Use FlashBlade as backend storage for Kubernetes applications

This section provides instructions for configuring your environment to use FlashBlade as backend storage for Kubernetes applications.

Before you begin preparing your environment, ensure that all system requirements are met.

Set up user access in FlashBlade

To establish secure communication between Portworx CSI and FlashBlade, you need a user account with an API token. The token serves as a key for Portworx CSI to authenticate with FlashBlade and perform storage operations on behalf of an authorized user. This section provides the steps to generate an API token, which encapsulates your authorization within the FlashBlade environment.

1. Create a user:

   1. In your FlashBlade dashboard, select Settings in the left pane.
   2. On the Settings page, select Access.
   3. In the Users section, click the vertical ellipsis in the top-right corner and select Create User:
   4. In the Create User window, enter your details and set the role to Storage Admin.
   5. Select Create to add the new user.

2. Generate an API token:

   1. To create a token for the user you created, select the user from the Users list, click the vertical ellipsis in the right-hand corner of the username, and select Create API Token:
   2. In the API Token window, leave the Expires in field blank if you want to create a token that never expires, and click Create.
   3. Save this information to avoid the need to recreate the token.

Create pure.json file

To integrate Portworx CSI with FlashBlade, create a JSON configuration file (named pure.json) containing essential information about the FlashBlade environment. This file should include the management endpoints and the API token you generated.

• Management endpoints: These are URLs or IP addresses that Portworx CSI uses to communicate with FlashBlade through API calls. To locate these, go to Settings > Network in your FlashBlade dashboard. Note the IP addresses or hostnames of your management interfaces, prefixed with vir, indicating virtual interfaces.
• API token: Generated in the previous section.
• NFSEndPoint NFS endpoint of FlashBlade.

important

For IPv6 address, ensure that the IP address is enclosed in square brackets, for example: "MgmtEndPoint": "[XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX]".

Add the FlashBlade configuration to the Kubernetes secret by following these steps:

Use the above information to create a JSON file. Below is a template for the configuration content, which you should populate with your specific information:

note

If you are configuring both FlashArray and FlashBlade, you can add FlashArray configuration information in the same file. Refer to the JSON file for more information.

Multiple NFS endpoints

  {
    "FlashBlades": [
      {
    "MgmtEndPoint": "FB end point 1",
    "APIToken": "<api-token-for-fb-management-endpoint1>",
    "NFSEndPoint": "<fb-nfs-endpoint>",
    "Labels": {
      "topology.portworx.io/zone": "<zone-1>",
      "topology.portworx.io/region": "<region-1>"
    }
  },
    {
    "MgmtEndPoint": "FB end point 2",
    "APIToken": "<api-token-for-fb-management-endpoint2>",
    "NFSEndPoint": "<fb-nfs-endpoint2>",
    "Labels": {
      "topology.portworx.io/zone": "<zone-1>",
      "topology.portworx.io/region": "<region-2>"
    }
  }
  ]
  }

Single NFS endpoint

  {
    "FlashBlades": [
      {
        "MgmtEndPoint": "<fb-management-endpoint>",
        "APIToken": "<fb-api-token>",
        "NFSEndPoint": "<fb-nfs-endpoint>"
      }
    ]
  }

(Optional) CSI topology feature

Portworx CSI supports topology-aware storage provisioning for Kubernetes applications. By specifying topology information, such as node, zone, or region, you can control where volumes are provisioned. This ensures that storage aligns with your application's requirements for availability, performance, and fault tolerance. Portworx CSI optimizes storage placement, improving efficiency and resilience in multi-zone or multi-region Kubernetes environments. For more information, see CSI topology.

To prepare your environment for using the topology-aware provisioning feature, follow these steps:

1. Edit the pure.json file created in the previous section to define the topology for each FlashBlade. For more information, refer to the pure.json with CSI topology.

2. Label your Kubernetes nodes with values that correspond to the labels defined in the pure.json file. For example:

   kubectl label node <nodeName> topology.portworx.io/zone=zone-0
   kubectl label node <nodeName> topology.portworx.io/region=region-0

Add FlashBlade configuration to a kubernetes secret

To enable Portworx CSI to access the FlashBlade configuration, add the pure.json file to a Kubernetes secret by running the following command to create a secret named px-pure-secret:

Kubernetes

kubectl create secret generic px-pure-secret --namespace <stc-namespace> --from-file=pure.json=<file path>

secret/px-pure-secret created

OpenShift

oc create secret generic px-pure-secret --namespace <stc-namespace> --from-file=pure.json=<file path>

secret/px-pure-secret created

important

The specific name px-pure-secret is required so that Portworx CSI can correctly identify and access the Kubernetes secret upon startup. This secret securely stores the FlashBlade configuration details and allows Portworx CSI to access this information within the Kubernetes environment.