We are planning to use vsphere-csi-driver. We do as well have higher security requirements to fullfill and currently I'm not sure how to setup this environment. We do have a shared datastore cluster (VMFS). On this datastore cluster are all vm's for 4 Clusters. I need to make sure that's technically impossible by seperation of accounts or storage policy that 1 vm of cluster x can't mount a virtual disk from 1 vm on cluster y. I've seen in the documentation so far that you can use storagepolicies but there I can only restrict the datastore which is something I can't since I'm not able to restirct one or x datastores's for 1 cluster. Is there any best practice existing for this scenario?
------------------------------
------------------------------