Version: 26.2

PX-CSI StorageClass Reference

PX-CSI uses standard Kubernetes StorageClass resources with a set of PX-CSI-specific parameters for FlashArray and FlashBlade backend storage.

StorageClass

Field	Description	Type
`apiVersion`	The Kubernetes API version for the StorageClass object.	`string`
`kind`	The kind of Kubernetes object, always `StorageClass`.	`string`
`metadata.name`	The name of the StorageClass.	`string`
`provisioner`	Specifies the CSI driver used for dynamic provisioning. For PX-CSI, this value is `pxd.portworx.com`.	`string`
`reclaimPolicy`	Defines what happens to a volume when released from its claim. Refer to the Kubernetes documentation for options `Delete` or `Retain`.	`string`
`volumeBindingMode`	Controls when volume binding and dynamic provisioning occur. Refer to the Kubernetes documentation for options `Immediate` or `WaitForFirstConsumer`.	`string`
`allowVolumeExpansion`	Specifies whether the volume can be dynamically resized.	`boolean`
`mountOptions`	A list of mount options supported by the backend. Common examples include `nfsvers=3`, `tcp`, and `nfsvers=4.1`.	`array`
`parameters`	PX-CSI-specific configuration parameters described below.	`object`

`parameters` fields

Common

Field	Description	Type	Required/Optional
`parameters.backend`	Defines the storage backend for the volume. Accepted values: - `pure_block` (FlashArray block) - `pure_fa_file` (FlashArray File Services) - `pure_file` (FlashBlade file)	`string`	Required
`parameters.portworx.io/pure-array-id`	Specifies the array ID to target a specific FlashArray or FlashBlade for volume provisioning. Use this to control volume placement when multiple arrays are connected to the cluster. This setting can be overridden by the persistent volume claim (PVC) annotation of the same name. For more information, see Control volume placement using array IDs.	`string`	Optional

FlashArray block volumes

Field	Description	Type	Required/Optional
`parameters.max_iops`	Sets a QoS IOPS cap. Range: 100 – 100,000,000.	`string`	Optional
`parameters.max_bandwidth`	Sets a QoS bandwidth cap. Units: `K`, `M`, `G` (for example, `10G`).	`string`	Optional
`parameters.csi.storage.k8s.io/fstype`	The file system type to create on the volume (for example, `ext4`, `xfs`).	`string`	Optional
`parameters.secure`	When `true`, enables volume encryption. Requires cluster-wide key setup.	`boolean`	Optional
`parameters.pure_fa_pod_name`	Sets the FlashArray pod name to control volume placement. This parameter is: Required for ActiveCluster stretched pods, see Use FlashArray ActiveCluster Required for secure multi-tenancy (realms) Optional for controlling volume placement across multiple arrays	`string`	Required for ActiveCluster and realms

FlashArray file services

Field	Description	Type	Required/Optional
`parameters.pure_nfs_policy`	The name of a pre-created FlashArray NFS policy.	`string`	Required
`parameters.pure_fa_file_system`	The FlashArray file system name where directories or volumes are created.	`string`	Required
`parameters.pure_quota_policy`	An optional quota policy name for enforcing size limits.	`string`	Optional
`parameters.pure_nfs_endpoint`	Overrides the FlashArray `NFSEndPoint` from the configuration for this class.	`string`	Optional

To enable NFS over TLS for FlashArray file services, add xprtsec=tls to mountOptions. This requires Purity version 6.10.6 or later and Linux kernel 6.12 or later on worker nodes with nfs-utils, ktls-util (tlshd), and openssl installed.

FlashBlade file systems

Field	Description	Type	Required/Optional
`parameters.pure_export_rules`	NFS export rules that apply to the directory (for example, `(rw)` or `(rw,no_root_squash)`). Note: If you are using `pure_nfs_policy`, do not specify this field.	`string`	Optional
`parameters.pure_nfs_policy`	Name of the NFS export policy on FlashBlade. Required for FlashBlade with secure multi-tenancy and multi-server.	`string`	Required for secure multi-tenancy and multi-server
`parameters.pure_nfs_server`	Name of the NFS server on FlashBlade where the file system is exported. Note: Use with `pure_nfs_policy`.	`string`	Required for secure multi-tenancy and multi-server.
`parameters.pure_nfs_endpoint`	Use this field to override the NFS endpoint specified in `pure.json`.	`string`	Optional
`parameters.pure_nfs_export_rules_client`	Specifies the client IP address, subnet, hostname, FQDN, or wildcard for NFS export rules when you use multi-server or secure multi-tenancy. Example: `10.0.0.0/24` or ``. Default: ``	`string`	Optional
`parameters.pure_nfs_export_rules_access`	The NFS export access rule. Values can be no-squash, root-squash, or all-squash. Default is `root-squash`	`string`	Optional
`parameters.pure_fb_node_group`	Specifies the node group name for FlashBlade//EXA deployments (such as `group-05`). When specified, the volume is provisioned using node group–based provisioning instead of size-based provisioning.	`string`	Required for FlashBlade//EXA
`parameters.pure_fb_hard_limit_enabled`	Enables or disables hard quota limits on the file system. Valid values: `true` or `false`. Default: `true`. Note: For FlashBlade//EXA, set to `"false"`.	`string`	Optional
`parameters.pure_fb_snapshot_directory_enabled`	Enables or disables the snapshot directory. Valid values: `true` or `false`. Default: `false`. Note: For FlashBlade//EXA, set to `"false"`.	`string`	Optional
`parameters.pure_fb_nfsv3_enabled`	Enables or disables the NFSv3 protocol. Valid values: `true` or `false`. Default: `true`. Note: For FlashBlade//EXA, default is `"false"`.	`string`	Optional
`parameters.pure_fb_nfsv4_1_enabled`	Enables or disables the NFSv4.1 protocol. Valid values: `true` or `false`. Default: `true`. Note: For FlashBlade//EXA, set to `"true"`.	`string`	Optional
`parameters.pure_fb_fast_remove_directory_enabled`	Enables or disables fast directory removal for FlashBlade file systems. When set to `"true"`, PX-CSI automatically deletes directory contents when you delete a PVC. Valid values: `true` or `false`. Default: `false`.	`string`	Optional

To enable NFS over TLS for FlashBlade file systems, add xprtsec=tls to mountOptions and specify pure_nfs_policy that references an export rule with TLS enabled. For instructions on creating NFS export policies and rules, see Creating NFS Export Policies and Rules in the FlashBlade Admin Guide. This requires Purity version 4.6.0 or later and Linux kernel 6.12 or later on worker nodes with nfs-utils, ktls-util (tlshd), and openssl installed.

FlashBlade//EXA configuration requirements

For FlashBlade//EXA deployments, the following parameters are required:

pure_fb_node_group: Must specify the node group name (for example, group-05)
pure_fb_nfsv4_1_enabled: Must be set to "true"
pure_fb_nfsv3_enabled: Must be set to "false"
pure_fb_snapshot_directory_enabled: Must be set to "false"
pure_fb_hard_limit_enabled: Must be set to "false"

Additionally, for HPC workloads, use nconnect=16 in mountOptions to enable multiple TCP connections for improved performance.

FlashBlade secure multi-tenancy and multi-server requirements

Both features require PX-CSI 26.2.0 or later and Purity 4.6.1 or later.

Secure multi-tenancy
- Specify the Realm field in the FlashBlade entry in pure.json.
- The NFS policy and server specified in StorageClass parameters must exist within the Realm.
Multi-server
- Does not require the Realm field in pure.json.
- The NFS policy and server must exist on the FlashBlade array.
Both features
- Requires pure_nfs_policy and pure_nfs_server StorageClass parameters. The pure_nfs_endpoint parameter is optional and overrides the NFS endpoint configured in pure.json.
- If you are using pure_nfs_policy, do not specify pure_export_rules in the StorageClass.

Defaults created by PX-CSI

PX-CSI automatically deploys default StorageClass objects during installation:

StorageClass	Backend	Purpose
`px-fa-direct-access`	FlashArray	FlashArray block volume provisioning
`px-fb-direct-access-nfsv3`	FlashBlade	FlashBlade NFSv3 provisioning
`px-fb-direct-access-nfsv4`	FlashBlade	FlashBlade NFSv4 provisioning

To view available StorageClass objects, run the following command:

kubectl get sc

Example StorageClass

FlashArray StorageClass

FlashArray block volumes
FlashArray file services
FlashArray block volumes for KubeVirt VMs

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: px-fa-direct-access
provisioner: pxd.portworx.com
allowVolumeExpansion: true
parameters:
  backend: pure_block
reclaimPolicy: Delete
volumeBindingMode: Immediate

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: fa-file-sc
provisioner: pxd.portworx.com
parameters:
  backend: pure_fa_file
  pure_nfs_policy: test-policy
  pure_fa_file_system: name01
  pure_quota_policy: 100g_policy
  pure_nfs_endpoint: <nfs-endpoints-of-fa>
mountOptions:
  - nfsvers=3
  - proto=tcp

    apiVersion: storage.k8s.io/v1
    kind: StorageClass
    metadata:
     name: fada-rwx-sc
    parameters:
     backend: "pure_block"
    provisioner: pxd.portworx.com
    volumeBindingMode: Immediate
    allowVolumeExpansion: true

FlashBlade StorageClass

FlashBlade file systems without secure multi-tenancy
FlashBlade file systems with secure multi-tenancy
FlashBlade//EXA

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: px-fb-direct-access-nfsv4
provisioner: pxd.portworx.com
parameters:
  backend: pure_file
  pure_export_rules: '*(rw)'
mountOptions:
  - nfsvers=4.1 # NFS version: 3 | 4.1
  - tcp
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: px-fb-direct-access-realm
provisioner: pxd.portworx.com
parameters:
  backend: "pure_file" 
  pure_nfs_server: <nfs-server> # Required, nfs server created within the Realm
  pure_nfs_endpoint: "<nfs-endpoint-of-server>" # Optional: overrides the endpoint in pure.json
  pure_nfs_policy: "<nfs-policy>" # Required. If the specified policy name does not exist on the FlashBlade array, PX-CSI creates the policy.
  pure_nfs_export_rules_client: "<client-ip>" # Optional, enter the client as an IP address (IPv6 or IPv4), host name in short or FQDN form (including wildcards), subnet in CIDR notation, netgroup (Active Directory, LDAP, or NIS), or anonymous (*).
  pure_nfs_export_rules_access: "root-squash" # Optional, Access mode: root-squash | all-squash | no-squash
reclaimPolicy: Delete
mountOptions:
  - nfsvers=3 # NFS version: 3 | 4.1
  - tcp
allowVolumeExpansion: true

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: portworx-csi-fb-exa
provisioner: pxd.portworx.com
parameters:
  backend: pure_file
  pure_fb_node_group: "group-05"  # Required for FlashBlade//EXA
  pure_export_rules: '*(rw,no_root_squash)'
  pure_fb_nfsv3_enabled: "false"  # Required for FlashBlade//EXA
  pure_fb_nfsv4_1_enabled: "true"  # Required for FlashBlade//EXA
  pure_fb_snapshot_directory_enabled: "false"  # Required for FlashBlade//EXA
  pure_fb_hard_limit_enabled: "false"  # Required for FlashBlade//EXA
  pure_fb_fast_remove_directory_enabled: "true"  # Optional: enables automatic directory deletion
mountOptions:
  - nfsvers=4.1
  - nconnect=16  # Enables multiple TCP connections for HPC workloads
reclaimPolicy: Delete
volumeBindingMode: Immediate
allowVolumeExpansion: true

StorageClass​

parameters fields​

Common​

FlashArray block volumes​

FlashArray file services​

FlashBlade file systems​

FlashBlade//EXA configuration requirements​

FlashBlade secure multi-tenancy and multi-server requirements​

Defaults created by PX-CSI​

Example StorageClass​

FlashArray StorageClass​

FlashBlade StorageClass​