Create a Kubernetes secret to keep VMS user credentials that VAST CSI Driver uses to communicate with the VAST cluster. You need to supply the name of the secret when creating the driver's Helm chart configuration file.
The Kubernetes secret can also specify the VAST cluster on which you want to provision volumes for a particular storage class or snapshot class.
Create a Kubernetes Secret to Provision Storage on a Single VAST Cluster
Use this procedure to create a single Kubernetes secret that contains VMS user credentials to connect to a single VAST cluster. The Kubernetes secret will be used for all storage classes and snapshot classes defined in the VAST CSI Driver Helm chart configuration file. The VAST cluster to connect is specified on the endpoint parameter in the configuration file.
To create a Kubernetes secret that will be used to provision storage on a single VAST cluster:
Create a YAML file with the following content. Note that the VMS user's username and password must be Base64-encoded.
apiVersion: v1 kind: Secret metadata: name: <secret name> type: Opaque data: username: <VMS user's username> password: <VMS user's password>
Apply the YAML file:
kubectl apply -f <path to the YAML file>
Alternatively, you can create a secret with the following command:
kubectl create secret generic <secret name> \ --from-literal=username='<VMS user's username>' \ --from-literal=password='<VMS user's password>'
Note
If you are creating the secret in a Kubernetes namespace that is different from the namespace used to install the VAST CSI Driver Helm chart, specify the secret's namespace on the command:
-n <secret's namespace>.
Create a Kubernetes Secret to Provision Storage on Multiple VAST Clusters
Use this procedure to create one or more Kubernetes secrets that can be specified individually per storage class or snapshot class. Each of these Kubernetes secrets specifies the VAST cluster to connect to and the VMS user credentials, enabling you to provision volumes on multiple VAST clusters or using multiple VMS users on the same VAST cluster.
Tip
This type of secret can be used not only when there are multiple VAST clusters, but also anytime when the
secretNameandsecretNamespaceparameters in the Helm chart configuration file (values.yaml) are specified within a storage class or underStorageClassDefaults.
To create a Kubernetes secret that will be used to provision storage on multiple VAST clusters:
Create a YAML file with the following content:
apiVersion: v1 kind: Secret metadata: name: <secret name> type: Opaque data: endpoint: <VAST cluster hostname> username: <VMS user's username> password: <VMS user's password> sslCert: <path to SSL certificate>
Where:
(Required)
endpointsets the hostname FQDN or IP address of the VMS URL of the VAST cluster where you want to provision volumes.(Required)
usernameis the username of the VMS user to connect to the VAST cluster. The username must be Base64-encoded.(Required)
passwordis the password for the VMS user connecting to the VAST cluster. The password must be Base64-encoded.(Optional)
sslCertis only required if you are using SSL encryption with a self-signed SSL certificate. It specifies the path to the SSL certificate.
Apply the YAML file:
kubectl apply -f <path to the YAML file>
Note
If you are creating the secret in a namespace that is different from the namespace used to install the VAST CSI Driver Helm chart, specify the secret's namespace on the command:
-n <secret's namespace>.
Alternatively, you can create a secret with the following command:
kubectl create secret generic <secret name> \ --from-literal=endpoint='vms.example.com' \ --from-literal=username='<VMS user's username>' \ --from-literal=password='<VMS user's password>' \ --from-file=ssl_cert='<path to SSL certificate>' \ -n <secret's namespace>
For example:
kubectl create secret generic vast-mgmt \ --from-literal=endpoint='vms.example.com' \ --from-literal=username='user1' \ --from-literal=password='xxxxxxxxx' \ --from-file=ssl_cert='VastCerts/RootCA.crt' \ -n secret_namespace