Installing the IBM PowerVC Container Storage Interface driver on OpenShift Container Platform

Edit online

Container Storage Interface driver (CSI) is a standard for providing storage functions to containers. PowerVC CSI pluggable driver interacts with PowerVC storage for operations such as create volumes, delete volumes, attach, or detach volumes.

Note: Installing or configuring PowerVC CSI driver on Red Hat® OpenShift Container Platform is currently not supported in OCP version 4.12 because there is a cluster deployment failure related to OVN-Kubernetes, which is the default CNI networking plug-in. For details, see the OCP cluster deployment fails when CNI network provider is OVN-Kubernetes technote.
PowerVC CSI driver has two main components.
  1. Node plug-in
  2. Controller plug-in

The Node plug-in is deployed as a DaemonSet and runs on the node where the volumes are provisioned and consumed (worker node where application pods run). Controller plug-in provides the functionality of volume management outside of worker node provision. This plug-in implements the CSI controller service and sidecar containers like external-provisioner and external-attacher. External provisioner triggers create or delete volume operations based on Persistent Volume Claims (PVC). External attacher watches volume attachment objects and triggers volume attach (publish) or detach (unpublish) operations.

Requirements

You must meet these requirements to use the PowerVC CSI pluggable driver.
  • OpenShift environment on top of PowerVC based IBM Power infrastructure with storage registered.
  • Red Hat OpenShift Container Platform version 4.12.0. See OCP life cycle dates before configuring.
Note: For volume to be attached to POD, the RMC state must be active for the virtual machine on which the OCP worker node is installed.

Installing or configuring PowerVC CSI driver on Red Hat OpenShift Container Platform

Configure PowerVC CSI driver on Red Hat OpenShift Container Platform by using these steps:

  1. Download these files from GitHub location: ibm-powervc-csi-driver-template.yaml, scc.yaml, and secret.yaml.
  2. List nodes and ensure that they are working. 
    # oc get nodes
  3. Create a project. 
    oc create namespace <my-project-name>
    Switch to the project.
    oc project <my-project-name>
  4. Add cluster roles for the project admininstrator.
    Run this command to provide access to system service account for openshift-infra:template-instance-controller.
    oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:openshift-infra:template-instance-controller
    Run this command to provide access to system service account for <projectname> as default.
    oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:<projectname>:default
  5. Apply Security Context Constraints (SCC) template. Run oc apply -f <directory path>/scc.yaml to apply changes.
  6. Apply the following changes to template file: ibm-powervc-csi-driver-template.yaml.

    For OPENSTACK_CERT_DATA, add attribute value: "". Copy and paste the contents of powervc.crt file between the quotation marks.

    For DRIVER_VOLUME_TYPE, add attribute value: "". Enter the name or UUID of the storage template between the quotation marks.

    To apply changes, run:
    oc apply -f <directory path>/ibm-powervc-csi-driver-template.yaml
  7. Replace OS_USERNAME and OS_PASSWORD parameters of secret file with your PowerVC username and password encrypted in base 64 format.
    Use the following command to get base64 encrypted format:
    base64 <<< <enter-your-powervc-username>
    base64 <<< <enter-your-powervc-password>
    Use the following command to apply this secret file into OpenShift:
    oc apply -f <directory path>/secret.yaml
  8. Validate using oc process --parameters ibm-powervc-csi command and make sure all the parameters and default values are returned.
  9. Process the template file.
    1. Run oc process ibm-powervc-csi -p OPENSTACK_IP_OR_HOSTNAME=<ip or hostname> -p OPENSTACK_CRED_SECRET_NAME=my-secret > <a>.yaml command to create <a>.yaml consisting of all artifacts.
    2. Use PowerVC IP address and the secret that you created in step 7 in case you already renamed it from my-secret.
  10. Install all OpenShift artifacts. 
    # oc apply -f a.yaml
  11. Run the following command and wait until all CSI nodes are published. 
    # oc get csinodes

    The list must at least show the worker node.

  12. Run commands such as oc get pods, oc logs <plugin> -c <container> to ensure that there are no errors in the output.