Security is top of mind for most, if not all, of our customers these days. Many years ago, I wrote a blog post on how customers could encrypt Kubernetes Persistent Volumes with an external Key Provider. One of our customers recently reached out to me to ask if we had any plans to provide similar support with the Native Key Provider. As my focus has been in other areas recently, I reached out to our CSI engineering team for an update. I then found out that support was added in our most recent release, vSphere 8.0U3. While no changes we…
One of the most interesting announcements for me at VMware Explore 2022 was around the introduction of vSphere Zones. This feature, when it becomes available with vSphere 8.0, enables vSphere with Tanzu deployments to be rolled out across geographically dispersed vSphere clusters placed in separate racks in a single physical datacenter, as per the release notes. This provides an extra level of availability that wasn’t previously possible. This extra availability is not just for the Supervisor Cluster, but also for the Tanzu Kubernetes clusters deployed by the TKG service. And indeed, it provides additional availability to the applications running on…
This post will look at another new feature that has been added to the vSphere CSI driver v2.5. This feature enables the exposing of CSI metrics so that they can be collected by Prometheus and stored as time series data. Using the information captured in Prometheus, we can build Grafana dashboards which makes is easy to monitor the health and stability of the CSI driver. Kudos to one of our vSphere CSI driver engineers, Liping Xue, who did a great write-up on how to test this feature, and who’s content I relied on heavily to create this post. In the…
I have created a short video to demonstrate the new CSI snapshots feature in vSphere CSI driver version 2.5. This demo begins with an existing Pod + PVC/PV volume on vSphere storage, take a snapshot of the volume, then restore it to a new PVC. This new volume will then be mounted by a new Pod, and we will examine it to see if the data was successfully captured and restored. The manifests demonstrated in this video are available for download on this GitHub repository. Hope you find it useful.
I’m delighted to announce that VMware has just released a new version of the vSphere CSI driver for Kubernetes. The full release notes are available here. This 2.5 version now has support for CSI snapshots, a feature that many customers and partners have been waiting for. This features enables snapshots to be taken of block-based persistent volumes, as well as the ability to restore snapshots to persistent volumes. Those of you familiar with the CSI driver will notice two additional Kubernetes components to enable snapshot support. The first is a new snapshot controller. When a snapshot is created, two new…
A short video to demonstrate how network access to Kubernetes Persistent Volumes, that are backed by vSAN File Service file shares, can be controlled. This allows an administrator to determine who has read-write access and who has read-only access to a volume, based on the network from which they are accessing the volume. This involves modifying the configuration file of the vSphere CSI driver, as shown in the following demonstration. The root squash parameter can also be controlled using this method. This links to a more detailed step-by-step write-up on how to configure the CSI driver configuration file and control…
In this post, we will look at another feature of the vSphere CSI driver that enables the placement of Kubernetes objects on different vSphere environments using a combination of vSphere Tags and a feature of the CSI driver called topology or failure domains. To achieve this, some additional entries must be added to the vSphere CSI driver configuration file. The CSI driver discovers each Kubernetes node/virtual machine topology, and through the kubelet, adds them as labels to the nodes. Please note that at the time of writing, the volume topology and availability zone feature was still in beta with vSphere…