This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Installing Huawei CSI Using Helm

Helm Installation Description

This section describes how to install Huawei CSI using Helm 3.

  • Huawei CSI can be installed as the root user or a non-root user. When installing Huawei CSI as a non-root user, ensure that the current user can access the API Server of the Kubernetes cluster. For details about how to configure access to the Kubernetes cluster as a non-root user, see Configuring Access to the Kubernetes Cluster as a Non-root User .
  • Huawei CSI must be run as the root user.

Helm is a software package management tool in the Kubernetes ecosystem. Similar to Ubuntu APT, CentOS YUM, or Python pip, Helm manages Kubernetes application resources.

You can use Helm to package, distribute, install, upgrade, and roll back Kubernetes applications in a unified manner.

When installing huawei-csi-controller, Helm deploys the following components in the workloads of the Deployment type in the specified namespace:

  • huawei-csi-driver: Huawei CSI driver.
  • storage-backend-controller: Huawei backend management controller, used to manage storageBackendClaim resources.
  • storage-backend-sidecar: used to manage storageBackendContent resources.
  • Kubernetes External Provisioner: used to provide or delete volumes.
  • Kubernetes External Attacher: used to attach or detach volumes.
  • Kubernetes External Resizer: used to expand the capacity of volumes.
  • Kubernetes External liveness-probe: used to determine the health status of a Pod.
  • (Optional) huawei-csi-extender: Huawei CSI extender.
  • (Optional) Kubernetes External Snapshotter: used to provide snapshot support (installed as CRD).
  • (Optional) Kubernetes External Snapshot Controller: used to control volume snapshots.

When installing huawei-csi-node, Helm deploys the following components in the workloads of the DaemonSet type in the specified namespace:

  • huawei-csi-driver: Huawei CSI driver.
  • Kubernetes Node Registrar: used to process driver registration.
  • liveness-probe: used to determine the health status of a Pod.

1 - Installing Huawei CSI on Kubernetes, OpenShift, and Tanzu

Installation Procedure

  1. Use a remote access tool, such as PuTTY, to log in to any master node in the cluster through the management IP address.

  2. Copy the helm directory in the Kubernetes CSI component package to any directory on the master node. For details about the Helm tool path, see Table 1 .

  3. Go to the helm/esdk working directory.

    cd helm/esdk
    
  4. Prepare the values.yaml file. Huawei CSI provides the values.yaml template file in the helm/esdk directory of the software package. You can also modify parameters according to Parameters in the values.yaml File of Helm to customize Huawei CSI.

  5. Perform the following configuration before the installation:

  6. Run the following command to update the storage backend CRD.

    kubectl apply -f ./crds/backend/
    
  7. (Optional) Check snapshot-dependent components by following the instructions provided in Checking Volume Snapshot-Dependent Components . After confirming that the components are correct, run the following command to update the snapshot CRD. If controller.snapshot.enabled is set to false or the Kubernetes version is earlier than v1.17, you can skip this step. For details, see Table 2 .

    kubectl apply -f ./crds/snapshot-crds/ --validate=false
    
  8. Run the following command to install Huawei CSI. In the preceding command, helm-huawei-csi indicates the custom Helm chart name, ./ indicates that the Helm project in the current directory is used, and huawei-csi indicates the custom Helm chart namespace.

    helm install helm-huawei-csi ./ -n huawei-csi --create-namespace
    

    The following is an example of the command output.

    NAME: helm-huawei-csi
    LAST DEPLOYED: Wed Jun  8 11:50:28 2022
    NAMESPACE: huawei-csi
    STATUS: deployed
    REVISION: 1
    TEST SUITE: None
    
  9. After the huawei-csi service is deployed, run the following command to check whether the service is started.

    kubectl get pod -n huawei-csi
    

    The following is an example of the command output. If the Pod status is Running, the installation is successful.

    NAME                                     READY   STATUS    RESTARTS   AGE
    huawei-csi-controller-6dfcc4b79f-9vjtq   9/9     Running   0          24m
    huawei-csi-controller-6dfcc4b79f-csphc   9/9     Running   0          24m
    huawei-csi-node-g6f4k                    3/3     Running   0          20m
    huawei-csi-node-tqs87                    3/3     Running   0          20m
    

Installation and Configuration on the OpenShift Platform

For the OpenShift platform, run the following commands to create the SecurityContextConstraints resource.

  1. Run the following command to edit the helm_scc.yaml file.

    vi helm_scc.yaml
    
  2. Modify the helm_scc.yaml file. In the following command output, huawei-csi indicates the created namespace. Replace it based on the actual situation.

    apiVersion: security.openshift.io/v1
    kind: SecurityContextConstraints
    metadata:
      name: helm-scc
    allowHostDirVolumePlugin: true
    allowHostIPC: true
    allowHostNetwork: true
    allowHostPID: true
    allowHostPorts: true
    allowPrivilegeEscalation: true
    allowPrivilegedContainer: true
    
    defaultAddCapabilities:
    - SYS_ADMIN
    runAsUser:
      type: RunAsAny
    seLinuxContext:
      type: RunAsAny
    fsGroup:
      type: RunAsAny
    users:
    - system:serviceaccount:huawei-csi:huawei-csi-controller
    - system:serviceaccount:huawei-csi:huawei-csi-node
    
  3. Run the following command to create a SecurityContextConstraints file.

    oc create -f helm_scc.yaml
    

Installation and Configuration on the Tanzu Platform

On the Tanzu platform, run the following command to configure the kubelet installation directory.

  1. Go to the helm/esdk directory in the installation package, run the following command to open the configuration file, modify the file, and save the file. For details about the installation package directory, see Table 1 .

    vi values.yaml
    
  2. Modify the kubeletConfigDir parameter as follows:

    # Specify kubelet config dir path.
    # kubernetes and openshift is usually /var/lib/kubelet
    # Tanzu is usually /var/vcap/data/kubelet
    # CCE is usually /mnt/paas/kubernetes/kubelet
    kubeletConfigDir: /var/vcap/data/kubelet
    

For TKGI 1.16 or earlier of the Tanzu platform, run the following commands to configure the RBAC permission.

  1. Run the following command to create a file named rbac.yaml.

    vi rbac.yaml
    
  2. Copy the following content to the rbac.yaml file, save the file, and exit.

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      name: huawei-csi-psp-role
    rules:
    - apiGroups: ['policy']
      resources: ['podsecuritypolicies']
      verbs: ['use']
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: huawei-csi-psp-role-cfg
    roleRef:
      kind: ClusterRole
      name: huawei-csi-psp-role
      apiGroup: rbac.authorization.k8s.io
    subjects:
    - kind: Group
      apiGroup: rbac.authorization.k8s.io
      name: system:serviceaccounts:huawei-csi
    - kind: Group
      apiGroup: rbac.authorization.k8s.io
      name: system:serviceaccounts:default
    
  3. Run the following command to create the RBAC permission.

    kubectl create -f rbac.yaml
    

2 - Installing Huawei CSI on the CCE or CCE Agile Platform

This section describes how to install Huawei CSI on the CCE or CCE Agile platform.

Creating a Helm Installation Package

The CCE or CCE Agile platform cannot directly install Huawei CSI using Helm. You need to manually create a Helm installation package and upload it to the chart list on the platform for installation.

  1. Use a remote access tool, such as PuTTY, to log in to any node where Helm is deployed through the management IP address.

  2. Copy the helm directory in the Huawei CSI component package to any directory on the node. For details about the Helm tool path, see Table 1 .

  3. Go to the helm working directory.

    cd helm/
    
  4. Modify the kubeletConfigDir and csiDriver.driverName parameters in the helm/esdk/values.yaml file.

    vi ./esdk/values.yaml
    

    Modify the following parameters:

    # Specify kubelet config dir path.
    # kubernetes and openshift is usually /var/lib/kubelet
    # Tanzu is usually /var/vcap/data/kubelet
    # CCE is usually /mnt/paas/kubernetes/kubelet
    kubeletConfigDir: /mnt/paas/kubernetes/kubelet
    
    # The CSI driver parameter configuration
    csiDriver:
      # Driver name, it is strongly recommended not to modify this parameter
      # The CCE platform needs to modify this parameter, e.g. csi.oceanstor.com
      driverName: csi.oceanstor.com
    
  5. Run the following command to create a Helm installation package. This command will generate the installation package to the current path.

    helm package ./esdk/ -d ./
    

Installing Huawei CSI

  1. Use a remote access tool, such as PuTTY, to log in to any master node where the CCE Agile platform is deployed through the management IP address.

  2. Run the following command to create a namespace for deploying Huawei CSI. huawei-csi indicates the custom namespace.

    kubectl create namespace huawei-csi
    
  3. Export the Helm installation package. For details, see Creating a Helm Installation Package .

  4. On the home page, choose Charts > My Charts > Upload Chart. The Upload Chart dialog box is displayed. Import the exported Helm installation package to the CCE Agile platform.

  5. After the installation package is uploaded, choose Charts > My Charts. On the My Charts page that is displayed, choose Install > Submit. The chart release name can be customized.

  6. On the home page, choose Charts > Releases and select the project specified during installation (for example, default in the following figure). After the installation is successful, Installed is displayed in the Status column.

3 - Parameters in the values.yaml File of Helm

When using Helm to install CSI, you need to prepare the values.yaml file of the Helm project based on the features required during deployment. Huawei CSI provides the values.yaml template file in the helm/esdk directory of the software package.

This section describes the configuration items in the values.yaml file and backend configuration examples in typical scenarios.

images Parameters

The images parameters in the values.yaml file are used to configure the component image information on which Huawei CSI depends during running. Set the following parameters:

Table 1 images parameters

Parameter

Description

Mandatory

Default Value

images.huaweiCSIService

huawei-csi image.

Yes

huawei-csi:4.6.0

images.storageBackendSidecar

Huawei back-end management sidecar image.

Yes

storage-backend-sidecar:4.6.0

images.storageBackendController

Huawei back-end management controller image.

Yes

storage-backend-controller:4.6.0

images.huaweiCSIExtender

huawei-csi-extender image.

No

huawei-csi-extender:4.6.0

images.sidecar.livenessProbe

livenessprobe sidecar image.

Yes

registry.k8s.io/sig-storage/livenessprobe:v2.12.0

images.sidecar.provisioner

csi-provisioner sidecar image.

Yes

registry.k8s.io/sig-storage/csi-provisioner:v3.6.0

images.sidecar.attacher

csi-attacher sidecar image.

Yes

registry.k8s.io/sig-storage/csi-attacher:v4.4.0

images.sidecar.resizer

csi-resizer sidecar image.

Yes

registry.k8s.io/sig-storage/csi-resizer:v1.9.0

images.sidecar.snapshotter

csi-snapshotter sidecar image.

Yes

registry.k8s.io/sig-storage/csi-snapshotter:v6.3.0

images.sidecar.snapshotController

snapshot-controller sidecar image.

Yes

registry.k8s.io/sig-storage/snapshot-controller:v6.3.0

images.sidecar.registrar

csi-node-driver-registrar sidecar image.

Yes

registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.0

  • For details about the values of huaweiCSIService, storageBackendSidecar, storageBackendController, and huaweiCSIExtender, see Uploading a Huawei CSI Image . Use the name and version of the finally generated image.
  • For details about other sidecar image parameters, see Checking the Images on Which CSI Depends . Use the name and version of the finally uploaded image.

controller Parameters

The controller parameters are used to configure the huawei-csi-controller component.

Table 2 controller parameters

Parameter

Description

Mandatory

Default Value

Remarks

controller.controllerCount

Number of huawei-csi-controller component copies.

Yes

1

If the Kubernetes version is earlier than v1.17, the huawei-csi-controller component can be deployed only in single-copy mode because the csi-provisioner sidecar image provided by the Kubernetes community does not support the --leader-election parameter.

Therefore, if the Kubernetes version is earlier than v1.17, this parameter can only be set to 1.

controller.volumeNamePrefix

PV name prefix. The default value is pvc, that is, the name of a created PV is pvc-<uuid>. The prefix must comply with the naming rules of a DNS subdomain name, and the total length of the PV name cannot exceed 253 characters.

No

pvc

The corresponding provisioner parameter name is --volume-name-prefix.

It is recommended that the prefix contain no more than 20 characters.

For details, see Configuring the PV Name Prefix.

  • If the connected backend is OceanStor V5 SAN storage, it is recommended that the prefix contain a maximum of 5 characters.
  • If the connected backend is OceanStor V5 NAS storage, the prefix can contain only lowercase letters, hyphens (-), and digits.
  • If the connected backend is OceanStor Dorado or OceanStor storage, the prefix can contain only lowercase letters, hyphens (-), and digits.
  • If the connected backend is OceanStor Pacific series storage, the prefix can contain a maximum of 58 characters, including only letters, digits, underscores (_), hyphens (-), and periods (.).
  • If the connected backend is FusionStorage Block, the prefix can contain a maximum of 58 characters, including only letters, digits, underscores (_), and hyphens (-).

controller.webhookPort

Port used by the webhook service.

Yes

4433

If a port conflict occurs, change the port number to an idle one.

controller.snapshot.enabled

Whether to enable the snapshot feature.

Yes

true

If you want to use snapshot-related functions, enable this feature.

The Kubernetes version must be later than v1.17.

controller.resizer.enabled

Whether to enable the capacity expansion feature.

Yes

true

The Kubernetes version must be later than v1.16.

controller.nodeSelector

Node selector of huawei-csi-controller. After this parameter is set, huawei-csi-controller will be scheduled only to a node with the label.

No

-

For details about the node selector, see Assign Pods to Nodes.

controller.tolerations

Taint toleration of huawei-csi-controller. After this parameter is set, huawei-csi-controller can tolerate taints on a node.

No

-

For details about taints and tolerations, see Taints and Tolerations.

controller.livenessProbePort

Liveness probe port of huawei-csi-controller, used for health check.

Yes

9808

If a port conflict occurs, change the port number to an idle one.

controller.csiExtender.volumeModify.enabled

Whether to enable the PVC change feature.

No

false

If you want to use PVC change-related functions, enable this feature.

controller.csiExtender.volumeModify.retryBaseDelay

Minimum retry interval when a PVC change fails to be created.

No

5s

The default value is recommended.

controller.csiExtender.volumeModify.retryMaxDelay

Maximum retry interval when a PVC change fails to be created.

No

5m

The default value is recommended.

controller.csiExtender.volumeModify.reconcileDelay

Interval for reconciling VolumeModifyClaim objects.

No

1s

The default value is recommended.

controller.exportCsiService.enabled

Whether to run CSI services on the Service of the Kubernetes cluster.

No

false

After this function is enabled, other services in the Kubernetes cluster can access CSI services through gRPC.

controller.exportCsiService.port

Port used when CSI services run on the Service of the Kubernetes cluster.

No

9090

If a port conflict occurs, change the port number to an idle one.


If controller.snapshot.enabled is set to true, you need to install the volume snapshot CRD resource in the helm/crd/snapshot-crds directory.

node Parameters

The node parameters are used to configure the huawei-csi-node component.

Table 3 node parameters

Parameter

Description

Mandatory

Default Value

Remarks

node.maxVolumesPerNode

Maximum number of volumes provisioned by Huawei CSI that can be used by a node. If this parameter is not specified or is set to 0, the number is unlimited.

If nodeName is specified during Pod creation, this configuration will be ignored.

No

100

For details, see Volume Limits.

node.nodeSelector

Node selector of huawei-csi-node. After this parameter is set, huawei-csi-node will be scheduled only to a node with the label.

No

-

For details about the node selector, see Assign Pods to Nodes.

node.tolerations

Taint toleration of huawei-csi-node. After this parameter is set, huawei-csi-node can tolerate taints on a node.

No

- key: "node.kubernetes.io/memory-pressure"
  operator: "Exists"
  effect: "NoExecute"
- key: "node.kubernetes.io/disk-pressure"
  operator: "Exists"
  effect: "NoExecute"
- key: "node.kubernetes.io/network-unavailable"
  operator: "Exists"
  effect: "NoExecute"

For details about taints and tolerations, see Taints and Tolerations.

node.livenessProbePort

Liveness probe port of huawei-csi-node, used for health check.

Yes

9800

If a port conflict occurs, change the port number to an idle one.

node.kubeletVolumeDevicesDirName

Name of the directory where a block device is mounted to kubelet.

No

volumeDevices

After a block device is successfully mounted, the directory structure of the mount path is as follows:

/var/lib/kubelet/plugins/kubernetes.io/csi/{kubeletVolumeDevicesDirName}/publish/{specName}/{podUID}

csiDriver Parameters

The csiDriver parameters include the basic configurations for running Huawei CSI, such as Huawei driver name and multipathing type.

Table 4 csiDriver parameters

Parameter

Description

Mandatory

Default Value

Remarks

csiDriver.driverName

Registered driver name.

Yes

csi.huawei.com

  • Use the default value.
  • For the CCE Agile platform, modify this field. For example, csi.oceanstor.com.

csiDriver.endpoint

Communication endpoint.

Yes

/csi/csi.sock

Use the default value.

csiDriver.connectorThreads

Maximum number of disks that can be concurrently scanned/detached. The value is an integer ranging from 1 to 10.

Yes

4

A larger value indicates that more concurrent disk scanning and detaching operations are performed on a single node at the same time. When DM-Multipath is used, a large number of concurrent requests may cause unknown problems and affect the overall time.

csiDriver.volumeUseMultipath

Whether to use multipathing software. The value is a Boolean value.

Yes

true

It is strongly recommended that multipathing software be enabled to enhance the redundancy and performance of storage links.

csiDriver.scsiMultipathType

Multipathing software used when the storage protocol is fc or iscsi. The following parameter values can be configured:

  • DM-multipath
  • HW-UltraPath
  • HW-UltraPath-NVMe

Mandatory when volumeUseMultipath is set to true.

DM-multipath

The DM-multipath value is recommended.

csiDriver.nvmeMultipathType

Multipathing software used when the storage protocol is roce or fc-nvme. Only HW-UltraPath-NVMe is supported.

Mandatory when volumeUseMultipath is set to true.

HW-UltraPath-NVMe

-

csiDriver.scanVolumeTimeout

Timeout interval for waiting for multipathing aggregation when DM-Multipath is used on the host. The value ranges from 1 to 600 seconds.

Yes

3

-

csiDriver.execCommandTimeout

Timeout interval for running commands on the host.

Yes

30

In scenarios such as mounting and capacity expansion, the CSI plug-in needs to run some host commands, for example, running the mount command to mount a file system. This parameter is used to control the timeout interval for running a single command.

csiDriver.allPathOnline

Whether to check whether the number of paths aggregated by DM-Multipath is equal to the actual number of online paths. The following parameter values can be configured:

  • true: The drive letter mounting condition is met only when the number of paths aggregated by DM-Multipath is equal to the actual number of online paths.
  • false: By default, the number of paths aggregated by DM-Multipath is not checked. As long as virtual drive letters are generated upon aggregation, the drive letter mounting condition is met.

This parameter is mandatory when csiDriver.scsiMultipathType is set to DM-multipath.

false

-

csiDriver.backendUpdateInterval

Interval for updating backend capabilities. The value ranges from 60 to 600 seconds.

Yes

60

-

csiDriver.controllerLogging.module

Record type of the controller log. The following parameter values can be configured:

  • file
  • console

Yes

file

When the value is file, logs are retained in the specified directory of the node. When the Pod where CSI is located is destroyed, logs are still retained.

When the value is console, logs are retained in the temporary space of the Pod where CSI is located. When the Pod where CSI is located is destroyed, the logs are also destroyed.

csiDriver.controllerLogging.level

Output level of the controller log. The following parameter values can be configured:

  • debug
  • info
  • warning
  • error
  • fatal

Yes

info

-

csiDriver.controllerLogging.fileDir

Directory of the controller log in file output mode.

Yes

/var/log/huawei

Ensure that the directory has sufficient space for storing logs. It is recommended that the space be greater than or equal to 200 MB.

csiDriver.controllerLogging.fileSize

Size of a single controller log file in file output mode.

Yes

20M

-

csiDriver.controllerLogging.maxBackups

Maximum number of controller log file backups in file output mode.

Yes

9

-

csiDriver.nodeLogging.module

Record type of the node log. The following parameter values can be configured:

  • file
  • console

Yes

file

When the value is file, logs are retained in the specified directory of the node. When the Pod where CSI is located is destroyed, logs are still retained.

When the value is console, logs are retained in the temporary space of the Pod where CSI is located. When the Pod where CSI is located is destroyed, the logs are also destroyed.

csiDriver.nodeLogging.level

Output level of the node log. The following parameter values can be configured:

  • debug
  • info
  • warning
  • error
  • fatal

Yes

info

-

csiDriver.nodeLogging.fileDir

Directory of the node log in file output mode.

Yes

/var/log/huawei

Ensure that the directory has sufficient space for storing logs. It is recommended that the space be greater than or equal to 200 MB.

csiDriver.nodeLogging.fileSize

Size of a single node log file in file output mode.

Yes

20M

-

csiDriver.nodeLogging.maxBackups

Maximum number of node log file backups in file output mode.

Yes

9

-


If Huawei CSI has been deployed in your container environment, ensure that the value of csiDriver.driverName is the same as that configured during previous deployment. Otherwise, existing volumes or snapshots provisioned by Huawei CSI in the system cannot be managed by the newly deployed Huawei CSI.

Other Parameters

Other parameters include some features of the CSI plug-in or the policies for obtaining images.

Table 5 Other parameters

Parameter

Description

Mandatory

Default Value

Remarks

kubernetes.namespace

Kubernetes namespace where Huawei CSI is running, which can be customized. The name must consist of lowercase letters, digits, and hyphens (-), for example, my-name and 123-abc.

No

huawei-csi

-

kubeletConfigDir

Working directory of kubelet.

Yes

/var/lib/kubelet

  • Use the default value.
  • For the Tanzu platform, change the value of this field to /var/vcap/data/kubelet.
  • For the CCE Agile platform, change the value of this field to /mnt/paas/kubernetes/kubelet.

sidecarImagePullPolicy

Pull policy of the sidecar image.

Yes

IfNotPresent

-

huaweiImagePullPolicy

Pull policy of the huawei-csi image.

Yes

IfNotPresent

-

CSIDriverObject.isCreate

Whether to create the CSIDriver object.

Yes

false

The CSIDriver feature is a GA version in Kubernetes v1.18. Therefore, to use this feature, the Kubernetes version must be later than v1.18. If the Kubernetes version is earlier than v1.18, set this parameter to false.

CSIDriverObject.attachRequired

Whether the CSI plug-in skips the attach operation. The following parameter values can be configured:

  • true: The attach operation is required.
  • false: The attach operation is skipped.

Yes

true

The attachRequired parameter can be configured in Kubernetes v1.18.

If CSIDriverObject.isCreate is set to true and attachRequired is set to false, the huawei-csi plug-in will not deploy the csi-attacher sidecar.

  • If NAS storage is used, this parameter can be set to false.
  • If SAN storage is used, set this parameter to true.

CSIDriverObject.fsGroupPolicy

Whether the ownership and permissions of a basic volume can be changed before the volume is mounted. The following parameter values can be configured:

  • "ReadWriteOnceWithFSType": The volume ownership and permission can be changed only when fsType is specified and accessModes of the volume contains ReadWriteOnce.
  • "File": Kubernetes can use fsGroup to change the permissions and ownership of a volume to match fsGroup requested by a user in the Pod security policy, regardless of fsGroup or accessModes.
  • "None": A volume is mounted without any change.
  • "null": The fsGroupPolicy parameter is not set.

No

null

The fsGroupPolicy parameter can be configured in Kubernetes v1.20, and takes effect only when CSIDriverObject.isCreate is set to true.

This feature is a Beta version in Kubernetes v1.20 but a GA version in Kubernetes v1.23. Therefore, the Kubernetes version must be later than v1.20.

leaderElection.leaseDuration

Leader duration.

No

8s

This parameter takes effect only in the multi-controller scenario.

leaderElection.renewDeadline

Time for the leader to be re-elected.

No

6s

This parameter takes effect only in the multi-controller scenario.

leaderElection.retryPeriod

Leader election retry time.

No

2s

This parameter takes effect only in the multi-controller scenario.


Ensure that the namespace entered in kubernetes.namespace exists on Kubernetes. If the namespace does not exist, run the following command to create it. In this example, the namespace for running Huawei CSI is huawei-csi.

kubectl create namespace huawei-csi