In the first part of the series, we covered that ‘Why’ are we releasing the Container Storage Modules (CSM), you can read all about it here and, in the second part of the series, we covered the ‘What’ are we releasing, you can read all about it here. Now, its time to cover the ‘How’, so, as part of the new CSM modules, we also released a new CSI common installer which install both the CSI & the CSM modules:

What’s new in CSI 2.0?

First of all, we increased our support matrix and worked with third party vendors to validate and certify our drivers against the most common Kubernetes distributions in the field across the portfolio, including the latest Kubernetes and operation systems versions.

PowerMax

PowerFlex

Unity

PowerScale

PowerStore

Kubernetes

1.20, 1.21, 1.22

1.20, 1.21, 1.22

1.20, 1.21, 1.22

1.20, 1.21, 1.22

1.20, 1.21, 1.22

RHEL

7.x,8.x

7.x,8.x

7.x,8.x

7.x,8.x

7.x,8.x

Ubuntu

20.04

20.04

18.04, 20.04

18.04, 20.04

20.04

CentOS

7.8, 7.9

7.8, 7.9

7.8, 7.9

7.8, 7.9

7.8, 7.9

SLES

15SP2

15SP2

15SP2

15SP2

15SP2

Fedora Core OS

no

5.x

no

no

no

Red Hat OpenShift

4.6 EUS, 4.7, 4.8

4.6 EUS, 4.7, 4.8

4.6 EUS, 4.7, 4.8

4.6 EUS, 4.7, 4.8

4.6 EUS, 4.7, 4.8

Mirantis Kubernetes Engine

3.4.x

3.4.x

3.4.x

3.4.x

3.4.x

Google Anthos

1.6

1.8

no

no

1.7

VMware Tanzu

no

no

NFS

NFS

NFS

Rancher Kubernetes Engine

yes

yes

yes

yes

yes

CSM Installer

Dell Container Storage Modules aim at improving the observability, usability, and data mobility for stateful applications with Dell Technologies Storage portfolio and extend Kubernetes storage features beyond what is available in the CSI specification.

All the modules above are available either as an independent helm chart or options within the CSI Drivers.

In order to simplify the deployment of the deployment and management of Dell EMC Container Storage Modules and CSI Drivers we’ve developed the CSM installer – a unified installer for all storage arrays’ CSI and CSM modules across the portfolio

The CSM installer simplifies the deployment and management of Dell EMC Container Storage Modules and CSI Drivers to provide persistent storage for your containerized workloads. It’s built on top of carvel and provides the user with a single command line to create his CSM-CSI applications and manage them outside the Kubernetes cluster.

The CSM Installer must first be deployed in a Kubernetes environment using Helm. After which, the CSM Installer can be used through the following interfaces:

Here you can see a video showing how to deploy and CSM Installer and use it to install the PowerFlex CSI 2.0 driver:

New CSI features across the portfolio:

Dynamic Logging Configuration

As part of driver installation, a ConfigMap with the name *arraytype*-config-params is created, which contains the following attributes:

  • CSI_LOG_LEVEL : It specifies the current log level of CSI driver
  • CSI_LOG_FORMAT : It specifies the current log format of CSI driver

These parameters can be set in myvalues.yaml file as mentioned below:

  1. # CSI driver log level
  2. # Allowed values: “error”, “warn”/”warning”, “info”, “debug”, “error”
  3. # Default value: “debug”
  4. logLevel: “debug”
  5. # CSI driver log format
  6. # Allowed values: “TEXT” or “JSON”
  7. # Default value: “JSON”
  8. logFormat: “JSON”

Optional Installation Of Resizing Feature

With CSI PowerStore drivers of previous versions Resizer support was mandatory and a user had to configure the feature.

Release 2.0 of the driver allows to run without Resizer by disabling it in values.yami;

resizer:

  • enabled: Enable/Disable volume expansion feature
  • Allowed values:
  • true: enable volume expansion feature(install resizer sidecar)
  • false: disable volume expansion feature(do not install resizer sidecar)
  • Default value: None
  • enabled: true

Added the ability to configure kubelet directory path

It’s now possible to configure Kubelet directory path in values.yaml as follows:

  • Specify kubelet config din path.
  • Ensure that the con-Fig.yaml file is present at this path.
  • Default value: None kubeletConfigDir: /var/lib/kubelet

NFS behind NAT

CSI Driver for Dell EMC PowerStore, PowerScale and Unity is supported in the NAT environment for NFS protocol when the Kubernetes cluster is behind a private network..

PowerScale Configurable permissions for volume directory 

By default, the CSI driver creates volume with 777 POSIX permission on the directory.

Now with the isiVolumePathPermissions parameter you can use ACL or any more permissive POSIX rights.

The isiVolumePathPermissions can be configured as part of the values , secret and storageclass. The accepted values are : parameter: private_read, private, public_read, public_read_write, public for the ACL or any combinaison of [POSIX Mode].

The permissions for volume directory can now be configured in 3 ways:

  1. Through values.yaml
  2. Through secrets
  3. Through storage class

  # isiVolumePathPermissions: The permissions for isi volume directory path

  # This value acts as a default value for isiVolumePathPermissions, if not specified for a cluster config in secret

  # Allowed values: valid octal mode number

  # Default value: "0777"

  # Examples: "0777", "777", "0755"

  isiVolumePathPermissions: "0777"

The permissions present in values.yaml are the default for all cluster config.

If the volume permission is not present in storage class then secrets are considered and if it is not present even in secrets then values.yaml is considered.

PowerScale “dnsPolicy” configurable

User has on option to specify “dnsPolicy” as per his network or system requirement to run the CSI driver smoothly.

  • dnsPolicy: Determines the DNS Policy of the Node service.
  • Allowed values:
  • Default: The Pod inherits the name resolution configuration from the node that the pods run on.
  • ClusterFirst: Any DNS query that does not match the configured cluster domain suffix, such as “www.kubernetes.
  • is forwarded to the upstream nameserver inherited from the node.
  • ClusterFirstwithHostNet: For Pods running with hostNetwork, you should explicitly set this DNS policy.
  • None: It allows a Pod to ignore DNS settings from the Kubernetes environment.
  • All DNS settings are supposed to be provided using the dnsConfig field in the Pod Spec.
  • Default value: ClusterFirst
  • ClusterFirstwithHostNet is the recommended DNS policy.

    tf Prior to vl.5 of the driver, the default DNS policy was ClusterFirst.

  • In certain scenarios, users might need to change the default dnsPolicy.

    dnsPolicy: ClusterFirstwithHostNet

PowerFlex Dynamic Multi-array Configuration

Dynamic Multi-array Configuration has added support to update or change any array configuration property.

If we edit the secret, driver will detect the change automatically and use the new values based on the Kubernetes watcher file change detection time.

We can use kubectl command to delete the current secret and create a new secret with changes.

Certificate Validation for PowerFlex Gateway REST API calls

As part of the CSI driver installation, the CSI driver requires a secret with the name vxflexos- certs-0 to vxflexos-certs-n based on the “.Values.certSecretCount” parameter present in the namespace vxflexos.

This secret contains the X509 certificates of the CA which signed PowerFlex gateway SSL certificate in PEM format.

The CSI driver exposes an install parameter in config.yaml, skipCertificateValidation, which determines if the driver performs client-side verification of the gateway certificates.

For more details refer: Helm installation in PowerFlex driver documentation.

For additional information, please:

A guest post by Tomer Nahumi

Leave a Reply