Dynamically Provision File Volumes with vSphere Container Storage Plug-in

vSphere Container Storage Plug-in supports dynamic provisioning of file volumes in native Kubernetes clusters.

Prerequisites

Set up your environment with vSAN File Service enabled. See Requirements for File Volumes with vSphere Container Storage Plug-in.
For additional information about integrating vSphere Container Storage Plug-in file services with your applications, see Cloud Native Storage and vSAN File Services Integration.
Use sample YAML files for Storage Class, PersistentVolumeClaim, PersistentVolume, and Pod specs. For more information, see the following links.

Procedure

Download a sample storage class from the GitHub repository.
For more information, see https://github.com/kubernetes-sigs/vsphere-csi-driver/blob/master/example/vanilla-k8s-RWM-filesystem-volumes/example-sc.yaml.

Create a file volume PVC YAML file.

Set accessModes to either ReadWriteMany or ReadOnlyMany based on your requirement.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: example-vanilla-file-pvc
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  storageClassName: example-vanilla-file-sc

Deploy the PVC.

kubectl apply -f example-pvc.yaml

Optionally, you can describe the corresponding PV after the PVC is bound.

The output is similar to the following:

Name:            pvc-45cea491-8399-11ea-883a-005056b61591
Labels:          <none>
Annotations:     pv.kubernetes.io/provisioned-by: csi.vsphere.vmware.com
Finalizers:      [kubernetes.io/pv-protection]
StorageClass:    example-vanilla-file-sc
Status:          Bound
Claim:           default/example-vanilla-file-pvc
Reclaim Policy:  Delete
Access Modes:    RWX
VolumeMode:      Filesystem
Capacity:        1Gi
Node Affinity:   <none>
Message:
Source:
    Type:              CSI (a Container Storage Interface (CSI) volume source)
    Driver:            csi.vsphere.vmware.com
    VolumeHandle:      file:53bf6fb7-fe9f-4bf8-9fd8-7a589bf77760
    ReadOnly:          false
    VolumeAttributes:      storage.kubernetes.io/csiProvisionerIdentity=1587430348006-8081-csi.vsphere.vmware.com
                           type=vSphere CNS File Volume
Events:                <none>

The VolumeHandle associated with the PV contains the file: prefix, which indicates that it is a file volume.

Create a pod with Read-Write acess or Read-Only access.

Option Description

Create a pod with Read-Write access referencing PVC from the example in step 3.

Option	Description
Create a pod with Read-Write access referencing PVC from the example in step 3.	apiVersion: v1 kind: Pod metadata: name: example-vanilla-file-pod1 spec: containers: - name: test-container image: gcr.io/google_containers/busybox:1.24 command: ["/bin/sh", "-c", "echo 'Hello! This is Pod1' >> /mnt/volume1/index.html && while true ; do sleep 2 ; done"] volumeMounts: - name: test-volume mountPath: /mnt/volume1 restartPolicy: Never volumes: - name: test-volume persistentVolumeClaim: claimName: example-vanilla-file-pvc To read the same file share from multiple pods, specify the PVC associated with the file share in the `ClaimName` in all pod specifications.
Create a pod with Read-Only access to the PVC.	Specify `readOnly` as true in the `persistentVolumeClaim` section. Setting just the `accessModes` to `ReadOnlyMany` in the PVC specification is not sufficient to make the PVC Read-Only to the pods. apiVersion: v1 kind: Pod metadata: name: example-vanilla-file-pod2 spec: containers: - name: test-container image: gcr.io/google_containers/busybox:1.24 command: ["/bin/sh", "-c", "while true ; do sleep 2 ; done"] volumeMounts: - name: test-volume mountPath: /mnt/volume1 restartPolicy: Never volumes: - name: test-volume persistentVolumeClaim: claimName: example-vanilla-file-pvc readOnly: true If you access this pod and try to create a file in the `mountPath`, which is /mnt/volume1, you get an error. $ kubectl exec -it example-vanilla-file-pod2 -c test-container -- /bin/sh / # cd /mnt/volume1/ /mnt/volume1 # touch abc.txt touch: abc.txt: Read-only file system

apiVersion: v1
kind: Pod
metadata:
  name: example-vanilla-file-pod1
spec:
  containers:
    - name: test-container
      image: gcr.io/google_containers/busybox:1.24
      command: ["/bin/sh", "-c", "echo 'Hello! This is Pod1' >> /mnt/volume1/index.html && while true ; do sleep 2 ; done"]
      volumeMounts:
        - name: test-volume
          mountPath: /mnt/volume1
  restartPolicy: Never
  volumes:
    - name: test-volume
      persistentVolumeClaim:
        claimName: example-vanilla-file-pvc

To read the same file share from multiple pods, specify the PVC associated with the file share in the ClaimName in all pod specifications.

Create a pod with Read-Only access to the PVC.

Specify readOnly as true in the persistentVolumeClaim section. Setting just the accessModes to ReadOnlyMany in the PVC specification is not sufficient to make the PVC Read-Only to the pods.

apiVersion: v1
kind: Pod
metadata:
  name: example-vanilla-file-pod2
spec:
  containers:
    - name: test-container
      image: gcr.io/google_containers/busybox:1.24
      command: ["/bin/sh", "-c", "while true ; do sleep 2 ; done"]
      volumeMounts:
        - name: test-volume
          mountPath: /mnt/volume1
  restartPolicy: Never
  volumes:
    - name: test-volume
      persistentVolumeClaim:
        claimName: example-vanilla-file-pvc
        readOnly: true

If you access this pod and try to create a file in the mountPath, which is /mnt/volume1, you get an error.

$ kubectl exec -it example-vanilla-file-pod2 -c test-container -- /bin/sh
/ # cd /mnt/volume1/
/mnt/volume1 # touch abc.txt
touch: abc.txt: Read-only file system