Since TCA 2.3 release, vSphere CSI add-on supports use of customized vCenter Server credential for deployment and to add multiple storage class at same time. It also supports to add new feature for storage class to config with selected storage policy. This reference will briefly explain on how to create user/group/storage policy in vCenter Server before apply vSphere CSI add-on.

Add User/Group in vCenter Server

Follow the steps below to add new user/group and grant roles in vCenter Server:

  1. In vSphere Client, click Menu -> Administration on the menu bar

  2. Select Users and Groups under Single Sign On

  3. In Users tab, select vsphere.local as domain and then click ADD

  4. Input prefered username and password, click ADD

  5. Select Groups tab and click ADD

  6. Input group name in Group Name field. Search username just added in Add Members field to add the user to this group and click ADD

  7. Select Roles under Access Control on left panel of vSphere Client

  8. Input a name in field Role name and select privileges in below privileges list. Below is an example of privileges list for reference, user need to select proper privileges themselves for the specified role. Click CREATE after privlieges selected

    Category

    Privileges

    Datastore

    • Allocate space

    • Browse datastore

    • Low level file operations

    • Remove file

    • Update virtual machine files

    • Update virtual machine metadata

    Folder

    • Create folder

    • Delete folder

    • Move folder

    • Rename folder

    Global

    • Cancel task

    • Capacity planning

    • Global tag

    • Health

    • Log event

    • Manage custom attributes

    • Proxy

    • System tag

    vSphere Tagging

    • Assign or Unassign vSphere Tag

    • Assign or Unassign vSphere Tag on Object

    • Create vSphere Tag

    • Create vSphere Tag Category

    • Delete vSphere Tag

    • Delete vSphere Tag Category

    • Edit vSphere Tag

    • Edit vSphere Tag Category

    • Modify UsedBy Field For Category

    • Modify UsedBy Field For Tag

    Namespaces

    • Allows disk decommission operations

    Performance

    • Modify intervals

    Scheduled task

    • Create tasks

    • Modify task

    • Remove task

    • Run task

    Datastore cluster

    • Configure a datastore cluster

    Tasks

    • Create task

    • Update task

    Tenant management

    • Tenant provisioning operations

    • Tenant query operations

    Virtual machine

    Provisioning

    • Allow disk access

    • Allow file access

    • Allow read-only disk access

  9. Select Global Permissions under Roles and click ADD

  10. Search the created user in User/Group field and select the created role from the role list in the Role field. Click OK

Add new Storage Policy in vCenter Server

User needs to create new storage policy for specified datastores in vCenter Server before assigning the storage policy in vSphere CSI storage class creation.

User can follow steps mentioned in the Set Up CNS and Create a Storage Policy (vSphere) section of the TKG document here to create storage policies for vSAN or local VMFS datastore.