VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Persistent Storage in
vSphere Supervisor

Some Kubernetes workloads use persistent storage to store data permanently.
vSphere Supervisor
 integrates with Cloud Native Storage (CNS) to provision persistent storage.
To understand how
vSphere Supervisor
 uses persistent storage, refer to the
vSphere IaaS Control Plane Concepts and Planning
 and
vSphere Storage
 documentations.

Creating Storage Policies for
vSphere Supervisor

Before you enable
vSphere Supervisor
, you must set up the storage to provision the Kubernetes infrastructure. You achieve this task by creating storage policies to be used in the
Supervisor
 and namespaces.
To automate the creation of a tag-based storage policy, use the VMware® vSphere Management SDK. For more information about how to create a tag-based storage policy through the Web Services API, see the
VMware Storage Policy SDK Programming Guide
 and
vSphere Web Services SDK Programming Guide
 documentations.
Optionally, you can use the
vSphere Automation
APIs to create and add a tag to the datastore. See the vSphere Tag Service chapter. Currently, you can create a tag-based storage policy only through the Web Services APIs.
Use the
vSphere Automation
APIs to retrieve the default storage policy of a specific datastore by
calling the
get(datastore_ID)
 function of the
com.vmware.vcenter.datastore.DefaultPolicy
 service
. You can also retrieve commonly used information about the storage policies available in the
vCenter Server
 instance
by calling the
list()
 function of the
Policies
 service.
You can use the storage policies retrieved through the
vSphere Automation
 APIs to perform the following tasks:
  • Assign the storage policies to the
    Supervisor
    . The storage policies set within the
    Supervisor
     enable specification ensure that the
    Supervisor
     control plane, the ephemeral disks of all
    vSphere Pod
    s, and the container images are placed on the datastores that the policies represent. See Configuring NSX for vSphere Supervisor.
  • Assign the storage policies to the
    vSphere Namespace
    . The storage policies associated with a namespace determine which datastores the namespace can access and use for persistent volumes for the
    vSphere Pod
     and the pods inside a
    TKG
     cluster. See Create a vSphere Namespace.

Enabling ReadWriteMany Support

You can enable the ReadWriteMany support in
vSphere Supervisor
 and allow multiple pods and applications to mount simultaneously a single persistent volume.
In vSphere 7.0 Update 3, only
TKG
 clusters support persistent volumes in ReadWriteMany mode. When you enable file volume support for
vSphere Supervisor
, be aware of the potential security weaknesses:
  • The volumes are mounted without encryption. The unencrypted data might be accessed while the data transits the network.
  • Access Control List (ACL) is used for the file shares to isolate file share access within a supervisor namespace. It might have risk of IP spoofing.
Follow these guidelines for networking:
  • Make sure the
    vSAN
     File Services is routable from the Workload network and there is no NAT between the Workload network and
    vSAN
     File Services IP addresses.
  • Use common DNS server for
    vSAN
     File Services and the vSphere cluster.
  • If your
    vSphere Supervisor
     has
    NSX
     networking, use the SNAT IP of the Supervisor namespace and the SNAT IP of the
    TKG
     cluster for ACL configuration.
  • If you have
    vSphere Supervisor
     with vSphere Distributed Switch (VDS) networking, use the
    TKG
     cluster VM IP or the IP of the Supervisor namespace for ACL configuration.
Before you activate the file volume support on a
Supervisor
, you must set up a
vSAN
 cluster with enabled
vSAN
 File Service. To configure a
vSAN
 cluster with enabled
vSAN
 File Service in the
vSphere Client
, see the
Configure File Services
 topic in the
Administering VMware vSAN
 documentation. For more information about how to programmatically achieve this task, see the
vSAN SDKs Programming Guide
 documentation.
You activate the ReadWriteMany support on a cluster when you enable
vSphere Supervisor
 on it, or reconfigure an existing
Supervisor
. See EnablevSphere Supervisor on a Cluster withNSX as the Networking Stack, EnablevSphere Supervisor on a Cluster with the vSphere Networking Stack, and Reconfiguring a Supervisor. Pass the list of
vSAN
 clusters to be used for provisioning file volumes by using
the
setCnsFileConfig(CNSFileConfig cnsFileConfig)
Java method
. Currently, you can use only the current vSphere cluster for provisioning file volumes if it is a
vSAN
 cluster with enabled
vSAN
 File Service.
To deactivate the persistent volumes support on a
Supervisor
, pass an empty list when you set the Cloud Native Storage persistent storage support for the cluster. After that existing ReadWriteMany persistent volumes provisioned in the cluster remain unaffected and usable.

Content feedback and comments