You can enable the ReadWriteMany support in vSphere IaaS control plane and allow multiple pods and applications to mount simultaneously a single persistent volume.
- The volumes are mounted without encryption. The unencrypted data might be accessed while the data transits the network.
- Access Control List (ACL) is used for the file shares to isolate file share access within a supervisor namespace. It might have risk of IP spoofing.
- Make sure the vSAN File Services is routable from the Workload network and there is no NAT between the Workload network and vSAN File Services IP addresses.
- Use common DNS server for vSAN File Services and the vSphere cluster.
- If your vSphere IaaS control plane has NSX networking, use the SNAT IP of the Supervisor namespace and the SNAT IP of the Tanzu Kubernetes cluster for ACL configuration.
- If you have vSphere IaaS control plane with vSphere Distributed Switch (VDS) networking, use the Tanzu Kubernetes cluster VM IP or the IP of the Supervisor namespace for ACL configuration.
Before you activate the file volume support on a Supervisor, you must set up a vSAN cluster with enabled vSAN File Service. To configure a vSAN cluster with enabled vSAN File Service in the vSphere Client, see the Configure File Services topic in the Administering VMware vSAN documentation. For more information about how to programmatically achieve this task, see the vSAN SDKs Programming Guide documentation.
You activate the ReadWriteMany support on a cluster when you enable vSphere IaaS control plane on it, or reconfigure an existing Supervisor. See Enable vSphere IaaS control plane on a Cluster with NSX as the Networking Stack, Enable vSphere IaaS control plane on a Cluster with the vSphere Networking Stack, and Reconfiguring a Supervisor. Pass the list of vSAN clusters to be used for provisioning file volumes by using the cns_file_config property of respective data structure. Currently, you can use only the current vSphere cluster for provisioning file volumes if it is a vSAN cluster with enabled vSAN File Service.
To deactivate the persistent volumes support on a Supervisor, pass an empty list when you set the Cloud Native Storage persistent storage support for the cluster. After that existing ReadWriteMany persistent volumes provisioned in the cluster remain unaffected and usable.