docs: add third-party storage docs

Signed-off-by: Vicente Cheng <[email protected]>
Co-authored-by: Jillian Maroket <[email protected]>
Co-authored-by: Ivan Sim <[email protected]>
Co-authored-by: David Ko <[email protected]>
Co-authored-by: Volker Theile <[email protected]>

Author: 5 people

docs/advanced/csidriver.md

@@ -8,24 +8,37 @@ title: "Third-Party Storage Support"
   <link rel="canonical" href="https://docs.harvesterhci.io/v1.4/advanced/csidriver"/>
 </head>
 
-_Available as of v1.2.0_
+_Available as of v1.5.0_
 
-Harvester now offers the capability to install a [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/introduction.html) in your Harvester cluster. This allows you to leverage external storage for the Virtual Machine's non-system data disk, allowing you to use different drivers tailored for specific needs, whether for performance optimization or seamless integration with your existing in-house storage solutions.
+Harvester now supports provisioning of root volumes and data volumes using external [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/introduction.html) drivers. This enhancement allows you to select drivers that meet specific requirements, such as performance optimization or seamless integration with existing internal storage solutions.
 
-:::note
+:::important
+
+Harvester has validated the following CSI drivers:
+
+- Longhorn V2 Data Engine: `driver.longhorn.io`
+- LVM: `lvm.driver.harvesterhci.io`
+- NFS: `nfs.csi.k8s.io`
+- Rook (RADOS Block Device): `rook-ceph.rbd.csi.ceph.com`
+
+The validated CSI drivers have the following capabilities:
 
-The Virtual Machine (VM) image provisioner in Harvester still relies on Longhorn. Before version 1.2.0, Harvester exclusively supported Longhorn for storing VM data and did not offer support for external storage as a destination for VM data.
+| Storage Solution | VM Image | VM Rook Disk | VM Data Disk | Volume Export To VM Image | VM Template Generator | VM Live Migration | VM Snapshot | VM Backup |
+| --- | --- | --- | --- | --- | --- | --- | --- | --- |
+| Longhorn v2 Data Engine | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; |&#10006; | &#10006; |
+| LVM | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; | &#10006; | &#10004; | &#10006; |
+| NFS | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; | &#10006; | &#10006; |
+| Rook (RBD) | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; | &#10004; | &#10006; |
 
 :::
 
 ## Prerequisites
 
-For the Harvester functions to work well, the third-party CSI driver needs to have the following capabilities:
-- Support expansion
-- Support snapshot
-- Support clone
-- Support block device
-- Support Read-Write-Many (RWX), for [Live Migration](../vm/live-migration.md)
+To enable Harvester to function well, use CSI drivers that support the following capabilities:
+- Volume expansion (online resizing)
+- Snapshot creation (volume and virtual machine snapshots)
+- Cloning (volume and virtual machine clones)
+- Usage of Read-Write-Many (RWX) volumes for [Live Migration](../vm/live-migration.md)
 
 ## Create Harvester cluster
 
@@ -51,24 +64,192 @@ With the kubeconfig of the Harvester cluster, you can install the third-party CS
 
 Before you can make use of Harvester's **Backup & Snapshot** features, you need to set up some essential configurations through the Harvester [csi-driver-config](../advanced/settings.md#csi-driver-config) setting. Follow these steps to make these configurations:
 
+:::note
+
+Backup currently only works with the Longhorn v1 Data Engine. If you are using other storage providers, you can skip the **Backup VolumeSnapshot Class Name** configuration.
+
+For more information, see [VM Backup Compatibility](../../versioned_docs/version-v1.4/advanced/csidriver.md#vm-backup-compatibility).
+
+:::
+
 1. Login to the Harvester UI, then navigate to **Advanced** > **Settings**.
 1. Find and select **csi-driver-config**, and then select **⋮** > **Edit Setting** to access the configuration options.
 1. Set the **Provisioner** to the third-party CSI driver in the settings.
 1. Next, Configure the **Volume Snapshot Class Name**. This setting points to the name of the `VolumeSnapshotClass` used for creating volume snapshots or VM snapshots.
 
-![csi-driver-config-external](/img/v1.2/advanced/csi-driver-config-external.png)
+![csi-driver-config-external](/img/v1.5/advanced/csi-driver-config-external.png)
+
+## Use the CSI Driver
+
+Once the CSI driver is installed and the Harvester cluster is configured, an external storage solution can be used in tasks that involve storage management.
+
+### Virtual Machine Image Creation
+
+You can use an external storage solution to store and manage virtual machine images.
+
+When [uploading a virtual machine image](../image/upload-image.md) using the Harvester UI (**Image > Create**), you must select the StorageClass for the external storage solution on the **Storage** tab. In the following example, the StorageClass is **nfs-csi**.
+
+![create-image-with-nfs-csi](/img/v1.5/advanced/create-image-with-nfs-csi.png)
+
+Harvester stores the created the image in the external storage solution.
+
+![created-image-with-nfs-csi](/img/v1.5/advanced/created-image-with-nfs-csi.png) 
+
+### Virtual Machine Creation
+
+Your virtual machines can use root and data volumes in external storage.
+
+When [creating a virtual machine](../vm/create-vm.md) using the Harvester UI (**Virtual Machine > Create**), you must perform the following actions on the **Volumes** tab:
+
+- Select a virtual machine image stored in the external storage solution, and then configure the required settings.
+- Add a data volume.
+
+![various-volumes-for-vm-creating](/img/v1.5/advanced/various-volumes-for-vm-creating.png)
+
+In the following example, the root volume is created using NFS, and the data volume is created using the Longhorn V2 Data Engine.
+
+![various-volumes-for-vm-created](/img/v1.5/advanced/various-volumes-for-vm-created.png)
 
-## Use the CSI driver
+### Volume Creation
 
-After successfully configuring these settings, you can utilize the third-party StorageClass. You can apply the third-party StorageClass when creating an empty volume or adding a new block volume to a VM, enhancing your Harvester cluster's storage capabilities.
+You can create volumes in your external storage solution.
 
-With these configurations in place, your Harvester cluster is ready to make the most of the third-party storage integration.
+When [creating a volume](../volume/create-volume.md) using the Harvester UI (**Volumes > Create**), you must perform the following actions:
 
-![rook-ceph-volume-external](/img/v1.2/advanced/rook-ceph-volume-external.png)
+- **Storage Class**: Select the target StorageClass, e.g. **nfs-csi**.
+- **Volume Mode**: Select the corresponding volume mode, e.g. **Filesystem** for **nfs-csi**.
 
-![rook-ceph-vm-external](/img/v1.2/advanced/rook-ceph-vm-external.png)
+![create-fs-volume](/img/v1.5/advanced/create-fs-volume.png)
+
+## Advanced Topics
+
+### Storage Profiles
+
+You can now use the CDI API to create custom [storage profiles](https://github.com/kubevirt/containerized-data-importer/blob/main/doc/storageprofile.md) that simplify definition of data volumes. Storage profiles allow multiple data volumes to share the same provisioner settings.
+
+The following is an example of an LVM storage profile:
+
+```yaml
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: StorageProfile
+metadata:
+  name: lvm-node-1-striped
+spec:
+  claimPropertySets:
+  - accessModes:
+    - ReadWriteOnce
+    volumeMode: Block
+status:
+  claimPropertySets:
+  - accessModes:
+    - ReadWriteOnce
+    volumeMode: Block
+  cloneStrategy: snapshot
+  dataImportCronSourceFormat: pvc
+  provisioner: lvm.driver.harvesterhci.io
+  snapshotClass: lvm-snapshot
+  storageClass: lvm-node-1-striped
+```
+
+For more information, see [Storage Profiles](https://github.com/kubevirt/containerized-data-importer/blob/main/doc/storageprofile.md) in the CDI documentation.
+
+You can define the above fields to override the default configuration showing on the status.
+
+### Limitations
+
+- Backup support is currently limited to Longhorn V1 Data Engine volumes. Harvester is unable to create backups of volumes in external storage. 
+
+- There is a limitation in the CDI which prevents Harvester from converting attached PVCs to virtual machine images. Before exporting a volume in external storage, ensure that the PVC is not attached to workloads. This prevents the resulting image from getting stuck in the *Exporting* state.
+
+![convert-pvc-to-image-stuck](/img/v1.5/advanced/convert-pvc-to-image-stuck.png)
+
+### How to deploy the NFS CSI driver
+
+:::note
+
+You can deploy the NFS CSI driver only when the NFS server is already installed and running.
+
+If the server is already running, check the `squash` option. You must disable squashing of remote root users (`no_root_squash` or `no_all_squash`) because KubeVirt needs the QEMU UID/GID to ensure that the volume can be synced properly.
+
+:::
+
+1. Install the driver using the `csi-driver-nfs` Helm chart.
+  ```
+  $ helm repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts
+  $ helm install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --version v4.10.0
+  ```
+
+1. Create the StorageClass for NFS.
+
+  For more information about parameters, see [Driver Parameters: Storage Class Usage](https://github.com/kubernetes-csi/csi-driver-nfs/blob/master/docs/driver-parameters.md) in the Kubernetes NFS CSI Driver documentation.
+  ```yaml
+  apiVersion: storage.k8s.io/v1
+  kind: StorageClass
+  metadata:
+    name: nfs-csi
+  provisioner: nfs.csi.k8s.io
+  parameters:
+    server: <your-nfs-server-ip>
+    share: <your-nfs-share>
+    # csi.storage.k8s.io/provisioner-secret is only needed for providing mountOptions in DeleteVolume
+    # csi.storage.k8s.io/provisioner-secret-name: "mount-options"
+    # csi.storage.k8s.io/provisioner-secret-namespace: "default"
+  reclaimPolicy: Delete
+  volumeBindingMode: Immediate
+  allowVolumeExpansion: true
+  mountOptions:
+    - nfsvers=4.2
+  ```
+
+  Once created, you can use the StorageClass to create virtual machine images, root volumes, and data volumes.
 
 ## References
 
 - [Use Rook Ceph External Storage with Harvester](https://harvesterhci.io/kb/use_rook_ceph_external_storage)
-- [Using NetApp Storage on Harvester](https://harvesterhci.io/kb/install_netapp_trident_csi)
+- [Using NetApp Storage on Harvester](https://harvesterhci.io/kb/install_netapp_trident_csi)
+- [Third Party Storage Support](https://github.com/harvester/harvester/blob/master/enhancements/20250203-third-party-storage-support.md) 
+
+## Known Issues
+
+### 1. Infinite Image Download Loop
+
+The image download process loops endlessly when the StorageClass for the image uses the LVM CSI driver. This issue is related to the scratch volume, which is created by CDI and is used to temporarily store the image data. When the issue exists in your environment, you might find the following error messages in `importer-prime-xxx` pod logs:
+
+```
+E0418 01:59:51.843459       1 util.go:98] Unable to write file from dataReader: write /scratch/tmpimage: no space left on device
+E0418 01:59:51.861235       1 data-processor.go:243] write /scratch/tmpimage: no space left on device
+unable to write to file
+kubevirt.io/containerized-data-importer/pkg/importer.streamDataToFile
+    /home/abuild/rpmbuild/BUILD/go/src/kubevirt.io/containerized-data-importer/pkg/importer/util.go:101
+kubevirt.io/containerized-data-importer/pkg/importer.(*HTTPDataSource).Transfer
+    /home/abuild/rpmbuild/BUILD/go/src/kubevirt.io/containerized-data-importer/pkg/importer/http-datasource.go:162
+kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).initDefaultPhases.func2
+    /home/abuild/rpmbuild/BUILD/go/src/kubevirt.io/containerized-data-importer/pkg/importer/data-processor.go:173
+kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessDataWithPause
+    /home/abuild/rpmbuild/BUILD/go/src/kubevirt.io/containerized-data-importer/pkg/importer/data-processor.go:240
+kubevirt.io/containerized-data-importer/pkg/importer.(*DataProcessor).ProcessData
+    /home/abuild/rpmbuild/BUILD/go/src/kubevirt.io/containerized-data-importer/pkg/importer/data-processor.go:149
+main.handleImport
+    /home/abuild/rpmbuild/BUILD/go/src/kubevirt.io/containerized-data-importer/cmd/cdi-importer/importer.go:188
+main.main
+    /home/abuild/rpmbuild/BUILD/go/src/kubevirt.io/containerized-data-importer/cmd/cdi-importer/importer.go:148
+runtime.main
+```
+
+The message `no space left on device` indicates that the filesystem created using the scratch volume is not enough to store the image data. CDI creates the scratch volume based on the size of the target volume, but some space is lost to filesystem overhead. The default overhead value is `0.055` (equivalent to 5.5%), which is sufficient in most cases. However, if the image size is less than 1 GB and its virtual size is very close to the image size, the default overhead is likely to be insufficient.
+
+The workaround is to increase the filesystem overhead to 20% using the following command:
+
+```
+# kubectl patch cdi cdi --type=merge -p '{"spec":{"config":{"filesystemOverhead":{"global":"0.2"}}}}'
+```
+
+The image should be downloaded once the filesystem overhead is increased.
+
+:::note
+
+Increasing the overhead value does not affect the image PVC size. The scratch volume is deleted after the image is imported.
+
+:::
+
+Related issue: [#7993](https://github.com/harvester/harvester/issues/7993) (See this [comment](https://github.com/harvester/harvester/issues/7993#issuecomment-2790260841).)

docs/image/image-security.md

@@ -19,6 +19,12 @@ _Available as of v1.4.0_
 
 Harvester allows you to encrypt and decrypt virtual machine images. The encryption mechanism utilizes the Linux kernel module dm_crypt and the command-line utility cryptsetup.
 
+:::note
+
+This feature only supports the Longhorn V1 Data Engine. You cannot encrypt and decrypt images that are stored in other storage solutions.
+
+:::
+
 ## Prerequisites
 
 Prepare the following resources:

docs/vm/backup-restore.md

@@ -26,6 +26,8 @@ VM backups are created from the **Virtual Machines** page. The VM backup volumes
 
 A backup target must be set up. For more information, see [Configure Backup Target](#configure-backup-target). If the backup target has not been set, you’ll be prompted with a message to do so.
 
+Backup support is currently limited to Longhorn V1 Data Engine volumes. Harvester is unable to create backups of volumes in external storage.
+
 :::
 
 ### Configure Backup Target

docs/vm/create-vm.md

@@ -152,6 +152,7 @@ A disk can be made accessible via the following types:
 | cd-rom | This type will expose the volume as a cd-rom drive to the VM. It is read-only by default. |
 
 A volume's [StorageClass](../advanced/storageclass.md) can be specified when adding a new empty volume; for other volumes (such as VM images), the `StorageClass` is defined during image creation.
+If you are using external storage, ensure that the correct **StorageClass** and **Volume Mode** are selected. For example, a volume with the **nfs-csi** StorageClass must use the **Filesystem** volume mode.
 
 :::info important
 

docs/vm/edit-vm.md

@@ -49,6 +49,12 @@ For more details about the network implementation, please refer to the [Networki
 
 You can add additional volumes to the VM after booting. You can also expand the size of the volume after shutting down the VM, click the VM and go to the `Volumes` tab, edit the size of the expanded volume. After restarting the VM and waiting for the resize to complete, your disk will automatically finish expanding.
 
+:::note
+
+If you are using external storage, ensure that the storage provider supports volume expansion before you resize volumes.
+
+:::
+
 ![edit-vm](/img/v1.2/vm/edit-vm-volumes.png)
 
 ### Access Credentials

docs/vm/live-migration.md

@@ -23,6 +23,7 @@ Live migration means moving a virtual machine to a different host without downti
 - Live migration is not allowed when the virtual machine has any volume of the `CD-ROM` type. Such volumes should be ejected before live migration.
 - Live migration is not allowed when the virtual machine has any volume of the `Container Disk` type. Such volumes should be removed before live migration.
 - Live migration is not allowed when the virtual machine has any `PCIDevice` passthrough enabled. Such devices need to be removed before live migration.
+- Live migration is not allowed when the volumeAccessMode of any volume in the virtual machine is `ReadWriteOnce`. Such volumes should be removed before live migration.
 
 :::
 

docs/volume/export-volume.md

@@ -13,6 +13,12 @@ description: Export volume to image from the Volume page.
 
 You can select and export an existing volume to an image by following the steps below:
 
+:::note
+
+If the volume is in external storage, ensure that it is not attached to workloads (virtual machines and pods) before starting the export process. This prevents the resulting image from getting stuck in the *Exporting* state.
+
+:::
+
 1. Click the `⋮` button and select the `Export Image` option.
 
     ![export-volume-to-image-1](/img/v1.2/volume/export-volume-to-image-1.png)