Container Storage Interface driver (CSI) is a standard for
providing storage functions to containers. PowerVC CSI pluggable driver interacts with
PowerVC storage for operations such as
create volumes, delete volumes, attach, or detach volumes.
PowerVC CSI driver has two main components.
- Node plug-in
- Controller plug-in
The Node plug-in is deployed as a DaemonSet and runs on the node where the volumes are
provisioned and consumed (worker node where application pods run). Controller plug-in provides the
functionality of volume management outside of worker node provision. This plug-in implements the CSI
controller service and sidecar containers like external-provisioner and
external-attacher. External provisioner triggers create or delete volume operations
based on Persistent Volume Claims (PVC). External attacher watches volume attachment objects and
triggers volume attach (publish) or detach (unpublish) operations.
Requirements
You must meet these requirements to use the
PowerVC CSI pluggable driver.
- OpenShift environment on top of PowerVC based IBM
Power infrastructure with storage registered.
- Red Hat® OpenShift Container Platform
version 4.11.0. See OCP life cycle dates before
configuring.
Note: For volume to be attached to POD, the RMC state must be active for the virtual machine on
which the OCP worker node is installed.
Installing or configuring PowerVC
CSI driver on Red Hat OpenShift Container
Platform
Configure PowerVC CSI driver on Red Hat OpenShift Container Platform by using
these steps:
-
Download these files from GitHub location:
ibm-powervc-csi-driver-template.yaml,
scc.yaml, and secret.yaml.
-
List nodes and ensure that they are working.
-
Create a project.
oc create namespace <my-project-name>
Switch to the project.
oc project <my-project-name>
- Add cluster roles for the
project admininstrator.
Run this command to provide access to system service account for
openshift-infra:template-instance-controller.
oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:template-instance-controller
Run this command to provide access to system service account for
<projectname> as
default.
oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:<projectname>:default
- Apply Security Context Constraints (SCC) template. Run oc apply -f <directory
path>/scc.yaml to apply changes.
- Apply the following changes to template file:
ibm-powervc-csi-driver-template.yaml.
For OPENSTACK_CERT_DATA, add attribute value: "". Copy and
paste the contents of powervc.crt file between the quotation marks.
For DRIVER_VOLUME_TYPE, add attribute value: "". Enter the
name or UUID of the storage template between the quotation marks.
To apply changes,
run:
oc apply -f <directory path>/ibm-powervc-csi-driver-template.yaml
- Replace
OS_USERNAME and OS_PASSWORD parameters of
secret file with your PowerVC username and password encrypted in
base 64 format.
Use the following command to get base64 encrypted
format:
base64 <<< <enter-your-powervc-username>
base64 <<< <enter-your-powervc-password>
Use the following command to apply this secret file into
OpenShift:
oc apply -f <directory path>/secret.yaml
- Validate using oc process --parameters ibm-powervc-csi command and
make sure all the parameters and default values are returned.
- Process the template file.
- Run oc process ibm-powervc-csi -p OPENSTACK_IP_OR_HOSTNAME=<ip or hostname> -p
OPENSTACK_CRED_SECRET_NAME=my-secret > <a>.yaml command to create
<a>.yaml consisting of all artifacts.
- Use PowerVC IP address and the
secret that you created in step 7 in case you already renamed it from
my-secret.
- Install all OpenShift artifacts.
- Run the following command and wait until all CSI nodes are published.
# oc get csinodes
The list must at least show the worker node.
- Run commands such as oc get pods, oc logs <plugin> -c
<container> to ensure that there are no errors in the output.
Refer to the example scripts for PowerVC-CSI drivers available here.