The vSphere Container Storage Plug-in requires that you install a Cloud Provider Interface on your Kubernetes cluster in the vSphere environment. Follow this procedure to install the vSphere Cloud Provider Interface (CPI).


  1. Before you install CPI, verify all nodes (including master nodes) are tainted with "". To taint nodes, use the command kubectl taint node <node-name> When the kubelet is started with an external cloud provider, this taint is set on a node to mark it as unusable. After a controller from the cloud-controller-manager initializes this node, the kubelet removes this taint.
  2. Identify the Kubernetes major version. For example, if the major version is 1.22.x, then run
  3. Create a vsphere-cloud-config configmap of vSphere configuration.
    Note: This is used for CPI. There is a separate secret required for vSphere Container Storage Plug-in.

    Modify the vsphere-cloud-controller-manager.yaml file downloaded in step 2 and update vCenter Server information. For example, see an excerpt of the vsphere-cloud-controller-manager.yaml file with dummy values as shown below.

    apiVersion: v1
    kind: Secret
      name: vsphere-cloud-secret
        vsphere-cpi-infra: secret
        component: cloud-controller-manager
      namespace: kube-system
      # NOTE: this is just an example configuration, update with real values based on your environment
    stringData: "Administrator@vsphere.local" "Admin!23"
    apiVersion: v1
    kind: ConfigMap
      name: vsphere-cloud-config
        vsphere-cpi-infra: config
        component: cloud-controller-manager
      namespace: kube-system
      # NOTE: this is just an example configuration, update with real values based on your environment
      vsphere.conf: |
        # Global properties in this section will be used for all specified vCenters unless overriden in VirtualCenter section.
          port: 443
          # set insecureFlag to true if the vCenter uses a self-signed cert
          insecureFlag: true
          # settings for using k8s secret
          secretName: vsphere-cloud-secret
          secretNamespace: kube-system
        # vcenter section
            user: Administrator@vsphere.local
            password: Admin!23
              - VSAN-DC 
  4. Apply the release manifest with updated values for the config map. This will create Roles, Roles Bindings, Service Account, Service and cloud-controller-manager Pod
    # kubectl apply -f vsphere-cloud-controller-manager.yaml
    serviceaccount/cloud-controller-manager created
    secret/vsphere-cloud-secret created
    configmap/vsphere-cloud-config created created created created
    daemonset.apps/vsphere-cloud-controller-manager created
  5. To remove vsphere.conf file created at /etc/kubernetes/, run the following command.
    rm vsphere-cloud-controller-manager.yaml
  6. Verify if the ProviderID is set for all nodes.
    kubectl describe nodes | grep "ProviderID"
    ProviderID: vsphere://<provider-id1>
    ProviderID: vsphere://<provider-id2>
    ProviderID: vsphere://<provider-id3>
    ProviderID: vsphere://<provider-id4>
    ProviderID: vsphere://<provider-id5>
    • vSphere Container Storage Plug-in requires the ProviderID field to be set for all nodes.
    • ProviderID contains virtual machine UUID. This can be used to discover the Node VM by vSphere Container Storage Plug-in.
    • If you do not set the ProviderID, the following limitations will occur:
      • vSphere Container Storage Plug-in cannot create volumes (Find shared accessible datastore for all node VMs using this ProviderID).
      • vSphere Container Storage Plug-in cannot attach/detach volumes as it looks up to the Node VM to attach and detach the disk using this ProviderID set on the node object.