Configure VAST Cluster for VAST Block CSI Driver

  • Updated on Feb 13, 2026
  • Published on Jan 26, 2026
  • 5 minute(s) read
Prev Next

Complete the following steps to make your VAST cluster ready for integration with Kubernetes:

  • (Optionally) With VAST Cluster 5.3.3 or later, if you are going to provision storage on a particular VAST tenant, create a tenant that will host the block volumes.

  • Create a VAST Cluster view that VAST Block CSI Driver will use to provision block volumes.

  • Set up virtual IP pools to be used by VAST Block CSI Driver.

  • Set up a VMS user to be used by VAST Block CSI Driver.

  • (Optional) Upload your CA-signed SSL certificate to the VAST cluster.

  • (Optional): Configure a QoS policy to be associated with views created by  VAST Block CSI Driver.

Create a Tenant for Dynamic Volume Provisioning

If you run the driver with VAST Cluster 5.3.3 or later, it is recommended to set up a dedicated VAST Cluster tenant for dynamic volume provisioning to allow for control plane isolation of privileges that would prevent the service account used by the driver from acting outside the scope of dynamic provisioning.

For more information about support of multiple VAST tenants by the driver, see Support of VAST Cluster Multi-Tenancy for Block Storage.

To create a tenant in VAST Web UI, log in and choose Element Store -> Tenants in the main navigation menu. Click Create Tenant and follow the tenant creation guidelines in  VAST Cluster Administrator's Guide.

Create a View for Block Volumes

Create a view that will expose the NVMe subsystem that VAST Block CSI Driver will use to to provision block volumes. The view must have the block storage protocol enabled and the NVMe subsystem defined.

With VAST Cluster 5.3.3 or later, if you've created a dedicated tenant for dynamic volume provisioning, ensure that the view belongs to the dedicated tenant.

To view and manage views in VAST Web UI, log in and choose Element Store -> Views in the main navigation menu. For more information about VAST Cluster views, see VAST Cluster Administrator's Guide.

Set up Virtual IP Pools

VAST Block CSI Driver distributes the load among virtual IPs in one or more VAST virtual IP pools.

You specify a virtual IP pool in the storageClass definition. The virtual IP pool specified for a storage class is used to process read and write operations requested by the application that is using that particular class.

Ensure that the virtual IP pool set for a storage class belongs to the same VAST Cluster tenant as the view that exposes the NVMe subsystem specified for that storage class.

In the driver's Helm chart configuration file, the virtual IP pool can be specified by its name (vipPool) or FQDN (vipPoolFQDN). If you are going to use the FQDN, ensure that the VAST cluster has DNS configured, and the virtual IP pool has Virtual IP Pool Domain Name defined in its settings.

To view and manage virtual IP pools in VAST Web UI, log in and choose Network Access -> Virtual IP Pools in the main navigation menu. For more information about VAST Cluster virtual IP pools, see VAST Cluster Administrator's Guide.

Set Up a VMS User

Set up a VMS user for VAST Block CSI Driver to communicate with the VAST Management Service (VMS) via VAST REST API.

You'll need to supply the VMS user's credentials (username and password) or authentication token in a Kubernetes secret that is specified when creating the driver's Helm chart configuration file.

To set up a VMS user for VAST Block CSI Driver:

  1. Create a new role (in VAST Web UI: Administrators -> Roles -> Create Role) that grants the CreateViewEdit and Delete permissions in the Logical realm.

    Note

    Do not use the csi role provided with the cluster.

  2. Create a new VMS manager user for VAST CSI Driver (in VAST Web UI: Administrators -> Managers -> Create Manager) and assign the newly created role to this user.

    Note

    Alternatively, assign the newly created role to the admin user provided with the cluster.

    With VAST Cluster 5.3.3 or later, if you are going to provision storage on a particular VAST tenant, set the User type to Tenant Admin and select the desired tenant from the dropdown list. This is the tenant you'll need to specify in the driver's Kubernetes secret.

  3. If you want to have the user authenticated with a VMS token instead of a password, generate the token as follows:

    • If the user is a Cluster Admin, run the apitoken create command of VAST CLI.

    • If the user is a Tenant Admin, with VAST Cluster 5.3.3 or later:

      1. Install vastpy and vastpy-cli tools with the following command (which installs both tools):

        pip install vastpy

      2. Run the following command to generate the VMS token:

        vastpy-cli --user <username of tenant admin user>  \
           --password '<password of tenant admin user>' \
           --tenant-name <tenant name>  \
           post apitokens owner=<username of tenant admin user> name=<token name>

        For example:

        vastpy-cli   --user admina  \
 --password 'P@ssw0rd'   \
 --tenant-name ten-a   \
 post apitokens owner=admina name=new‑token9898

Upload a CA-Signed SSL Certificate to VAST Cluster

If you want to use a Certificate Authority-signed SSL certificate to secure the connection to the VAST cluster, follow the SSL certificate upload procedure in the VAST Cluster Administrator's Guide to upload your SSL certificate to the VAST cluster.

For more information about configuring SSL encryption for VAST Block CSI Driver, see Configuring SSL Encryption for VAST Block CSI Driver.

Configure a QoS Policy

You can optionally set up a Quality of Service (QoS) policy to be associated with the views that VAST Block CSI Driver creates. A QoS policy is specified per Kubernetes storage class configured for the VAST driver.

Notice

This capability requires VAST Cluster 5.4 or later.

To view and manage QoS policies via VAST Web UI, log in and choose Element Store -> QoS Policies. For more information about VAST Cluster QoS policies, see VAST Cluster Administrator's Guide.

Related articles