Using the Compute Engine persistent disk CSI Driver

Google Kubernetes Engine (GKE) provides a simple way for you to automatically deploy and manage the Compute Engine persistent disk Container Storage Interface (CSI) Driver in your clusters.

The Compute Engine persistent disk CSI Driver version is tied to GKE version numbers. The Compute Engine persistent disk CSI Driver version is typically the latest driver available at the time that the GKE version is released. The drivers update automatically when the cluster is upgraded to the latest GKE patch.

Benefits of using the Compute Engine persistent disk CSI Driver

Using the Compute Engine persistent disk CSI Driver instead of the Kubernetes in-tree gcePersistentDisk volume plugin provides the following benefits:

• CSI drivers are the future of storage extension in Kubernetes. Kubernetes has announced that the in-tree volume plugins are expected to be removed from Kubernetes in version 1.21. For details, see Kubernetes In-Tree to CSI Volume Migration Moves to Beta. After in-tree volume plugins are removed, existing volumes using in-tree volume plugins will communicate through CSI drivers instead.
• It enables the automatic deployment and management of the persistent disk driver without having to manually set it up, or use the in-tree volume plugin.
• It provides additional persistent disk features in GKE. For example:
  • You can use customer-managed encryption keys (CMEKs) with the Compute Engine persistent disk CSI Driver, but not the in-tree volume plugin. These keys are used to encrypt the data encryption keys that encrypt your data. To learn more about CMEK on GKE, see Using CMEK.
  • You can use volume snapshots with the Compute Engine persistent disk CSI Driver. Volume snapshots let you create a copy of your volume at a specific point in time. You can use this copy to bring a volume back to a prior state or to provision a new volume.
• Bug fixes and feature updates are rolled out independently from minor Kubernetes releases. This release schedule typically results in a faster release cadence.

Requirements

To use the Compute Engine persistent disk CSI Driver, your clusters must be using the following versions:

• Linux clusters: GKE version 1.14 or later.
• Windows clusters: GKE version 1.18 or later.

Enabling the Compute Engine persistent disk CSI Driver on a new cluster

To create a cluster with a version where the Compute Engine persistent disk CSI Driver is not automatically enabled, you can use the gcloud command-line tool or the Google Cloud Console.

To enable the driver on cluster creation, complete the following steps:

gcloud container clusters create CLUSTER-NAME \
    --addons=GcePersistentDiskCsiDriver \
    --cluster-version=VERSION

After you have enabled the Compute Engine persistent disk CSI Driver, you can use the driver in Kubernetes volumes using the driver and provisioner name: pd.csi.storage.gke.io.

Enabling the Compute Engine persistent disk CSI Driver on an existing cluster

To enable the Compute Engine persistent disk CSI Driver in existing clusters, use the gcloud command-line tool or the Google Cloud Console.

To enable the driver on an existing cluster, complete the following steps:

gcloud container clusters update CLUSTER-NAME \
   --update-addons=GcePersistentDiskCsiDriver=ENABLED

Disabling the Compute Engine persistent disk CSI Driver

Disable the Compute Engine persistent disk CSI Driver using gcloud command-line tool or Google Cloud Console.

To disable the driver on an existing cluster, complete the following steps:

gcloud container clusters update CLUSTER-NAME \
    --update-addons=GcePersistentDiskCsiDriver=DISABLED

Using the Compute Engine persistent disk CSI Driver for Linux clusters

The following sections describe the typical process for using a Kubernetes volume backed by a CSI driver in GKE. These sections are specific to clusters using Linux.

Create a StorageClass

After you enable the Compute Engine persistent disk CSI Driver, GKE automatically installs the following StorageClasses:

• standard-rwo, using balanced persistent disk
• premium-rwo, using SSD persistent disk

Some older cluster versions from 1.17 and below might instead have the singlewriter-standard or standard-singlewriter StorageClass instead, which uses standard persistent disk.

You can find the name of your installed StorageClass by running the following command:

kubectl get sc

You can also install a different StorageClass that uses the Compute Engine persistent disk CSI Driver by adding pd.csi.storage.gke.io in the provisioner field.

For example, you could create a StorageClass using the following file named pd-example-class.yaml:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: pd-example
provisioner: pd.csi.storage.gke.io
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
  type: pd-balanced

Any persistent disk type can be specified in the type parameter (for example pd-ssd, pd-standard or pd-balanced).

After creating the pd-example-class.yaml file, run the following command:

kubectl create -f pd-example-class.yaml

Create a PersistentVolumeClaim

You can create a PersistentVolumeClaim that references the Compute Engine persistent disk CSI Driver's StorageClass.

The following file, named pvc-example.yaml, uses the pre-installed storage class standard-rwo:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: podpvc
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: standard-rwo
  resources:
    requests:
      storage: 6Gi

After creating the PersistentVolumeClaim manifest, run the following command:

kubectl create -f pvc-example.yaml

In the pre-installed StorageClass (standard-rwo), volumeBindingMode is set to WaitForFirstConsumer. When volumeBindingMode is set to WaitForFirstConsumer, the PersistentVolume is not provisioned until a Pod referencing the PersistentVolumeClaim is scheduled. If volumeBindingMode in the StorageClass is set to Immediate (or it's omitted), a persistent-disk-backed PersistentVolume is provisioned after the PersistentVolumeClaim is created.

Create a Pod that consumes the volume

When using Pods with PersistentVolumes, we recommend that you use a workload controller (such as a Deployment or StatefulSet). While you would not typically use a standalone Pod, the following example uses one for simplicity.

The following example consumes the volume that you created in the previous section:

apiVersion: v1
kind: Pod
metadata:
  name: web-server
spec:
  containers:
   - name: web-server
     image: nginx
     volumeMounts:
       - mountPath: /var/lib/www/html
         name: mypvc
  volumes:
   - name: mypvc
     persistentVolumeClaim:
       claimName: podpvc
       readOnly: false

Using the Compute Engine persistent disk CSI Driver for Windows clusters

The following sections describe the typical process for using a Kubernetes volume backed by a CSI driver in GKE. These sections are specific to clusters using Windows.

Ensure that the:

• Cluster version is 1.19.7-gke.2000, 1.20.2-gke.2000, or later.
• Node versions is 1.18.12-gke.1203, 1.19.6-gke.800, or later.

Create a StorageClass

Creating a StorageClass for Windows is very similar to Linux. You should be aware that the StorageClass installed by default will not work for Windows because the file system type is different. Compute Engine persistent disk CSI Driver for Windows requires NTFS as the file system type.

For example, you could create a StorageClass using the following file named pd- windows-class.yaml. Make sure to add csi.storage.k8s.io/fstype: NTFS to the parameters list:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: pd-sc-windows
provisioner: pd.csi.storage.gke.io
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: true
parameters:
  type: pd-balanced
  csi.storage.k8s.io/fstype: NTFS

Create a PersistentVolumeClaim

After creating a StorageClass for Windows, you can now create a PersistentVolumeClaim that references that StorageClass:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: podpvc-windows
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: pd-sc-windows
  resources:
    requests:
      storage: 6Gi

Create a Pod that consumes the volume

The following example consumes the volume that you created in the previous task:

apiVersion: v1
kind: Pod
metadata:
  name: web-server
spec:
  nodeSelector:
    kubernetes.io/os: windows
  containers:
    - name: iis-server
      image: mcr.microsoft.com/windows/servercore/iis
      ports:
      - containerPort: 80
      volumeMounts:
      - mountPath: /var/lib/www/html
        name: mypvc
  volumes:
    - name: mypvc
      persistentVolumeClaim:
        claimName: podpvc-windows
        readOnly: false

Known issues

Due to a 128 character restriction in the CSI Node ID Spec and how GKE generates instance names, installing the Compute Engine persistent disk CSI Driver might fail on new and existing GKE clusters for certain node pools. For more information, see this GitHub issue.

This issue is fixed in the following versions:

• 1.16.15-gke.1700 and later
• 1.17.9-6300 and later
• 1.18.6-4801 and later

If you are using a cluster with an earlier version, upgrade to one of the listed versions to resolve the issue.

What's next

• Learn how to use volume expansion.
• Learn how to use volume snapshots.
• Read more about the driver on GitHub.