Cross-namespace storage data sources


StatusMin K8s VersionMax K8s Versionexternal-provisioner Version


By default, a VolumeSnapshot is a namespace-scoped resource while a VolumeSnapshotContent is a cluster-scope resource. Consequently, you can not restore a snapshot from a different namespace than the source.

With that feature enabled, you can specify a namespace attribute in the dataSourceRef. Once Kubernetes checks that access is OK, the new PersistentVolume can populate its data from the storage source specified in another namespace.

See the Kubernetes Enhancement Proposal for more details on the background, design and discussions.


To enable this feature, cluster administrators must:

  • Install a CRD for ReferenceGrants supplied by the gateway API project
  • Enable the AnyVolumeDataSource and CrossNamespaceVolumeDataSource feature gates for the kube-apiserver and kube-controller-manager
  • Install a CRD for the specific VolumeSnapShot controller
  • Start the CSI Provisioner controller with the argument --feature-gates=CrossNamespaceVolumeDataSource=true
  • Grant the CSI Provisioner with get, list, and watch permissions for referencegrants (API group
  • Install the CSI driver

For more information about how to use the feature, visit the Kubernetes blog page.