The Container Storage Interface (CSI) allows OKD to consume storage from storage back ends that implement the CSI interface as persistent storage.
OKD does not ship with any CSI drivers. It is recommended to use the CSI drivers provided by community or storage vendors.
Installation instructions differ by driver, and are found in each driver’s documentation. Follow the instructions provided by the CSI driver.
CSI drivers are typically shipped as container images. These containers are not aware of OKD where they run. To use CSI-compatible storage backend in OKD, the cluster administrator must deploy several components that serve as a bridge between OKD and the storage driver.
The following diagram provides a high-level overview about the components running in pods in the OKD cluster.
It is possible to run multiple CSI drivers for different storage backends. Each driver needs its own external controllers' deployment and DaemonSet with the driver and CSI registrar.
External CSI Controllers is a deployment that deploys one or more pods with three containers:
An external CSI attacher container translates
calls from OKD to respective
ControllerUnpublish calls to the CSI driver.
An external CSI provisioner container that translates
delete calls from OKD to respective
DeleteVolume calls to the CSI driver.
A CSI driver container
The CSI attacher and CSI provisioner containers communicate with the CSI driver container using UNIX Domain Sockets, ensuring that no CSI communication leaves the pod. The CSI driver is not accessible from outside of the pod.
The external attacher must also run for CSI drivers that do not support
The CSI driver DaemonSet runs a pod on every node that allows OKD to mount storage provided by the CSI driver to the node and use it in user workloads (pods) as persistent volumes (PVs). The pod with the CSI driver installed contains the following containers:
A CSI driver registrar, which registers the CSI driver into the
openshift-node service running on the node. The
running on the node then directly connects with the CSI driver using the
UNIX Domain Socket available on the node.
A CSI driver.
The CSI driver deployed on the node should have as few credentials to the
storage backend as possible. OKD will only use the node plug-in
set of CSI calls such as
NodeUnstage, if these calls are implemented.
Dynamic provisioning of persistent storage depends on the capabilities of the CSI driver and underlying storage backend. The provider of the CSI driver should document how to create a StorageClass in OKD and the parameters available for configuration.
The created StorageClass can be configured to enable dynamic provisioning.
Create a default storage class that ensures all PVCs that do not require any special storage class are provisioned by the installed CSI driver.
# oc create -f - << EOF apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: <storage-class> (1) annotations: storageclass.kubernetes.io/is-default-class: "true" provisioner: <provisioner-name> (2) parameters: EOF
|1||The name of the StorageClass that will be created.|
|2||The name of the CSI driver that has been installed|
The following example installs a default MySQL template without any changes to the template.
The CSI driver has been deployed.
A StorageClass has been created for dynamic provisioning.
Create the MySQL template:
# oc new-app mysql-persistent
--> Deploying template "openshift/mysql-persistent" to project default ...
# oc get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE mysql Bound kubernetes-dynamic-pv-3271ffcb4e1811e8 1Gi RWO cinder 3s