Integrate PX-CSI with Portworx Enterprise

Portworx now provides a new implementation for consuming FlashArray and FlashBlade Direct Access Volumes. The new implementation utilizes the existing PX-CSI product and integrates it into the Portworx Enterprise product. This integration provides a unified and streamlined approach to managing Everpure backend volumes through Kubernetes-native PVC, VolumeSnapshot, and Customer Resource.

If you do not integrate Portworx Enterprise with PX-CSI, you can continue to consume FlashArray and FlashBlade Direct Access Volumes with the existing Portworx Enterprise features.

note

• PX-CSI 26.1.0 can be integrated with Portworx Enterprise 3.6.0.
• You cannot upgrade the PX-CSI version in Portworx Enterprise.

Prepare your Environment

• FlashArray
• FlashBlade

Enable PX-CSI within Portworx Enterprise

To enable PX-CSI within Portworx Enterprise, add the following annotations to the StorageCluster spec during new Portworx installation or to an existing Portworx cluster:

metadata:
  annotations:
    portworx.io/pure-csi-integration: "true"

Verify

With PX-CSI enabled, the FADA, FBDA and FA File volumes are managed by PX-CSI. To verify that PX-CSI is integrated with Portworx Enterprise, run the following commands:

1. For an existing Portworx cluster, view the running jobs. For a new Portworx installation, skip this step.

   kubectl get jobs -n <portworx> | grep pure-csi-migrator

   NAME                     STATUS     COMPLETIONS   DURATION   AGE
   post-pure-csi-migrator   Complete   1/1           5s         41s
   pre-pure-csi-migrator    Complete   1/1           8s         51s

   These are the Kubernetes Jobs that will be perform migration for existing Portworx cluster where:

   • pre-pure-csi-migrator: Reads existing metadata from KVDB and old Portworx Enterprise style state to create the new Kubernetes CustomResources (e.g. PureVolume, PureSnapshot, PureStorageCluster, and more) that PX-CSI needs. It is responsible for the "heavy" migration work like enumerating volumes, snapshots, cloudsnap metadata, and writing them into K8s CRs.

   • post-pure-csi-migrator: Runs after the main metadata migration is done and after the new px-pure-csi-* pods are coming up. It performs post-processing and reconciliation steps so the new driver and operator see a consistent state. This runs a final checks that all volumes/snapshots migrated correctly into CRs.

   The migration is only run when you have an existing Portworx cluster. For new Portworx Enterprise installation with PX-CSI enabled, the migration does not happen.

2. View the daemonset for new and existing Portworx cluster:

   kubectl get daemonset -n <portworx> | grep px-pure-csi-node

   NAME                 DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR        AGE
   px-pure-csi-node     6         6         6       6            6           kubernetes.io/os=linux   34s

   The DaemonSet px-pure-csi-node here is scheduled on 6 nodes. All 6 pods are running, updated, and ready. Once migration finishes, these pods are responsible for mounting the attached volumes to the directories exposed and used by the pods.

3. View the purestoragecluster for new and existing Portworx cluster:

   kubectl get purestoragecluster -n portworx

   NAME       CLUSTER UUID   STATUS    VERSION     AGE
   test-stc   xxxxxx  xxxx  Running     3.6.0     75s

   The PX-CSI custom resource that is recognized and reconciled by the Portworx Operator has running status.

Additional Feature with PX-CSI

The Portworx Volume names are usually integers but with the integration, the FADA and FBDA volume names can be a UUID or same as the PV name. Portworx Enterprise integration with PX-CSI provides the following additional features:

• Dynamic Provisioning of FlashArray File Services
• Snapshot of FlashBlade PVC
• 512 Attachment limit for direct access volumes
• Parallel volume attachment for direct access volumes

Enable Additional PX-CSI Features within Portworx Enterprise

To enable support of these additional features with Portworx Enterprise, add the following annotations to StorageClass when you Create a CSI storage class for encrypted PVCs and when you Setup StorageClass to authenticate requests

csi.storage.k8s.io/node-stage-secret-name: ${pvc.name}
csi.storage.k8s.io/node-stage-secret-namespace: ${pvc.namespace}

Limitation when PX-CSI is integrated with Portworx Enterprise

The following features that are available with Portworx Enterprise 3.6.0, will not be supported with the PX-CSI integration for FADA and FBDA volumes:

• Custom disk tag support for FlashArray Direct Access: The support for FlashArray Direct Access Volume tagging feature is not available with the integration of PX-CSI. This feature enables custom metadata on FADA volumes that allows easier filtering and sorting of volumes, and adding more identifying information to them.
• Storage of the FlashArray and FlashBlade secret in Vault: With PX-CSI integration, storing Everpure FlashArray and FlashBlade credentials in Vault is not supported. Credentials will have to be directly stored in the configuration files.
• Support for the multiple secret providers: Configuring multiple secrets providers like using Kubernetes Secrets and Vault within a single deployment is not supported with PX-CSI integration.

Reference

• Portworx CSI Release Notes
• Portworx CSI Documentation
• Portworx Enterprise Release Notes