Configure VAST Cluster for VAST CSI Driver

  • Published on Jan 30, 2026
  • 4 minute(s) read
Prev Next

Complete the following steps to make your VAST cluster ready for integration with Kubernetes:

  • Set up virtual IP pools to be used by VAST CSI Driver.

  • Configure a view policy to be used for views created by VAST CSI Driver.

  • Set up a VMS user to be used by VAST CSI Driver.

  • (Optional) Upload your CA-signed SSL certificate to the VAST cluster.

  • (Optional): Configure a QoS policy to be associated with views created by  VAST CSI Driver.

Note

If you are going to use VAST CSI Driver with a VAST cluster where the Trash Folder Access feature is disabled or not used for any reason, you also need to complete additional configuration steps.

Set up Virtual IP Pools

VAST CSI Driver distributes the load among virtual IPs in one or more VAST virtual IP pools.

You specify a virtual IP pool in the storage class definition. The virtual IP pool specified for a storage class is used to process read and write operations requested by the application that is using that particular class.

When using VAST Cluster 4.6.0 or later, ensure that the virtual IP pool set for a storage class belongs to the same VAST Cluster tenant as the view policy specified for that class.

In the VAST CSI Driver chart configuration file, the virtual IP pool can be specified by its name (vipPool) or FQDN (vipPoolFQDN). If you are going to use the FQDN, ensure that the VAST cluster has DNS configured, and the virtual IP pool has Virtual IP Pool Domain Name defined in its settings.

To view and manage virtual IP pools in VAST Web UI, log in and choose Network Access -> Virtual IP Pools in the main navigation menu. For more information about VAST Cluster virtual IP pools, see VAST Cluster Administrator's Guide.

Configure View Policies

VAST CSI Driver can automatically create a VAST Cluster view for each storage claim being provisioned. These views are controlled using VAST Cluster view policies.

You specify a view policy to be assigned to the automatically created views in the  storage class definition. The view policy specified for a storage class is used when processing read and write operations requested by the application that is using that particular storage class.

When using VAST Cluster 4.6.0 or later, ensure that the view policy set for a storage class belongs to the same VAST Cluster tenant as the virtual IP pool specified for that class.

To view and manage existing view policies in VAST Web UI, log in and choose Element Store -> View Policies. For more information about VAST Cluster view policies, see VAST Cluster Administrator's Guide.

Set Up a VMS User

Set up a VMS user for VAST CSI Driver to communicate with the VAST Management Service (VMS) via VAST REST API.

You'll need to supply the VMS user credentials in a Kubernetes secret that is specified when creating the VAST CSI Driver's Helm chart configuration file.

VAST CSI Driver can use the default admin user that is created by VAST during the initial install, or you can create a new VMS user. The user does not need to have full VMS permissions. The required permissions are Create,  View, Edit and Delete permissions in the Logical realm.

Permissions are granted to a VMS user by assigning a role. To view and manage roles in VAST Web UI, log in and choose Administrators -> Roles  in the main navigation menu. For more information about managing roles, see VAST Cluster Administrator's Guide.

To view and manage VMS users in VAST Web UI, log in and choose Administrators -> Managers in the main navigation menu. For more information about managing VMS Manager users, see VAST Cluster Administrator's Guide.

Upload a CA-Signed SSL Certificate to VAST Cluster

If you want to use a Certificate Authority-signed SSL certificate to secure the connection to the VAST cluster, follow the SSL certificate upload procedure in the VAST Cluster Administrator's Guide to upload your SSL certificate to the VAST cluster.

For more information about configuring SSL encryption for VAST CSI Driver, see Configuring SSL Encryption for VAST CSI Driver.

Configure a QoS Policy

You can optionally set up a Quality of Service (QoS) policy to be associated with the views that VAST CSI Driver creates. A QoS policy is specified per Kubernetes storage or bucket class configured for the VAST driver.

Notice

This capability requires VAST Cluster 4.6 or later.

To view and manage QoS policies via VAST Web UI, log in and choose Element Store -> QoS Policies. For more information about VAST Cluster QoS policies, see VAST Cluster Administrator's Guide.

Extra Configuration Steps for Legacy CSI Local-Mount Deletions

If you are going to use VAST CSI Driver with a VAST cluster where the Trash Folder Access feature is disabled or not used for any reason, you need to specify a deletion view policy and a deletion virtual IP pool. The deletion view policy and pool are used solely for deletions and must enable VAST CSI Driver to effectively handle deletions across all storage classes defined.

The deletion view policy and pool can be the same as those used for the volume views, or they can be different.

Ensure that the deletion view policy and pool meet the following requirements:

  • For all versions of VAST Cluster:

    The deletion view policy has the same security flavor as the view policy set for the storage class.

  • For VAST Cluster 4.6.0 up to 4.7.0-SP3:

    The deletion view policy and pool belong to the same VAST Cluster tenant as the view policy and pool specified for the storage class.

  • For VAST Cluster earlier than 4.7.0-SP6:

    The deletion view policy does not have the Root Squash setting enabled.

Related articles