[K8S] Documentation csi v0.3 (#2642)

bene2k1 · web-flow · commit 1742084016df · 2024-09-25T15:23:07.000+02:00
diff --git a/containers/kubernetes/api-cli/managing-storage.mdx b/containers/kubernetes/api-cli/managing-storage.mdx
@@ -7,7 +7,7 @@ content:
   paragraph: Learn how to manage Block Storage volumes using Scaleway's CSI driver on Kubernetes Kapsule and Kosmos clusters.
 tags: block-storage scaleway-csi kubernetes pvc
 dates:
-  validation: 2024-06-17
+  validation: 2024-09-25
   posted: 2021-08-12
 categories:
   - kubernetes
@@ -23,181 +23,80 @@ The [Scaleway Block Volume](https://www.scaleway.com/en/block-storage/) Containe
 - Your Scaleway Project or Organization ID
 - [Created](/containers/kubernetes/how-to/create-cluster/) a Kubernetes cluster running on Scaleway Instances (v1.21+)
 
-## Features
+<Message type="tip">
+    Refer to our video tutorial [Getting Started with Kubernetes Part 4 - Storage](/containers/kubernetes/videos/) to view a visual presentation and step-by-step guidance of how to manage Block Storage volumes on Kubernetes with the Scaleway CSI.
+</Message>
 
-Following is a list of functionalities implemented by the Scaleway CSI driver.
+## Verification of CSI driver status
 
-### Block device resizing
+To verify if the driver is running, use the following command:
 
-The Scaleway CSI driver implements the resize feature ([example for Kubernetes](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/)). It allows an online resize (without the need to detach the block device). However, resizing can only be done upwards, decreasing a volume's size is not supported.
+```bash
+kubectl get csidriver
+```
 
-### Raw Block Volume
+The output of this command provides a quick status update on the CSI plugin within your Kubernetes cluster. For the latest features and enhancements, consider upgrading to [release 0.3](https://github.com/scaleway/scaleway-csi/tree/release-0.3#block-storage-low-latency), which supports **[Block Storage low latency](/storage/block/quickstart/)** volumes.
 
-[Raw Block Volumes](https://kubernetes.io/blog/2019/03/07/raw-block-volume-support-to-beta/) allows the block volume to be exposed directly to the container as a block device, instead of a mounted filesystem. To enable it, the `volumeMode` needs to be set to `Block`. For instance, here is a PVC in raw block volume mode:
+To identify your current CSI release version, navigate to the [Cockpit interface](/observability/cockpit/how-to/access-grafana-and-managed-dashboards/), specifically the **Kubernetes Cluster - Overview** dashboard.
 
-```yaml
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: my-raw-pvc
-spec:
-  volumeMode: Block
-  [...]
-```
+## Upgrading to CSI version 0.3
 
-### At-Rest encryption
-
-Support for volume encryption. [See in examples](https://github.com/scaleway/scaleway-csi/tree/master/examples/kubernetes/#encrypting-volumes)
-
-### Volume snapshots
-
-[Volume snapshots](https://kubernetes.io/docs/concepts/storage/volume-snapshots/) allow the user to create a snapshot of a specific block volume. 
-
-### Volume statistics
-
-The Scaleway CSI driver implements the [`NodeGetVolumeStats`](https://github.com/container-storage-interface/spec/blob/master/spec.md/#nodegetvolumestats) CSI method. It is used to gather statistics about the used block volumes. In Kubernetes, `kubelet` exposes these metrics.
-
-## Kubernetes
-
-This section is Kubernetes specific. Note that Scaleway CSI driver may work for older Kubernetes version than those announced.
-The CSI driver allows you to use [Persistent Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) in Kubernetes.
-
-## Creating persistent volumes with Scaleway Block Storage
-
-1. Create a [PersistentVolumeClaim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) and use it as a volume inside the pod of a deployment.
-    ```
-    kubectl apply -f pvc-deployment/pvc.yaml
-    ```
-2. Create the deployment that will use this volume:
-    ```
-    kubectl apply -f pvc-deployment/deployment.yaml
-    ```
-
-## Creating raw block volumes
-
-1. Create a block volume and make it available in the pod as a raw block device. In order to do so, `volumeMode` must be set to Block:
-    ```bash
-    kubectl apply -f raw-volume/pvc.yaml
-    ```
-2. Create a pod that will use this raw volume. In order to do so, `volumesDevices` must be used, instead of the traditional `volumeMounts`:
-    ```bash
-    kubectl apply -f raw-volume/pod.yaml
-    ```
-3. Exec into the container and use the volume as a classic block device:
-    ```bash
-    kubectl exec -it my-awesome-block-volume-app sh
-    / # ls -al /dev/xvda
-    brw-rw----    1 root     disk        8,  32 Mar 23 12:34 /dev/xvda
-    / # dd if=/dev/zero of=/dev/xvda bs=1024k count=100
-    100+0 records in
-    100+0 records out
-    104857600 bytes (100.0MB) copied, 0.043702 seconds, 2.2GB/s
-    ```
-
-## Importing existing Scaleway volumes
-
-1. If you have an already existing volume, with the ID `11111111-1111-1111-111111111111` in the zone `fr-par-1`, you can import it by creating the following PV:
-    ```yaml
-    apiVersion: v1
-    kind: PersistentVolume
-    metadata:
-      name: test-pv
-    spec:
-      capacity:
-        storage: 5Gi
-      volumeMode: Filesystem
-      accessModes:
-        - ReadWriteOnce
-      storageClassName: scw-bssd
-      csi:
-        driver: csi.scaleway.com
-        volumeHandle: fr-par-1/11111111-1111-1111-111111111111
-      nodeAffinity:
-        required:
-          nodeSelectorTerms:
-          - matchExpressions:
-            - key: topology.csi.scaleway.com/zone
-              operator: In
-              values:
-              - fr-par-1
-    ```
-2. Once the PV is created, create a PVC with the same attributes (here scw-bssd as storage class and a size of 5Gi):
-    ```bash
-    kubectl apply -f importing/pvc.yaml
-    ```
-3. Create a pod that uses this volume:
-    ```bash
-    kubectl apply -f importing/pod.yaml
-    ```
-
-## Encrypting volumes
-
-This plugin supports at rest encryption of the volumes with Cryptsetup/LUKS.
-
-### Storage Class parameters
-
-In order to have an encrypted volume, `encrypted: true` needs to be added to the
-StorageClass parameters. You will also need a passphrase to encrypt/decrypt the volume,
-which is taken from the secrets passed to the `NodeStageVolume` and `NodeExpandVolume` method.
-
-The [external-provisioner](https://github.com/kubernetes-csi/external-provisioner)
-can be used to [pass down the wanted secret to the CSI plugin](https://kubernetes-csi.github.io/docs/secrets-and-credentials-storage-class.html) (v1.0.1+).
-
-Some additional parameters are needed on the StorageClass:
-
-- `csi.storage.k8s.io/node-stage-secret-name`: The name of the secret
-- `csi.storage.k8s.io/node-stage-secret-namespace`: The namespace of the secret
-- `csi.storage.k8s.io/node-expand-secret-name`: The name of the secret (see note below).
-- `csi.storage.k8s.io/node-expand-secret-namespace`: The namespace of the secret (see note below).
-
-> Volume expansion for encrypted volumes is only supported with the `CSINodeExpandSecret`
-> feature gate which is available since `v1.25.0` and by default since `v1.27.0`.
-
-The secret needs to have the passphrase in the entry with the key `encryptionPassphrase`.
-
-For instance, with the following secret:
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: enc-secret
-  namespace: default
-type: Opaque
-data:
-  encryptionPassphrase: bXlhd2Vzb21lcGFzc3BocmFzZQ==
-```
+### Using the API with curl
 
-and the following StorageClass:
-
-```yaml
-# Volume expansion is supported with CSINodeExpandSecret feature gate since v1.25.0 or by default since v1.27.0
-allowVolumeExpansion: true
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: "sbs-default-enc"
-provisioner: csi.scaleway.com
-reclaimPolicy: Delete
-volumeBindingMode: Immediate
-parameters:
-  encrypted: "true"
-  csi.storage.k8s.io/node-stage-secret-name: "enc-secret"
-  csi.storage.k8s.io/node-stage-secret-namespace: "default"
-  # Required for volume expansion
-  csi.storage.k8s.io/node-expand-secret-name: "enc-secret"
-  csi.storage.k8s.io/node-expand-secret-namespace: "default"
+You can trigger the migration to SBS-CSI using the following `curl` command:
+
+```bash
+curl "https://api.scaleway.com/k8s/v1/regions/$REGION/clusters/$CLUSTER_ID/migrate-to-sbs-csi" \
+-X POST \
+-H "X-Auth-Token: $TOKEN"
 ```
 
-all the PVC created with the StorageClass `sbs-default-enc` will be encrypted at
-rest with the passphrase `myawesomepassphrase`.
+Replace the placeholders with the following:
 
-The [Per Volume Secret](https://kubernetes-csi.github.io/docs/secrets-and-credentials-storage-class.html#per-volume-secrets)
-can also be used to avoid having one passphrase per StorageClass.
+- `$REGION`: Your cluster's region (e.g., `fr-par`, `nl-ams`).
+- `$CLUSTER_ID`: Your cluster ID.
+- `$TOKEN`: Your Scaleway API token.
 
-<Message type="note">
-  Note that before `v0.2.1` the expansion of encrypted volumes was not possible.
-  `PersistentVolumes` created without the `csi.storage.k8s.io/node-stage-secret` annotations must be manually patched if the expansion is necessary. Be careful when doing so, as the required fields are immutable, and the patch will need to be forced. We recommend taking preventative measures such as backing up your data and switching the `reclaimPolicy` of the volume to `Retain`.
-</Message>
+This command will initiate the migration process for your cluster to the new SBS-CSI.
+
+### Using the Scaleway CLI
 
+Alternatively, you can use the Scaleway CLI to perform the migration. Ensure the CLI is installed and configured with your API credentials.
+
+1. Install and configure the Scaleway CLI, if you have not already:
+   ```bash
+   scw init
+   ```
+ 
+2. Run the migration command:
+
+   ```bash
+   scw k8s cluster migrate-to-sbs-csi $CLUSTER_ID --region=$REGION
+   ```
+
+   Replace `$REGION` and `$CLUSTER_ID` with your cluster’s region and ID, respectively.
+
+### Post-migration verification
+
+After initiating the migration, the cluster status will change to _updating_. Once the migration completes, you can verify that the CSI driver has been updated and that the new driver properly handles Persistent Volume Claims (PVCs).
+
+```bash
+kubectl get csidriver
+```
 
+This command will confirm that the migration was successful.
+
+## Going further
+
+* [Creating persistent volumes with Scaleway Block Storage](hhttps://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#pvc--deployment)
+* [Creating raw block volumes](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#raw-block-volumes)
+* [Importing existing Scaleway volumes](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#importing-existing-scaleway-volumes)
+* [Creating volume snapshots](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#volume-snapshots)
+* [Importing volume snapshots](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#importing-snapshots)
+* [How to crate a storage class](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#different-storageclass)
+* [How to choose a zone for the volumes](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#specify-in-which-zone-the-volumes-are-going-to-be-created)
+* [How to choose the number of IOPS](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#choose-the-number-of-iops)
+    <Message type="tip">
+      * `sbs-5k` and `sbs-15k` are pre-configured storage classes designed to meet your IOPS requirements. You can achieve the equivalent of setting `iops:5k` in your custom class.
+    </Message>
+* [Encrypting volumes](https://github.com/scaleway/scaleway-csi/tree/release-0.3/examples/kubernetes#encrypting-volumes)
