Skip to main content
Version: 3.2

Data protection and snapshots in GKE

Summary and Key concepts

Summary:

The article provides a detailed guide on setting up CSI Volume Snapshotting with Portworx. It walks through enabling the Snapshot Controller in the Portworx StorageCluster, creating VolumeSnapshotClass and VolumeSnapshot objects, and restoring volumes from snapshots. It emphasizes the need to enable the CSI feature within the StorageCluster and discusses specific parameters and configurations for environments where Portworx security is enabled. It also explains how to create, restore, and manage CSI-enabled volume snapshots, in specified Kubernetes environments.

Kubernetes Concepts:

Portworx Concepts:

  • StorageCluster: The Portworx object that manages and monitors the storage cluster.
  • Portworx CSI Driver: Driver that implements the Kubernetes CSI specification for Portworx.
  • px-security: Portworx's security model for encryption and access control.

Setup CSI Volume Snapshotting

In order to use VolumeSnapshots with the Portworx CSI Driver and Portworx Operator, you must enable Snapshot Controller in your StorageCluster. By default, installSnapshotController is set to true when you enable CSI in the StorageCluster.

Run the following command to edit the StorageCluster and update the arguments if CSI is not enabled:

kubectl edit stc <storageclustername> -n <px-namespace>
    csi:
enabled: true
installSnapshotController: true

Take local snapshots of CSI-enabled volumes

note

CSI Snapshots only support local volume snapshots.

If you already have a CSI PVC, complete the following steps to create and restore a CSI VolumeSnapshot.

  1. Create a VolumeSnapshotClass, specifying the following:

    • The snapshot.storage.kubernetes.io/is-default-class: "true" annotation
    • The csi.storage.k8s.io/snapshotter-secret-name parameter with your encryption and/or authorization secret
    • The csi.storage.k8s.io/snapshotter-secret-namespace parameter with the namespace your secret is in.

    note

    Specify snapshotter-secret-name and snapshotter-secret-namespace if px-security is ENABLED.

    See enable security in Portworx for more information.

    apiVersion: snapshot.storage.k8s.io/v1
    kind: VolumeSnapshotClass
    metadata:
    name: px-csi-snapclass
    annotations:
    snapshot.storage.kubernetes.io/is-default-class: "true"
    driver: pxd.portworx.com
    deletionPolicy: Delete
    parameters: ## Specify only if px-security is ENABLED
    csi.storage.k8s.io/snapshotter-secret-name: px-user-token
    csi.storage.k8s.io/snapshotter-secret-namespace: <px-namespace>
    csi.openstorage.org/snapshot-type: local
  2. Create a VolumeSnapshot:

    apiVersion: snapshot.storage.k8s.io/v1
    kind: VolumeSnapshot
    metadata:
    name: px-csi-snapshot
    spec:
    volumeSnapshotClassName: px-csi-snapclass
    source:
    persistentVolumeClaimName: px-mysql-pvc
    note

    VolumeSnapshot objects are namespace-scoped and should be created in the same namespace as the PVC.

  3. Restore from a VolumeSnapshot:

    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
    name: px-csi-pvc-restored
    spec:
    storageClassName: px-csi-db
    dataSource:
    name: px-csi-snapshot
    kind: VolumeSnapshot
    apiGroup: snapshot.storage.k8s.io
    accessModes:
    - ReadWriteOnce
    resources:
    requests:
    storage: 2Gi

See the Kubernetes-CSI snapshotting documentation for more examples and documentation.

Contribute

Portworx by Pure Storage welcomes contributions to its CSI implementation, which is open-source with a repository located at OpenStorage. In addition, we also encourage contributions to the Kubernetes-CSI open source implementation.