To be able to use the snapshots technology in TKG Service clusters, you must install and deploy an external CSI snapshot webhook in to a TKG cluster. External CSI snapshot webhook is an open-source component with a HTTP call-back that responds to admission requests. It is responsible for validation of volume snapshot objects.

External CSI snapshot webhook installs automatically in Supervisor. This topic applies only to TKG Service clusters.

Prerequisites

Prepare a TKG Service Cluster for Installation of External CSI Snapshot Webhook

Follow these steps to install external CSI snapshot webhook in a TKG Service cluster.

Procedure

  1. Get the admin credentials of the TKG cluster where you want to deploy the external CSI snapshot webhook. 
    tanzu cluster kubeconfig get my-cluster --admin
  2. Switch context to the vSphere Namespace where the target TKG cluster is provisioned. 
    kubectl config use-context my-cluster-admin@my-cluster
  3. If the cluster does not have a package repository, such as the tanzu-standard repository, install one.
    You can skip this step if your target cluster is a legacy plan-based cluster. For plan-based clusters, the tanzu-standard package repository is automatically enabled in the tanzu-package-repo-global namespace. 
    tanzu package repository add PACKAGE-REPO-NAME --url PACKAGE-REPO-ENDPOINT --namespace tkg-system
    • PACKAGE-REPO-NAME is the name of the package repository, such as tanzu-standard, or the name of a private image registry configured with ADDITIONAL_IMAGE_REGISTRY variables.
    • PACKAGE-REPO-ENDPOINT is the URL of the package repository.
  4. If you have not already done so, install the cert-manager.
    For information, see Install Cert Manager.

Results

You can now deploy the external CSI snapshot webhook.

Deploy External CSI Snapshot Webhook

Follow these steps to deploy the external CSI snapshot webhook on a TKG Service cluster.

Procedure

  1. Confirm that the external CSI snapshot webhook package is available in the cluster. 
    tanzu package available list -A

    If the package not available, make sure package repository containing the required external CSI snapshot webhook package is installed correctly. For instructions, see Step 3 of Prepare a TKG Service Cluster for Installation of External CSI Snapshot Webhook.

  2. Obtain the version of the available package. 
    tanzu package available list external-csi-snapshot-webhook.tanzu.vmware.com -A
  3. Install the package with appropriate available version. 
    tanzu package install external-csi-snapshot-webhook --package external-csi-snapshot-webhook.tanzu.vmware.com --version AVAILABLE-PACKAGE-VERSION --namespace kube-system
    AVAILABLE-PACKAGE-VERSION specifies the package version that you obtained in Step 2.
  4. Confirm that the external CSI snapshot webhook package has been installed. 
    tanzu package installed list -A
    To see more details about the package, you can also run the following command: 
    tanzu package installed get external-csi-snapshot-webhook --namespace kube-system
  5. Confirm that the external-csi-snapshot-webhook app has been successfully reconciled in your TARGET-NAMESPACE. 
    kubectl get apps -A
    If the status is not Reconcile Succeeded, view the full status details of the external-csi-snapshot-webhook app. Viewing the full status can help you troubleshoot the problem. 
    kubectl get app external-csi-snapshot-webhook --namespace kube-system -o yaml
    If troubleshooting does not help you solve the problem, uninstall the package using the following command before installing it again. 
    tanzu package installed delete external-csi-snapshot-webhook --namespace kube-system
  6. Confirm that the external-csi-snapshot-webhook is running by listing all of pods in the cluster. 
    kubectl get pods -A
    Verify that external-csi-snapshot-webhook pods are created in the kube-system namespace.