Portworx
PORTWORX.COM

Step 3: Set up the StorageClass

StorageClass for CSI

The following CSI StorageClass enables your tenants to create volumes using their token stored in a secret in their namespace.

When using CSI, the storage class references the secret for the three types of supported operations:

  • provision
  • node-publish (mount/unmount)

  • controller-expand

    apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: px-storage
provisioner: pxd.portworx.com
parameters:
  repl: "1"
  csi.storage.k8s.io/provisioner-secret-name: px-user-token
  csi.storage.k8s.io/provisioner-secret-namespace: ${pvc.namespace}
  csi.storage.k8s.io/node-publish-secret-name: px-user-token
  csi.storage.k8s.io/node-publish-secret-namespace: ${pvc.namespace}
  csi.storage.k8s.io/controller-expand-secret-name: px-user-token
  csi.storage.k8s.io/controller-expand-secret-namespace: ${pvc.namespace}
allowVolumeExpansion: true

Note the value ${pvc.namespace}. This will ensure that the CSI controller gets the appropriate token, which is tied to the namespace of the PVC.

arrow_back_ios Previous
Step 2: Generate multitenant tokens
Next arrow_forward_ios
Example application
Last edited: Friday, Apr 7, 2023
Questions? Visit the Portworx forum.