Overview¶
The HPE CSI Driver is deployed by using industry standard means, either a Helm chart or an Operator. An "advanced install" from object configuration files is provided as reference for partners, OEMs and users wanting to perform customizations and their own packaging or deployment methodologies.
Delivery vehicles¶
As different methods of installation are provided, it might not be too obvious which delivery vehicle is the right one.
Need help deciding?¶
| I have a... | Then you need... |
|---|---|
| Vanilla upstream Kubernetes cluster on a supported host OS. | The Helm chart |
| Red Hat OpenShift 4.x cluster. | The certified CSI operator for OpenShift |
| Supported environment with multiple backends. | Helm chart with additional Secrets and StorageClasses |
| HPE Container Platform environment. | If using Nimble, use the supplied CSI driver, for 3PAR/Primera, use the Helm chart |
| Operator Life-cycle Manager (OLM) environment. | The CSI operator |
| Unsupported host OS/Kubernetes cluster and like to tinker. | The advanced install |
Undecided?
If it's not clear what you should use for your environment, the Helm chart is most likely the correct answer.
Helm¶
Helm is the package manager for Kubernetes. Software is being delivered in a format designated as a "chart". Helm is a standalone CLI that interacts with the Kubernetes API server using your KUBECONFIG file.
The official Helm chart for the HPE CSI Driver for Kubernetes is hosted on hub.helm.sh. The chart only supports Helm 3 from version 1.3.0 of the HPE CSI Driver. In an effort to avoid duplicate documentation, please see the chart for instructions on how to deploy the CSI driver using Helm.
- Go to the chart on hub.helm.sh.
Operator¶
The Operator pattern is based on the idea that software should be instantiated and run with a set of custom controllers in Kubernetes. It creates a native experience for any software running in Kubernetes.
The official HPE CSI Operator for Kubernetes is hosted on OperatorHub.io. The CSI Operator images are hosted both on docker.io and officially certified containers on Red Hat Ecosystem Catalog.
Red Hat OpenShift Container Platform¶
The HPE CSI Operator for Kubernetes is a fully certified Operator for OpenShift. There are a few tweaks needed and there's a separate section for OpenShift.
- See Red Hat OpenShift in the partner ecosystem section
Upstream Kubernetes and others¶
Follow the documentation from the respective upstream distributions on how to deploy an Operator. In most cases, the Operator Lifecyle Manager (OLM) needs to be installed separately.
As an example, we'll deploy version 0.14.1 of the OLM to be able to manage the HPE CSI Operator. Familiarize yourself while is the latest stable release on the OLM GitHub project's release page.
curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/0.14.1/install.sh | bash -s 0.14.1
Install the HPE CSI Operator.
kubectl create -f https://operatorhub.io/install/hpe-csi-operator.yaml
The Operator will be installed in my-hpe-csi-operator namespace. Watch it come up by inspecting the ClusterServiceVersion (CSV).
kubectl get csv -n my-hpe-csi-operator
Next, a HPECSIDriver object needs to be instantiated. Create a file named hpe-csi-operator.yaml and populate it according to which CSP is being deployed.
apiVersion: storage.hpe.com/v1
kind: HPECSIDriver
metadata:
name: csi-driver
spec:
backendType: nimble
imagePullPolicy: IfNotPresent
logLevel: info
disableNodeConformance: false
secret:
backend: 192.168.1.1
create: true
password: admin
servicePort: '8080'
username: admin
storageClass:
allowVolumeExpansion: true
create: true
defaultClass: false
name: hpe-standard
parameters:
accessProtocol: iscsi
fsType: xfs
volumeDescription: Volume created by the HPE CSI Driver for Kubernetes
apiVersion: storage.hpe.com/v1
kind: HPECSIDriver
metadata:
name: csi-driver
spec:
backendType: primera3par
imagePullPolicy: IfNotPresent
logLevel: info
disableNodeConformance: false
secret:
backend: 10.10.0.1
create: true
password: 3pardata
servicePort: '8080'
username: 3paradm
storageClass:
allowVolumeExpansion: true
create: true
defaultClass: false
name: hpe-standard
parameters:
accessProtocol: iscsi
fsType: xfs
volumeDescription: Volume created by the HPE CSI Driver for Kubernetes
Create a HPECSIDriver with the manifest.
kubectl create -f hpe-csi-operator.yaml
The CSI driver is now ready for use. Proceed to the next section to learn about using the driver.
Add a HPE storage backend¶
Once the CSI driver is deployed, two additional objects needs to be created to get started with dynamic provisioning of persistent storage, a Secret and a StorageClass.
Tip
Naming the Secret and StorageClass is entirely up to the user, however, to keep up with the examples on SCOD, it's highly recommended to use the names illustrated here.
Secret parameters¶
All parameters are mandatory and described below.
| Parameter | Description |
|---|---|
| serviceName | This hostname or IP address where the Container Storage Provider (CSP) is running, usually a Kubernetes Service, such as "nimble-csp-svc" or "primera3par-csp-svc" |
| servicePort | This is port the serviceName is listening to. |
| backend | This is the management hostname or IP address of the actual backend storage system, such as a Nimble or 3PAR array. |
| username | Backend storage system username with the correct privileges to perform storage management. |
| password | Backend storage system password. |
Example:
apiVersion: v1
kind: Secret
metadata:
name: hpe-backend
namespace: kube-system
stringData:
serviceName: nimble-csp-svc
servicePort: "8080"
backend: 192.168.1.2
username: admin
password: admin
apiVersion: v1
kind: Secret
metadata:
name: hpe-backend
namespace: kube-system
stringData:
serviceName: primera3par-csp-svc
servicePort: "8080"
backend: 10.10.0.2
username: 3paradm
password: 3pardata
Create the Secret using kubectl:
kubectl create -f secret.yaml
Tip
In a real world scenario it's more practical to name the Secret something that makes sense for the organization. It could be the hostname of the backend or the role it carries, i.e "hpe-nimble-sanjose-prod".
Next step involves creating a default StorageClass.
Adding additional backends¶
It's not uncommon to have multiple HPE primary storage systems within the same environment, either the same family or different ones. This section walks through the scenario of managing multiple StorageClass and Secret API objects to represent an environment with multiple systems.
There's a brief tutorial available in the Video Gallery that walks through these steps.
Note
Make note of the Kubernetes Namespace or OpenShift project name used during the deployment. In the following examples, we will be using the "kube-system" Namespace.
To view the current Secrets in the "kube-system" Namespace (assuming default names):
kubectl -n kube-system get secret/hpe-backend
NAME TYPE DATA AGE
hpe-backend Opaque 5 2m
This Secret is used by the CSI sidecars in the StorageClass to authenticate to a specific backend for CSI operations. In order to add a new Secret or manage access to multiple backends, additional Secrets will need to be created per backend.
Secret Requirements
- Each
Secretname must be unique. - servicePort should be set to 8080.
To create a new Secret, specify the name, Namespace, backend username, backend password and the backend IP address to be used by the CSP and save it as custom-secret.yaml (a detailed description of the parameters are available above).
apiVersion: v1
kind: Secret
metadata:
name: custom-secret
namespace: kube-system
stringData:
serviceName: nimble-csp-svc
servicePort: "8080"
backend: 192.168.1.2
username: admin
password: admin
apiVersion: v1
kind: Secret
metadata:
name: custom-secret
namespace: kube-system
stringData:
serviceName: primera3par-csp-svc
servicePort: "8080"
backend: 10.10.0.2
username: 3paradm
password: 3pardata
Create the Secret using kubectl:
kubectl create -f custom-secret.yaml
You should now see the Secret in the "kube-system" Namespace:
kubectl -n kube-system get secret/custom-secret
NAME TYPE DATA AGE
custom-secret Opaque 5 1m
Create a StorageClass with the custom Secret¶
To use the new Secret "custom-secret", create a new StorageClass using the Secret and the necessary StorageClass parameters. Please see the requirements section of the respective CSP.
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: hpe-custom
provisioner: csi.hpe.com
parameters:
csi.storage.k8s.io/fstype: xfs
csi.storage.k8s.io/controller-expand-secret-name: custom-secret
csi.storage.k8s.io/controller-expand-secret-namespace: kube-system
csi.storage.k8s.io/controller-publish-secret-name: custom-secret
csi.storage.k8s.io/controller-publish-secret-namespace: kube-system
csi.storage.k8s.io/node-publish-secret-name: custom-secret
csi.storage.k8s.io/node-publish-secret-namespace: kube-system
csi.storage.k8s.io/node-stage-secret-name: custom-secret
csi.storage.k8s.io/node-stage-secret-namespace: kube-system
csi.storage.k8s.io/provisioner-secret-name: custom-secret
csi.storage.k8s.io/provisioner-secret-namespace: kube-system
description: "Volume created by using a custom Secret with the HPE CSI Driver for Kubernetes"
reclaimPolicy: Delete
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: hpe-custom
provisioner: csi.hpe.com
parameters:
csi.storage.k8s.io/fstype: xfs
csi.storage.k8s.io/resizer-secret-name: custom-secret
csi.storage.k8s.io/resizer-secret-namespace: kube-system
csi.storage.k8s.io/controller-publish-secret-name: custom-secret
csi.storage.k8s.io/controller-publish-secret-namespace: kube-system
csi.storage.k8s.io/node-publish-secret-name: custom-secret
csi.storage.k8s.io/node-publish-secret-namespace: kube-system
csi.storage.k8s.io/node-stage-secret-name: custom-secret
csi.storage.k8s.io/node-stage-secret-namespace: kube-system
csi.storage.k8s.io/provisioner-secret-name: custom-secret
csi.storage.k8s.io/provisioner-secret-namespace: kube-system
description: "Volume created by using a custom Secret with the HPE CSI Driver for Kubernetes"
reclaimPolicy: Delete
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: hpe-custom
provisioner: csi.hpe.com
parameters:
csi.storage.k8s.io/fstype: xfs
csi.storage.k8s.io/controller-publish-secret-name: custom-secret
csi.storage.k8s.io/controller-publish-secret-namespace: kube-system
csi.storage.k8s.io/node-publish-secret-name: custom-secret
csi.storage.k8s.io/node-publish-secret-namespace: kube-system
csi.storage.k8s.io/node-stage-secret-name: custom-secret
csi.storage.k8s.io/node-stage-secret-namespace: kube-system
csi.storage.k8s.io/provisioner-secret-name: custom-secret
csi.storage.k8s.io/provisioner-secret-namespace: kube-system
description: "Volume created by using a custom Secret with the HPE CSI Driver for Kubernetes"
reclaimPolicy: Delete
Note
Don't forget to call out the StorageClass explictly when creating PVCs from non-default StorageClasses.
Next, Create a PersistentVolumeClaim from a StorageClass.
Advanced install¶
This guide is primarily written to accommodate a highly manual installation on upstream Kubernetes or partner OEMs engaged with HPE to bundle the HPE CSI Driver in a custom distribution. Installation steps may vary for different vendors and flavors of Kubernetes.
The following example walks through deployment of the latest CSI driver.
Critical
It's highly recommended to use either the Helm chart or Operator to install the HPE CSI Driver for Kubernetes and the associated Container Storage Providers. Only venture down manual installation if your requirements can't be met by the Helm chart or Operator.
Manual CSI driver install¶
Deploy the CSI driver and sidecars for the relevant Kubernetes version.
Common¶
These object configuration files are common for all versions of Kubernetes.
Worker node IO settings:
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/hpe-linux-config.yaml
Container Storage Provider:
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/nimble-csp.yaml
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/3par-primera-csp.yaml
Important
The above instructions assumes you have an array with a supported platform OS installed. Please see the requirements section of the respective CSP.
After deploying the CSI driver for the particular version of Kubernetes being used below, add a HPE storage backend.
Kubernetes 1.13¶
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.1.0/hpe-csi-k8s-1.13.yaml
Note
Latest supported CSI driver version is 1.1.0 for Kubernetes 1.13.
Kubernetes 1.14¶
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/hpe-csi-k8s-1.14.yaml
Kubernetes 1.15¶
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/hpe-csi-k8s-1.15.yaml
Kubernetes 1.16¶
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/hpe-csi-k8s-1.16.yaml
Kubernetes 1.17¶
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/hpe-csi-k8s-1.17.yaml
Kubernetes 1.18¶
kubectl create -f https://raw.githubusercontent.com/hpe-storage/co-deployments/master/yaml/csi-driver/v1.2.0/hpe-csi-k8s-1.18.yaml
Depending on which version being deployed, different API objects gets created.