Step 3: Set up the StorageClass


StorageClass for CSI

The following CSI StorageClass enables your tenants to create volumes using their token stored in a secret in their namespace.

When using CSI, the storage class references the secret for the three types of supported operations:

  • provision
  • node-publish (mount/unmount)
  • controller-expand

    apiVersion: storage.k8s.io/v1
    kind: StorageClass
    metadata:
      name: px-storage
    provisioner: pxd.portworx.com
    parameters:
      repl: "1"
      csi.storage.k8s.io/provisioner-secret-name: px-user-token
      csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace}
      csi.storage.k8s.io/node-publish-secret-name: px-user-token
      csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}
      csi.storage.k8s.io/controller-expand-secret-name: px-user-token
      csi.storage.k8s.io/controller-expand-secret-namespace: ${pvc.namespace}
    allowVolumeExpansion: true

Note the value ${pvc.namespace}. This will ensure that the CSI controller gets the appropriate token, which is tied to the namespace of the PVC.



Last edited: Thursday, Sep 30, 2021