroup | Text | Name of existing Remote Copy group. |
oneRcgPerPvc | Boolean | Creates a dedicated Remote Copy group per persistent volume. (Optional) |
replicationDevices | Text | Indicates name of hpereplicationdeviceinfos Custom Resource Definition (CRD). |
Note
remoteCopyGroup
and oneRcgPerPvc
parameters are mutually exclusive and cannot be added together when editing a PVC
.
VolumeSnapshotClass Parameters¶
These parameters are for VolumeSnapshotClass
objects when using CSI snapshots. The external snapshotter needs to be deployed on the Kubernetes cluster and is usually performed by the Kubernetes vendor. Check enabling CSI snapshots for more information. Volumes with snapshots are immutable.
How to use VolumeSnapshotClass
and VolumeSnapshot
objects is elaborated on in using CSI snapshots.
Parameter | String | Description |
---|---|---|
read_only | Boolean | Indicates if the snapshot is writable on the array. |
VolumeGroupClass Parameters¶
In the HPE CSI Driver version 1.4.0+, a volume set with QoS settings can be created dynamically using the QoS parameters for the VolumeGroupClass
. The following parameters are available for a VolumeGroup
on the array. Learn more about VolumeGroups
in the provisioning concepts documentation.
Parameter | String | Description |
---|---|---|
description | Text | An identifier to describe the VolumeGroupClass . Example: "My VolumeGroupClass" |
priority | Text | The priority level for the target volume set. Example: "low", "normal", "high" |
ioMinGoal | Text | IOPS minimum goal for the target volume set. Example: "300" |
ioMaxLimit | Text | IOPS maximum limit for the target volume set. Example: "10000" |
bwMinGoalKb | Text | Bandwidth minimum goal in kilobytes per second for the target volume set. Example: "300" |
bwMaxLimitKb | Text | Bandwidth maximum limit in kilobytes per second for the target volume set. Example: "30000" |
latencyGoal | Text | Latency goal in milliseconds (ms) or microseconds(us) for the target volume set. Example: "300ms" or "500us" |
domain | Text | The array Virtual Domain, with which the volume group and related objects are associated with. Example: "sample_domain" |
Important
All QoS parameters are mandatory when creating a VolumeGroupClass
on the array.
Example:
apiVersion: storage.hpe.com/v1
kind: VolumeGroupClass
metadata:
name: my-volume-group-class
provisioner: csi.hpe.com
deletionPolicy: Delete
parameters:
description: "HPE CSI Driver for Kubernetes Volume Group"
csi.hpe.com/volume-group-provisioner-secret-name: hpe-backend
csi.hpe.com/volume-group-provisioner-secret-namespace: hpe-storage
priority: normal
ioMinGoal: "300"
ioMaxLimit: "10000"
bwMinGoalKb: "3000"
bwMaxLimitKb: "30000"
latencyGoal: "300ms"
SnapshotGroupClass Parameters¶
These parameters are for SnapshotGroupClass
objects when using CSI snapshots. The external snapshotter needs to be deployed on the Kubernetes cluster and is usually performed by the Kubernetes vendor. Check enabling CSI snapshots for more information. Volumes with snapshots are immutable.
How to use VolumeSnapshotClass
and VolumeSnapshot
objects is elaborated on in using CSI snapshots.
Parameter | String | Description |
---|---|---|
read_only | Boolean | Indicates if the snapshot is writable on the array. |
Static Provisioning¶
Static provisioning of PVs
and PVCs
may be used when absolute control over physical volumes are required by the storage administrator. This CSP also supports importing volumes and clones of volumes using the import parameters in a StorageClass
.
Prerequisites¶
The CSP expects a certain naming convention for PersistentVolumes
and Virtual Volumes on the array.
- Persistent Volume:
pvc-00000000-0000-0000-0000-000000000000
- Virtual Volume:
pvc-00000000-0000-0000-0000-000
Note
The zeroes are used as examples. They can be replaced with any hexadecimal from 0
to f
. Establishing a scheme may be important if static provisioning is going to be the main method of providing persistent storage to workloads.
The following example uses the above scheme as a naming convention. Have a storage administrator rename the existing Virtual Volume on the array:
setvv -name pvc-00000000-0000-0000-0000-000 my-existing-virtual-volume
HPEVolumeInfo¶
Create a new HPEVolumeInfo
resource.
apiVersion: storage.hpe.com/v2
kind: HPEVolumeInfo
metadata:
name: pvc-00000000-0000-0000-0000-000000000000
spec:
record:
Id: pvc-00000000-0000-0000-0000-000000000000
Name: pvc-00000000-0000-0000-0000-000
uuid: pvc-00000000-0000-0000-0000-000000000000
Persistent Volume¶
Create a PV
referencing the HPEVolumeInfo
resource.
Warning
If a filesystem can't be detected on the device a new filesystem will be created. If the volume contains data, make sure the data reside in a whole device filesystem.
apiVersion: v1
kind: PersistentVolume
metadata:
name: pvc-00000000-0000-0000-0000-000000000000
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 16Gi
csi:
volumeHandle: pvc-00000000-0000-0000-0000-000000000000
driver: csi.hpe.com
fsType: xfs
volumeAttributes:
volumeAccessMode: mount
fsType: xfs
controllerPublishSecretRef:
name: hpe-backend
namespace: hpe-storage
nodePublishSecretRef:
name: hpe-backend
namespace: hpe-storage
controllerExpandSecretRef:
name: hpe-backend
namespace: hpe-storage
persistentVolumeReclaimPolicy: Retain
volumeMode: Filesystem
Tip
Remove .spec.csi.controllerExpandSecretRef
to disallow volume expansion.
Persistent Volume Claim¶
Now, a user may claim the static PV
by creating a PVC
referencing the PV
name in .spec.volumeName
.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 16Gi
volumeName: my-static-pv-1
storageClassName: ""
Remote Copy Limitations¶
These are the current limitations of the Remote Copy Peer Persistence integration with the HPE CSI Driver.
- Only what is considered Classic Peer Persistence is supported. Active/Active hostset proximity is not supported.
- Peer Persistence does not provide disaster recovery for workloads running on Kubernetes. Peer Persistence provide disaster recovery for the storage system.
- Peer Persistence only provide data path resilience. If the primary array is unreachable for the CSP or the role of the remote copy group has changed due to disaster recovery operations (manual or automatic switchover/failover), all CSI operations will cease to function until the primary array comes back up and the role of the remote copy groups returned to original state.
- When the primary array is unavailable for the Kubernetes cluster and remote copy group has failed over to the secondary array successfully, running workloads will continue to run if the host the workload was running on has redundant data paths to the secondary array (current primary array).
- It's possible to access volumes from the secondary array by statically provisioning
PersistentVolumes
without renaming the volume on the array. This is only safe if it has been determined that the primary array does not have active hosts accessing the volume against the primary array.
Support¶
Please refer to the HPE Alletra Storage MP B10000, Alletra 9000 and Primera and 3PAR Storage CSP support statement.