Skip to main content
Version: v1.1 (EOL)

Harvester CSI Driver

The Harvester Container Storage Interface (CSI) Driver provides a standard CSI interface used by guest Kubernetes clusters in Harvester. It connects to the host cluster and hot-plugs host volumes to the virtual machines (VMs) to provide native storage performance.



  • The Kubernetes cluster is built on top of Harvester virtual machines.
  • The Harvester virtual machines that run the guest Kubernetes nodes are all in the same Harvester namespace.
  • The Harvester virtual machine guests' hostnames match their corresponding Harvester virtual machine names. Guest cluster Harvester VMs can't have different hostnames than their Harvester VM names when using the Harvester CSI driver. We hope to remove this limitation in a future release of Harvester.

Currently, the Harvester CSI driver only supports single-node read-write(RWO) volumes. Please follow the issue #1992 for future multi-node read-only(ROX) and read-write(RWX) support.

Deploying with Harvester RKE1 Node Driver

  • Select Harvester(Out-of-tree) option (optional. If you don't need to use the Cloud Provider feature at the same time, you can select the None option).

  • Install Harvester CSI Driver from the Rancher marketplace.

Deploying with Harvester RKE2 Node Driver

When spinning up a Kubernetes cluster using Rancher RKE2 node driver, the Harvester CSI driver will be deployed when Harvester cloud provider is selected.


Install CSI Driver Manually in the RKE2 Cluster

If you prefer to deploy the Harvester CSI driver without enabling the Harvester cloud provider, you can choose either Default - RKE2 Embedded or External in the Cloud Provider field. If you are using Rancher v2.6, select None instead.


Ensure that you have the following prerequisites in place:

  • You have kubectl and jq installed on your system.
  • You have the kubeconfig file for your bare-metal Harvester cluster.
    export KUBECONFIG=/path/to/your/harvester-kubeconfig

Perform the following steps to deploy the Harvester CSI Driver manually:

Deploy Harvester CSI Driver

  1. Generate cloud-config.

    You can generate the kubeconfig file using the script. It is available on the harvester/harvester-csi-driver repo. You can follow the steps below to get the cloud-config and cloud-init data:

    The <serviceaccount name> usually corresponds to your guest cluster name (the value of "Cluster Name" in the figure below), and <namespace> should match the namespace (the value of "Namespace") of the guest cluster.

    # ./ <serviceaccount name> <namespace> RKE2
    ########## cloud-config ############
    apiVersion: v1
    - cluster: <token>
    server: https://<YOUR HOST HARVESTER VIP>:6443
    name: default
    - context:
    cluster: default
    namespace: default
    user: rke2-guest-01-default-default
    name: rke2-guest-01-default-default
    current-context: rke2-guest-01-default-default
    kind: Config
    preferences: {}
    - name: rke2-guest-01-default-default
    token: <token>

    ########## cloud-init user data ############
    - encoding: b64
    owner: root:root
    path: /var/lib/rancher/rke2/etc/config-files/cloud-provider-config
    permissions: '0644'

    Copy and paste the output below cloud-init user data to Machine Pools >Show Advanced > User Data.

  2. Set up cloud-provider-config.

    The cloud-provider-config should be created after you apply the above cloud-init user data.

    You can check again on the path /var/lib/rancher/rke2/etc/config-files/cloud-provider-config.


    If you want to change the cloud-provider-config path, you should update the cloud-init user data.

  3. Install Harvester CSI Driver.

    Install the Harvester CSI Driver chart from the Rancher marketplace. (Note: by default, you do not need to change the cloud-config path).


If you prefer not to install the Harvester CSI driver using Rancher (Apps > Charts), you can use Helm instead. The Harvester CSI driver is packaged as a Helm chart. For more information, see

By following the above steps, you should be able to see those CSI driver pods are up and running, and you can verify it by provisioning a new PVC using the default storageClass harvester..

Deploying with Harvester K3s Node Driver

You can follow the Deploy Harvester CSI Driver steps described in the RKE2 section for Prerequisites

The only difference is that you need to change the script command as follows:

# ./ <serviceaccount name> <namespace> k3s

Passthrough Custom StorageClass

Starting with Harvester CSI driver v0.1.15, you can create a PersistentVolumeClaim (PVC) based on a different StorageClass.

Harvester CSI driver v0.1.15 is supported out of the box starting with the following RKE2 versions; for RKE1 you need to manually install the CSI driver chart:

  • v1.23.16+rke2r1 and later
  • v1.24.10+rke2r1 and later
  • v1.25.6+rke2r1 and later
  • v1.26.1+rke2r1 and later
  • v1.27.1+rke2r1 and later


Please add the following additional perquisites to your Harvester cluster. The Harvester CSI driver requires proper RBAC to display error messages. This is important for displaying an error message when creating a PVC with a StorageClass that does not exist, as shown in the following figure.

Perform the following steps to setup RBAC to enable seeing error messages.

  1. Create a new clusterrole named with the following manifest.

    kind: ClusterRole
    labels: apiserver harvester harvester
    - apiGroups:
    - storageclasses
    - get
    - list
    - watch
  2. Then create the clusterrolebinding to associate with the new clusterrole with the following manifest.

    kind: ClusterRoleBinding
    name: <namespace>-<serviceaccount name>
    kind: ClusterRole
    - kind: ServiceAccount
    name: <serviceaccount name>
    namespace: <namespace>

Make sure the serviceaccount name and namespace are the same as your cloud provider. Perform the following steps to see the serviceaccount name and namespace for your cloud provider.

  1. Find the rolebinding for your cloud provider .

    # kubectl get rolebinding -A |grep
    default default-rke2-guest-01 ClusterRole/ 7d1h
  2. Get the subjects info on this rolebinding.

    kubectl get rolebinding default-rke2-guest-01 -n default -o yaml |yq -e '.subjects'
  3. Find the ServiceAccount info as follows:

    - kind: ServiceAccount
    name: rke2-guest-01
    namespace: default


  1. Create a new StorageClass that you would like to use in your guest k8s cluster. You can refer to the StorageClasses for more details.

    As show in the following figure, create a new StorageClass named replica-2.

    For example, create a new StorageClass on the downstream cluster as follows associated with the StorageClass created on the Harvester Cluster named replica-2.


    When choosing a Provisioner, select Harvester (CSI). The parameter Host StorageClass should be the StorageClass created on the Harvester Cluster.

  2. You can now create a PVC based on this new StorageClass, which uses the Host StorageClass to provision volumes on the bare-metal cluster.