vSphere with Tanzu uses several components to integrate with vSphere storage.
- Cloud Native Storage (CNS) on vCenter Server
- The CNS component resides in vCenter Server. It is an extension of vCenter Server management that implements provisioning and lifecycle operations for persistent volumes.
- When provisioning container volumes, the component interacts with the vSphere First Class Disk functionality to create virtual disks that back the volumes. In addition, the CNS server component communicates with the Storage Policy Based Management to guarantee a required level of service to the disks.
- The CNS also performs query operations that allow vSphere administrators to manage and monitor persistent volumes and their backing storage objects through vCenter Server.
- First Class Disk (FCD)
Also called Improved Virtual Disk. It is a named virtual disk unassociated with a VM. These disks reside on a VMFS, NFS, or vSAN datastore and back ReadWriteOnce persistent volumes.
The FCD technology performs lifecycle operations related to persistent volumes outside of a lifecycle of a VM or pod.
- Storage Policy Based Management
- Storage Policy Based Management is a vCenter Server service that supports provisioning of persistent volumes and their backing virtual disks according to storage requirements described in a storage policy. After provisioning, the service monitors compliance of the volume with the storage policy characteristics.
- vSphere CNS-CSI
- The vSphere CNS-CSI component conforms to Container Storage Interface (CSI) specification, an industry standard designed to provide an interface that container orchestrators like Kubernetes use to provision persistent storage. The CNS-CSI driver runs in the Supervisor Cluster and connects vSphere storage to Kubernetes environment on a Supervisor Namespace. The vSphere CNS-CSI communicates directly with the CNS control plane for all storage provisioning requests that come from vSphere Pods and pods that runs in a Tanzu Kubernetes cluster on the namespace.
- Paravirtual CSI (pvCSI)
- The pvCSI is the version of the vSphere CNS-CSI driver modified for Tanzu Kubernetes clusters. The pvCSI resides in the Tanzu Kubernetes cluster and is responsible for all storage related requests originating from the Tanzu Kubernetes cluster. The requests are delivered to the CNS-CSI, which then propagates them to CNS in vCenter Server. As a result, the pvCSI does not have direct communication with the CNS component, but instead relies on the CNS-CSI for any storage provisioning operations.
- Unlike the CNS-CSI, the pvCSI does not require infrastructure credentials. It is configured with a service account in the Supervisor Namespace.
The following illustrates how different components interact when a DevOps engineer performs a storage related operation within the Tanzu Kubernetes cluster, for example creates a persistent volume claim (PVC).
The DevOps engineer creates a PVC using the command line on the Tanzu Kubernetes cluster. This action generates a matching PVC on the supervisor cluster and triggers the CNS-CSI. The CNS-CSI invokes the CNS create volume API.
After successful creation of a volume, the operation propagates back through the supervisor cluster to the Tanzu Kubernetes cluster. As a result of this propagation, users can see the persistent volume and the persistent volume claim in the bound state in the supervisor cluster. And they also see the persistent volume and the persistent volume claim in the bound state in the Tanzu Kubernetes cluster.