Dynamic Provisioning of FlashBlade File Systems
Use PX-CSI to dynamically provision file-based volumes backed by FlashBlade file systems. This page walks you through creating a StorageClass, provisioning a PersistentVolumeClaim (PVC), and mounting it to a pod.
When PX-CSI is deployed, the following StorageClass objects are automatically created. You can use these directly or create custom StorageClass configurations:
kubectl get storageclass
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
px-fa-direct-access pxd.portworx.com Delete Immediate true 4d17h
px-fb-direct-access-nfsv3 pxd.portworx.com Delete Immediate true 4d17h
px-fb-direct-access-nfsv4 pxd.portworx.com Delete Immediate true 4d17h
(Optional) Create a custom StorageClass
Define a custom StorageClass that specifies the backend ("pure_file"), NFS configuration, and optional topology rules.
FlashBlade exports use root_squash by default. If your pod sets an fsGroup, this may result in permission errors (e.g., permission denied, lchown failed).
To prevent this, set the parameters.pure_export_rules field to *(rw,no_root_squash) in the StorageClass object.
Example StorageClass specifications:
- Multiple NFS Endpoints
- Basic NFS Endpoint
To provision volumes with multiple NFS endpoints, create the StorageClass specification as follows:
Note: If CSI topology is not enabled, you can omit the
allowedTopologiessection.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: portworx-csi-fb
provisioner: pxd.portworx.com
parameters:
pure_nfs_endpoint: "<nfs-endpoint-1>"
backend: "pure_file"
mountOptions:
- nfsvers=3
- tcp
allowVolumeExpansion: true
allowedTopologies:
- matchLabelExpressions:
- key: topology.portworx.io/zone
values:
- <zone-1>
- key: topology.portworx.io/region
values:
- <region-1>
To configure a single NFS endpoint, use the following StorageClass specification:
Note: If CSI topology is not enabled, you can omit the
allowedTopologiessection.
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: portworx-csi-fb
provisioner: pxd.portworx.com
parameters:
backend: "pure_file"
pure_export_rules: "*(rw)"
mountOptions:
- nfsvers=3
- tcp
allowVolumeExpansion: true
allowedTopologies:
- matchLabelExpressions:
- key: topology.portworx.io/zone
values:
- <zone-1>
- key: topology.portworx.io/region
values:
- <region-1>
Ensure unique topology labels for FlashBlade
To ensure successful PVC creation, verify that the labels in the allowedTopologies section uniquely identify a single FlashBlade endpoint from the pure.json file.
For example, if you specify topology.portworx.io/zone: <zone-1> in the StorageClass and multiple FlashBlades listed in the pure.json file, Portworx CSI will fail to create PVCs for FlashBlade Direct Access volumes and display the following error message:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Provisioning 1s (x4 over 10s) pxd.portworx.com_px-csi-ext-6f77f7c664-xxxx External provisioner is provisioning volume for claim "default/pure-multiple-nfs"
Warning ProvisioningFailed 1s (x4 over 9s) pxd.portworx.com_px-csi-ext-6f77f7c664-xxx failed to provision volume with StorageClass "portworx-multiple-nfs": rpc error: code = Internal desc = Failed to create volume: multiple storage backends match volume provisioner, unable to determine which backend the provided NFSEndpoint matches to
Normal ExternalProvisioning 0s (x3 over 10s) persistentvolume-controller Waiting for a volume to be created either by the external provisioner 'pxd.portworx.com' or manually by the system administrator. If volume creation is delayed, please verify that the provisioner is running and correctly registered.
Apply the StorageClass
Apply the StorageClass specification using the command:
kubectl apply -f <storageclass.yml>
storageclass.storage.k8s.io/portworx-csi-fb created
Create a PVC
-
Once the StorageClass is created, you can create PVCs to request storage for your application.
noteThe Pure export rules for accessing FlashBlade defined by the specified
accessModesin the PVC specification.*(rw): This rule is set forReadWriteOnce,ReadWriteMany, andReadWriteOncePodPVC access modes. It allows clients to perform both read and write operations on the storage.*(ro): This rule is applied forReadOnlyManyPVC access mode. It ensures that the storage can only be accessed in read-only mode, preventing modifications to the data.Example PVC specification:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pure-multiple-nfs
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: portworx-csi-fb -
Apply this YAML to your cluster:
kubectl apply -f <pvc.yml>
Mount the PVC to a Pod
-
After creating PVCs, mount them to an application pod to make the storage available.
Example pod specification:
kind: Pod
apiVersion: v1
metadata:
name: nginx-pod
labels:
app: nginx
spec:
volumes:
- name: pure-nfs
persistentVolumeClaim:
claimName: pure-multiple-nfs
containers:
- name: nginx
image: nginx
volumeMounts:
- name: pure-nfs
mountPath: /data
ports:
- containerPort: 80 -
(Optional) To control pod scheduling based on node labels, add the
nodeAffinityfield to the Pod specification. For example:spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.portworx.io/zone
operator: In
values:
- zone-0
- key: topology.portworx.io/region
operator: In
values:
- region-0
Verify pod status
Monitor the pod’s status to ensure it is running and connected to the volume:
watch kubectl get pods
Once the pod is Running, verify it can access the FlashBlade volume mounted at /data.