From f34d157cce18caa25680677f9db9faee78ed80db Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 4 Apr 2024 09:31:39 +0000 Subject: [PATCH 1/4] docs: add configurable export IP in csi-unity --- .../templates/helm/csm-1.10.1-values.template | 426 ++++++++++++++++++ .../helm/drivers/installation/unity.md | 1 + content/v1/csidriver/features/unity.md | 13 + 3 files changed, 440 insertions(+) create mode 100644 content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.10.1-values.template diff --git a/content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.10.1-values.template b/content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.10.1-values.template new file mode 100644 index 0000000000..370e914fb8 --- /dev/null +++ b/content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.10.1-values.template @@ -0,0 +1,426 @@ +## K8S/DRIVER ATTRIBUTES +########################################## +## K8S/CSI-PowerStore ATTRIBUTES +########################################## +csi-powerstore: + enabled: $POWERSTORE_ENABLED + version: v2.10.0 + images: + # "driver" defines the container image, used for the driver container. + driver: dellemc/csi-powerstore:v2.10.0 + # CSI sidecars + attacher: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + provisioner: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + resizer: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + + # CSM sidecars + replication: dellemc/dell-csi-replicator:v1.8.0 + vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.4.0 + podmon: dellemc/podmon:v1.9.0 + metadataretriever: dellemc/csi-metadata-retriever:v1.6.0 + ## Controller ATTRIBUTES + controller: + controllerCount: $CONTROLLER_COUNT + volumeNamePrefix: $VOLUME_NAME_PREFIX + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + tolerations: $CONTROLLER_TOLERATIONS + replication: + enabled: $REPLICATION_ENABLED + vgsnapshot: + enabled: $VG_SNAPSHOT_ENABLED + snapshot: + enabled: $SNAPSHOT_ENABLED + snapNamePrefix: $SNAP_NAME_PREFIX + resizer: + enabled: $RESIZER_ENABLED + ## Node ATTRIBUTES + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $NODE_POD_NODE_SELECTOR + tolerations: $NODE_TOLERATIONS + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.powerstore.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "powerstore.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + storageCapacity: + enabled: $STORAGE_CAPACITY_ENABLED + podmon: + enabled: $RESILIENCY_ENABLED + + maxPowerstoreVolumesPerNode: $MAX_VOLUMES_PER_NODE + +## K8S/CSI-PowerMax ATTRIBUTES +########################################## +csi-powermax: + enabled: $POWERMAX_ENABLED + global: + storageArrays: + - storageArrayId: "$POWERMAX_STORAGE_ARRAY_ID" + endpoint: $POWERMAX_STORAGE_ARRAY_ENDPOINT_URL + backupEndpoint: $POWERMAX_STORAGE_ARRAY_BACKUP_ENDPOINT_URL + - storageArrayId: "$TARGET_ARRAY_ID" + endpoint: $TARGET_UNISPHERE + managementServers: + - endpoint: $POWERMAX_MANAGEMENT_SERVERS_ENDPOINT_URL + - endpoint: $TARGET_UNISPHERE + version: v2.10.0 + images: + # "driver" defines the container image, used for the driver container. + driver: dellemc/csi-powermax:v2.10.0 + csireverseproxy: dellemc/csipowermax-reverseproxy:v2.9.0 + # CSI sidecars + attacher: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + provisioner: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + resizer: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # CSM sidecars + replication: dellemc/dell-csi-replicator:v1.8.0 + authorization: dellemc/csm-authorization-sidecar:v1.10.0 + migration: dellemc/dell-csi-migrator:v1.3.0 + noderescan: dellemc/dell-csi-node-rescanner:v1.2.0 + clusterPrefix: $POWERMAX_CLUSTER_PREFIX + portGroups: "$POWERMAX_PORT_GROUPS" + fsGroupPolicy: "$FSGROUP_POLICY" + maxPowerMaxVolumesPerNode: $MAX_VOLUMES_PER_NODE + enableCHAP: $ISCSI_CHAP_ENABLED + transportProtocol: "$NODE_TRANSPORT_PROTOCOL" + storageCapacity: + enabled: $STORAGE_CAPACITY_ENABLED + controller: + controllerCount: $CONTROLLER_COUNT + volumeNamePrefix: $VOLUME_NAME_PREFIX + snapshot: + enabled: $SNAPSHOT_ENABLED + snapNamePrefix: $SNAP_NAME_PREFIX + resizer: + enabled: $RESIZER_ENABLED + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + tolerations: $CONTROLLER_TOLERATIONS + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + topologyControl: + enabled: $TOPOLOGY_ENABLED + nodeSelector: $NODE_POD_NODE_SELECTOR + tolerations: $NODE_TOLERATIONS + - key: "node.kubernetes.io/memory-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/disk-pressure" + operator: "Exists" + effect: "NoExecute" + - key: "node.kubernetes.io/network-unavailable" + operator: "Exists" + effect: "NoExecute" + csireverseproxy: + deployAsSidecar: true + replication: + enabled: $REPLICATION_ENABLED + migration: + enabled: $MIGRATION_ENABLED + authorization: + enabled: $AUTHORIZATION_ENABLED + proxyHost: $AUTHORIZATION_PROXY_HOST + skipCertificateValidation: $AUTHORIZATION_SKIP_CERTIFICATE_VALIDATION + storageCapacity: + enabled: $STORAGE_CAPACITY_ENABLED + vSphere: + enabled: $VSPHERE_ENABLED + fcPortGroup: "$VSPHERE_FC_PORT_GROUP" + fcHostName: "$VSPHERE_FC_HOST_NAME" + vCenterHost: "$VSPHERE_VCENTER_HOST" + vCenterCredSecret: $VSPHERE_VCENTER_CRED_SECRET + +## K8S/CSI-PowerFlex ATTRIBUTES +########################################## +csi-vxflexos: + enabled: $POWERFLEX_ENABLED + version: v2.10.0 + images: + # "driver" defines the container image, used for the driver container. + driver: dellemc/csi-vxflexos:v2.10.0 + # "powerflexSdc" defines the SDC image for init container. + powerflexSdc: dellemc/sdc:4.5 + # CSI sidecars + attacher: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + provisioner: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + resizer: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # CSM sidecars + replication: dellemc/dell-csi-replicator:v1.8.0 + vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.4.0 + podmon: dellemc/podmon:v1.9.0 + authorization: dellemc/csm-authorization-sidecar:v1.10.0 + certSecretCount: $CERT_SECRET_COUNT + controller: + replication: + enabled: $REPLICATION_ENABLED + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + controllerCount: $CONTROLLER_COUNT + volumeNamePrefix: $VOLUME_NAME_PREFIX + snapshot: + enabled: $SNAPSHOT_ENABLED + resizer: + enabled: $RESIZER_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + tolerations: $CONTROLLER_TOLERATIONS + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $NODE_POD_NODE_SELECTOR + renameSDC: + enabled: $RENAME_SDC_ENABLED + sdcPrefix: $SDC_PREFIX + approveSDC: + enabled: $APPROVE_SDC_ENABLED + tolerations: $NODE_TOLERATIONS + # Uncomment if CSM for Resiliency and CSI Driver pods monitor is enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + storageCapacity: + enabled: $STORAGE_CAPACITY_ENABLED + enableQuota: $QUOTA_ENABLED + externalAccess: + monitor: + enabled: $MONITOR_ENABLED + vgsnapshotter: + enabled: $VG_SNAPSHOT_ENABLED + podmon: + enabled: $RESILIENCY_ENABLED + authorization: + enabled: $AUTHORIZATION_ENABLED + proxyHost: $AUTHORIZATION_PROXY_HOST + skipCertificateValidation: $AUTHORIZATION_SKIP_CERTIFICATE_VALIDATION + maxPowerflexVolumesPerNode: $MAX_VOLUMES_PER_NODE + +## K8S/CSI-PowerScale ATTRIBUTES +########################################## +csi-isilon: + enabled: $POWERSCALE_ENABLED + version: "v2.10.0" + images: + # "driver" defines the container image, used for the driver container. + driver: dellemc/csi-isilon:v2.10.0 + # CSI sidecars + attacher: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + provisioner: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + resizer: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # CSM sidecars + replication: dellemc/dell-csi-replicator:v1.8.0 + podmon: dellemc/podmon:v1.9.0 + authorization: dellemc/csm-authorization-sidecar:v1.10.0 + metadataretriever: dellemc/csi-metadata-retriever:v1.4.0 + encryption: dellemc/csm-encryption:v0.3.0 + + certSecretCount: $CERT_SECRET_COUNT + allowedNetworks: [] + verbose: 1 + enableCustomTopology: false + fsGroupPolicy: $FSGROUP_POLICY + storageCapacity: + enabled: $STORAGE_CAPACITY_ENABLED + maxIsilonVolumesPerNode: $MAX_VOLUMES_PER_NODE + controller: + controllerCount: $CONTROLLER_COUNT + volumeNamePrefix: $VOLUME_NAME_PREFIX + replication: + enabled: $REPLICATION_ENABLED + snapshot: + enabled: $SNAPSHOT_ENABLED + snapNamePrefix: $SNAP_NAME_PREFIX + resizer: + enabled: $RESIZER_ENABLED + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + tolerations: $CONTROLLER_TOLERATIONS + node: + nodeSelector: $NODE_POD_NODE_SELECTOR + tolerations: $NODE_TOLERATIONS + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + authorization: + enabled: $AUTHORIZATION_ENABLED + proxyHost: $AUTHORIZATION_PROXY_HOST + skipCertificateValidation: $AUTHORIZATION_SKIP_CERTIFICATE_VALIDATION + # Enable this feature only after contact support for additional information + podmon: + enabled: $RESILIENCY_ENABLED + +## K8S/CSI-Unity ATTRIBUTES +########################################## +csi-unity: + enabled: $UNITY_ENABLED + version: v2.10.1 + images: + # "driver" defines the container image, used for the driver container. + driver: dellemc/csi-unity:v2.10.1 + # CSI sidecars + attacher: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 + provisioner: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 + snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v7.0.1 + resizer: registry.k8s.io/sig-storage/csi-resizer:v1.10.0 + registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.0 + healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.11.0 + # CSM sidecars + podmon: dellemc/podmon:v1.9.0 + certSecretCount: $CERT_SECRET_COUNT + allowedNetworks: [] + fsGroupPolicy: $FSGROUP_POLICY + controller: + controllerCount: $CONTROLLER_COUNT + volumeNamePrefix: $VOLUME_NAME_PREFIX + snapshot: + enabled: $SNAPSHOT_ENABLED + snapNamePrefix: $SNAP_NAME_PREFIX + resizer: + enabled: $RESIZER_ENABLED + nodeSelector: $CONTROLLER_POD_NODE_SELECTOR + tolerations: $CONTROLLER_TOLERATIONS + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + node: + healthMonitor: + enabled: $HEALTH_MONITOR_ENABLED + nodeSelector: $NODE_POD_NODE_SELECTOR + tolerations: $NODE_TOLERATIONS + # - key: "node.kubernetes.io/memory-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/disk-pressure" + # operator: "Exists" + # effect: "NoExecute" + # - key: "node.kubernetes.io/network-unavailable" + # operator: "Exists" + # effect: "NoExecute" + # Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled + # - key: "offline.vxflexos.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "vxflexos.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.unity.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "unity.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "offline.isilon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + # - key: "isilon.podmon.storage.dell.com" + # operator: "Exists" + # effect: "NoSchedule" + storageCapacity: + enabled: $STORAGE_CAPACITY_ENABLED + maxUnityVolumesPerNode: $MAX_VOLUMES_PER_NODE + podmon: + enabled: $RESILIENCY_ENABLED + +## K8S/Replication Module ATTRIBUTES +########################################## +csm-replication: + enabled: $REPLICATION_ENABLED + +## K8S/Observability Module ATTRIBUTES +########################################## +karavi-observability: + enabled: $OBSERVABILITY_ENABLED + karaviMetricsPowerstore: + enabled: $POWERSTORE_OBSERVABILITY_METRICS_ENABLED + karaviMetricsPowermax: + enabled: $POWERMAX_OBSERVABILITY_METRICS_ENABLED + karaviMetricsPowerflex: + enabled: $POWERFLEX_OBSERVABILITY_METRICS_ENABLED + karaviMetricsPowerscale: + enabled: $POWERSCALE_OBSERVABILITY_METRICS_ENABLED + cert-manager: + enabled: $OBSERVABILITY_CERT_MANAGER_ENABLED + +## K8S/Cert-manager ATTRIBUTES +########################################## +cert-manager: + enabled: $CERT_MANAGER_ENABLED diff --git a/content/docs/deployment/helm/drivers/installation/unity.md b/content/docs/deployment/helm/drivers/installation/unity.md index 04ffbebc48..7ab9f8bca6 100644 --- a/content/docs/deployment/helm/drivers/installation/unity.md +++ b/content/docs/deployment/helm/drivers/installation/unity.md @@ -114,6 +114,7 @@ cd dell-csi-helm-installer && wget -O my-unity-settings.yaml https://github.com/ | syncNodeInfoInterval | Time interval to add node info to the array. Default 15 minutes. The minimum value should be 1 minute. | No | 15 | | maxUnityVolumesPerNode | Maximum number of volumes that controller can publish to the node. | No | 0 | | certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. (unity-cert-0..unity-cert-n). The minimum value should be 1. | No | 1 | + | [allowedNetworks](../../../../../csidriver/features/unity/#support-custom-networks-for-nfs-io-traffic) | Defines the list of networks that can be used for NFS I/O traffic, CIDR format must be used. | No | [ ] | | imagePullPolicy | The default pull policy is IfNotPresent which causes the Kubelet to skip pulling an image if it already exists. | Yes | IfNotPresent | | podmon.enabled | service to monitor failing jobs and notify | No | false | | tenantName | Tenant name added while adding host entry to the array | No | | diff --git a/content/v1/csidriver/features/unity.md b/content/v1/csidriver/features/unity.md index 188f5a3232..301ad438e5 100644 --- a/content/v1/csidriver/features/unity.md +++ b/content/v1/csidriver/features/unity.md @@ -651,3 +651,16 @@ data: TENANT_NAME: "" ``` >Note: csi-unity supports Tenancy in multi-array setup, provided the TenantName is the same across Unity XT instances. + +## Support custom networks for NFS I/O traffic + +When `allowedNetworks` is specified for using custom networks to handle NFS traffic, and a user already +has workloads scheduled, there is a possibility that it might lead to backward compatibility issues. For example, ControllerUnPublish might not be able to completely remove clients from the NFS exports of previously created pods. + +Also, the previous workload will still be using the default network and not custom networks. For previous workloads to use custom networks, the recreation of pods is required. + +When csi-unity driver creates an NFS export, the traffic flows through the client specified in the export. By default, the client is the network interface for Kubernetes +communication (same IP/fqdn as k8s node) by default. + +For a cluster with multiple network interfaces and if a user wants to segregate k8s traffic from NFS traffic; you can use the `allowedNetworks` option. +`allowedNetworks` takes CIDR addresses as a parameter to match the IPs to be picked up by the driver to allow and route NFS traffic. From 259cb7bfdc2793da4c6d76e182dfd651b9f4c73e Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Thu, 11 Apr 2024 10:00:26 +0000 Subject: [PATCH 2/4] docs: change release version in template --- ...{csm-1.10.1-values.template => csm-1.11.0-values.template} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename content/docs/deployment/csminstallationwizard/src/templates/helm/{csm-1.10.1-values.template => csm-1.11.0-values.template} (99%) diff --git a/content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.10.1-values.template b/content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.11.0-values.template similarity index 99% rename from content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.10.1-values.template rename to content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.11.0-values.template index 370e914fb8..bc9d4a123b 100644 --- a/content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.10.1-values.template +++ b/content/docs/deployment/csminstallationwizard/src/templates/helm/csm-1.11.0-values.template @@ -333,10 +333,10 @@ csi-isilon: ########################################## csi-unity: enabled: $UNITY_ENABLED - version: v2.10.1 + version: v2.11.0 images: # "driver" defines the container image, used for the driver container. - driver: dellemc/csi-unity:v2.10.1 + driver: dellemc/csi-unity:v2.11.0 # CSI sidecars attacher: registry.k8s.io/sig-storage/csi-attacher:v4.5.0 provisioner: registry.k8s.io/sig-storage/csi-provisioner:v4.0.0 From d863b2c04eb4b8cfbc34a4931b507c43616516e4 Mon Sep 17 00:00:00 2001 From: Malgorzata Dutka Date: Wed, 17 Apr 2024 08:02:54 +0000 Subject: [PATCH 3/4] fix docs folder --- content/docs/csidriver/features/unity.md | 13 +++++++++++++ content/v1/csidriver/features/unity.md | 13 ------------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/content/docs/csidriver/features/unity.md b/content/docs/csidriver/features/unity.md index 087544f5eb..8205ebf1ce 100644 --- a/content/docs/csidriver/features/unity.md +++ b/content/docs/csidriver/features/unity.md @@ -711,3 +711,16 @@ data: TENANT_NAME: "" ``` >Note: csi-unity supports Tenancy in multi-array setup, provided the TenantName is the same across Unity XT instances. + +## Support custom networks for NFS I/O traffic + +When `allowedNetworks` is specified for using custom networks to handle NFS traffic, and a user already +has workloads scheduled, there is a possibility that it might lead to backward compatibility issues. For example, ControllerUnPublish might not be able to completely remove clients from the NFS exports of previously created pods. + +Also, the previous workload will still be using the default network and not custom networks. For previous workloads to use custom networks, the recreation of pods is required. + +When csi-unity driver creates an NFS export, the traffic flows through the client specified in the export. By default, the client is the network interface for Kubernetes +communication (same IP/fqdn as k8s node) by default. + +For a cluster with multiple network interfaces and if a user wants to segregate k8s traffic from NFS traffic; you can use the `allowedNetworks` option. +`allowedNetworks` takes CIDR addresses as a parameter to match the IPs to be picked up by the driver to allow and route NFS traffic. diff --git a/content/v1/csidriver/features/unity.md b/content/v1/csidriver/features/unity.md index 301ad438e5..188f5a3232 100644 --- a/content/v1/csidriver/features/unity.md +++ b/content/v1/csidriver/features/unity.md @@ -651,16 +651,3 @@ data: TENANT_NAME: "" ``` >Note: csi-unity supports Tenancy in multi-array setup, provided the TenantName is the same across Unity XT instances. - -## Support custom networks for NFS I/O traffic - -When `allowedNetworks` is specified for using custom networks to handle NFS traffic, and a user already -has workloads scheduled, there is a possibility that it might lead to backward compatibility issues. For example, ControllerUnPublish might not be able to completely remove clients from the NFS exports of previously created pods. - -Also, the previous workload will still be using the default network and not custom networks. For previous workloads to use custom networks, the recreation of pods is required. - -When csi-unity driver creates an NFS export, the traffic flows through the client specified in the export. By default, the client is the network interface for Kubernetes -communication (same IP/fqdn as k8s node) by default. - -For a cluster with multiple network interfaces and if a user wants to segregate k8s traffic from NFS traffic; you can use the `allowedNetworks` option. -`allowedNetworks` takes CIDR addresses as a parameter to match the IPs to be picked up by the driver to allow and route NFS traffic. From 64238ce3f76eccbc9894b74af831332b35b67e43 Mon Sep 17 00:00:00 2001 From: Bartosz Ciesielczyk Date: Wed, 17 Apr 2024 13:25:01 +0200 Subject: [PATCH 4/4] add parameter to csm operator installation page --- content/docs/deployment/csmoperator/drivers/unity.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/docs/deployment/csmoperator/drivers/unity.md b/content/docs/deployment/csmoperator/drivers/unity.md index 3c936941fd..7d57c5907f 100644 --- a/content/docs/deployment/csmoperator/drivers/unity.md +++ b/content/docs/deployment/csmoperator/drivers/unity.md @@ -72,6 +72,7 @@ kubectl get csm --all-namespaces | X_CSI_HEALTH_MONITOR_ENABLED | Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition | No | false | | ***Node parameters*** | | X_CSI_HEALTH_MONITOR_ENABLED | Enable/Disable health monitor of CSI volumes from Controller plugin - volume condition | No | false | +| X_CSI_ALLOWED_NETWORKS | Custom networks for Unity export. List of networks that can be used for NFS I/O traffic, CIDR format should be used "ip/prefix ip/prefix" | No | empty | 4. Execute the following command to create Unity XT custom resource: ```bash