Enabling ReadWriteMany Support

You can enable the ReadWriteMany support in
vSphere Supervisor
and allow multiple pods and applications to mount simultaneously a single persistent volume.
In vSphere 7.0 Update 3, only
TKG
clusters support persistent volumes in ReadWriteMany mode. When you enable file volume support for
vSphere Supervisor
, be aware of the potential security weaknesses:
  • The volumes are mounted without encryption. The unencrypted data might be accessed while the data transits the network.
  • Access Control List (ACL) is used for the file shares to isolate file share access within a supervisor namespace. It might have risk of IP spoofing.
Follow these guidelines for networking:
  • Make sure the
    vSAN
    File Services is routable from the Workload network and there is no NAT between the Workload network and
    vSAN
    File Services IP addresses.
  • Use common DNS server for
    vSAN
    File Services and the vSphere cluster.
  • If your
    vSphere Supervisor
    has
    NSX
    networking, use the SNAT IP of the Supervisor namespace and the SNAT IP of the
    TKG
    cluster for ACL configuration.
  • If you have
    vSphere Supervisor
    with vSphere Distributed Switch (VDS) networking, use the
    TKG
    cluster VM IP or the IP of the Supervisor namespace for ACL configuration.
Before you activate the file volume support on a
Supervisor
, you must set up a
vSAN
cluster with enabled
vSAN
File Service. To configure a
vSAN
cluster with enabled
vSAN
File Service in the
vSphere Client
, see the
Configure File Services
topic in the
Administering VMware vSAN
documentation. For more information about how to programmatically achieve this task, see the
vSAN SDKs Programming Guide
documentation.
You activate the ReadWriteMany support on a cluster when you enable
vSphere Supervisor
on it, or reconfigure an existing
Supervisor
. See EnablevSphere Supervisor on a Cluster withNSX as the Networking Stack, EnablevSphere Supervisor on a Cluster with the vSphere Networking Stack, and Reconfiguring a Supervisor. Pass the list of
vSAN
clusters to be used for provisioning file volumes by using
the
cns_file_config
property of respective data structure
. Currently, you can use only the current vSphere cluster for provisioning file volumes if it is a
vSAN
cluster with enabled
vSAN
File Service.
To deactivate the persistent volumes support on a
Supervisor
, pass an empty list when you set the Cloud Native Storage persistent storage support for the cluster. After that existing ReadWriteMany persistent volumes provisioned in the cluster remain unaffected and usable.