Starting with the vSphere 7.0 Update 3 release, vSphere with Tanzu supports persistent volumes in ReadWriteMany mode. With the ReadWriteMany support, a single volume can be mounted simultaneously by multiple pods or applications running in a cluster. vSphere with Tanzu uses vSAN File Services to provide file shares for the ReadWriteMany persistent volumes.

Considerations for ReadWriteMany Persistent Volumes

When you enable ReadWriteMany support for persistent volumes in vSphere with Tanzu, keep in mind the following considerations.

  • With Tanzu Kubernetes clusters, use TKr version 1.22.
    Note: You can use the ReadWriteMany functionality only when the upcoming TKr version 1.22 is released. For information about the TKr versions, see VMware Tanzu Kubernetes releases Release Notes.
  • When you enable file volume support for vSphere with Tanzu, be aware of the potential security weaknesses:
    • The volumes are mounted without encryption. The unencrypted data might be accessed while the data transits the network.
    • Access Control Lists (ACLs) is used for the file shares to isolate file share access within a supervisor namespace. It might have risk of IP spoofing.
  • Follow these guidelines for networking:
    • Make sure that the vSphere Namespace is in NAT mode. See Create and Configure a vSphere Namespace.
    • Make sure the vSAN File Services is routable from the Workload network and there is no NAT between the Workload network and vSAN File Services IP addresses.
    • Use common DNS server for vSAN File Services and the vSphere cluster.
    Common DNS server is used for vSAN File Services and the vSphere cluster
  • If after enabling file volume support, you later deactivate it, existing ReadWriteMany persistent volumes that you provisioned in the cluster remain unaffected and usable. You will not be able to create new ReadWriteMany persistent volumes.

Workflow for Enabling ReadWriteMany Support for Persistent Volumes

Follow this process to enable ReadWriteMany support for persistent volumes.

  1. A vSphere administrator sets up a vSAN cluster with configured vSAN File Services. See Configure File Services.
  2. A vSphere administrator activates file volume support on the Supervisor Cluster.
    Action Description
    Activate file volume support when enabling the Workload Management platform.
    Activate file volume support on the existing cluster, for example, after an upgrade of vSphere with Tanzu. Change Storage Settings on the Supervisor Cluster
  3. A DevOps engineer provisions a persistent volume setting the PVC accessMode as ReadWriteMany.

    Several pods can be provisioned with the same PVC.

    See Provision a Dynamic Persistent Volume for a Stateful Application.