These are the minimum privileges required for using Rancher vSphere CPI and/or Cloud Credential.
- Allocate space
- Browse datastore
- Low level file operations
- Assign network
📝 This privilege is for vSphere 7. For vSphere 8, use VM storage policies) instead.
- Profile-driven storage view
- Assign virtual machine to resource pool
📝 If not deploying from a Content Library these privileges can be omitted.
- Create
- Import
- Add existing disk
- Add new disk
- Add or remove device
- Advanced configuration
- Change CPU count
- Change Memory
- Change Settings
- Change resource
- Display connection settings
- Extend virtual disk
- Modify device settings
- Remove disk
- Rename
- Reset guest information
- Create from existing
- Create new
- Move
- Register
- Remove
- Unregister
- Guest operation alias modification
- Guest operation alias query
- Guest operation modifications
- Guest operation program execution
- Guest operation queries
- Configure CD media
- Connect devices
- Install VMware Tools
- Power off
- Power on
- Reset
- Allow disk access
- Allow file access
- Clone template
- Customize guest
- Deploy template
- Modify customization specification
- Read customization specifications
📝 These privileges are for vSphere 8. For vSphere 7, use Profile-driven storage instead.
- Apply VM storage policies
- View VM storage policies
- Assign or Unassign vSphere Tag
- Assign or Unassign vSphere Tag on Object
These are the minimum privileges required to provision and attach Rancher vSphere CSI volumes. If not using vSAN, vSphere CSI volumes can be RWO only.
- Searchable
- Low level file operations
- Configuration
- Storage partition configuration
📝 This privilege is for vSphere 7. For vSphere 8, use VM storage policies) instead.
- Profile-driven storage view
- Add existing disk
- Add or remove device
- Remove disk
📝 These privileges are for vSphere 8. For vSphere 7, use Profile-driven storage instead.
- Apply VM storage policies
- View VM storage policies
Below are basic CPI & CSI Helm chart values for an RKE2 cluster. More comprehensive values.yaml
examples are in the RKE2 Charts GitHub repository:
For guidance on deploying these charts via Terraform plan, see HERE.
rancher-vsphere-cpi:
vCenter:
host: <vcenter_server>
port: 443
insecureFlag: true
datacenters: <vsphere_datacenter>
username: <cpi_username>
password: <cpi_password>
credentialsSecret:
name: "vsphere-cpi-creds"
generate: true
rancher-vsphere-csi:
vCenter:
host: <vcenter_server>
port: 443
insecureFlag: "1"
datacenters: <vsphere_datacenter>
username: <csi_username>
password: <csi_password>
configSecret:
name: "vsphere-config-secret"
generate: true
storageClass:
allowVolumeExpansion: true # Optional Value
datastoreURL: <ds://datastore_url/>