The module lifecycle stage: Deprecated
This section describes how to prepare vCenter and vSphere for the csi-vsphere module.
Required resources
The following resources are required for the module to function:
- User with the required permissions.
- Network with DHCP and internet access.
- Datacenter tagged as
k8s-region. - Cluster tagged as
k8s-zone. - One or more Datastores with the appropriate tags.
Installing govc
Use the vSphere CLI govc.
Set environment variables for vCenter access:
export GOVC_URL=example.com
export GOVC_USERNAME=<username>@vsphere.local
export GOVC_PASSWORD=<password>
export GOVC_INSECURE=1
Create tags and tag categories
csi-vsphere maps Kubernetes topology to vSphere objects: a region is a vSphere Datacenter, and a zone is a vSphere Cluster. The relationship between these objects is defined using tags.
To link Cluster and Datacenter objects, follow these steps:
-
Create tag categories:
govc tags.category.create -d "Kubernetes Region" k8s-region govc tags.category.create -d "Kubernetes Zone" k8s-zone -
Create tags in each category. If you use several zones (Cluster), create one tag per cluster:
govc tags.create -d "Kubernetes Region" -c k8s-region test-region govc tags.create -d "Kubernetes Zone Test 1" -c k8s-zone test-zone-1 govc tags.create -d "Kubernetes Zone Test 2" -c k8s-zone test-zone-2 -
Attach the region tag to the Datacenter:
govc tags.attach -c k8s-region test-region /<DatacenterName> -
Attach zone tags to Cluster objects:
govc tags.attach -c k8s-zone test-zone-1 /<DatacenterName>/host/<ClusterName1> govc tags.attach -c k8s-zone test-zone-2 /<DatacenterName>/host/<ClusterName2>
Datastore configuration
For dynamic PersistentVolume provisioning, each Datastore must be reachable from every ESXi host (shared datastore).
Attach region and zone tags to Datastore objects so the module can create StorageClass resources automatically:
govc tags.attach -c k8s-region test-region /<DatacenterName>/datastore/<DatastoreName1>
govc tags.attach -c k8s-zone test-zone-1 /<DatacenterName>/datastore/<DatastoreName1>
govc tags.attach -c k8s-region test-region /<DatacenterName>/datastore/<DatastoreName2>
govc tags.attach -c k8s-zone test-zone-2 /<DatacenterName>/datastore/<DatastoreName2>
Create and assign the role
Due to the variety of SSO providers connected to csi-vsphere, the steps for creating a user are not covered in this article.
The role to be created below includes all possible privileges for all DKP components. For a detailed list of privileges, refer to the cloud-provider-vsphere documentation.
Create the role:
govc role.create deckhouse \
Cns.Searchable Datastore.AllocateSpace Datastore.Browse Datastore.FileManagement \
Global.GlobalTag Global.SystemTag Network.Assign StorageProfile.View \
$(govc role.ls Admin | grep -F -e 'Folder.' -e 'InventoryService.' -e 'Resource.' -e 'VirtualMachine.')
Grant the role on the vCenter root object:
govc permissions.set -principal <username>@vsphere.local -role deckhouse /