OpenShift Origin (OKD) 3.10 : Use Persistent Storage2018/08/22 |
Use Persistent Storage in OpenShift Cluster.
On this example, Configure NFS backend storage.
This example is based on the environment like follows.
-----------+--------------+------------------------------------------+------------ |10.0.0.25 | |10.0.0.51 |10.0.0.52 +----------+-----------+ | +----------+-----------+ +----------+-----------+ | [ ctrl.srv.world ] | | | [ node01.srv.world ] | | [ node02.srv.world ] | | (Master Node) | | | (Compute Node) | | (Compute Node) | | (Infra Node) | | | | | | | (Compute Node) | | | | | | +----------------------+ | +----------------------+ +----------------------+ | +----------------------+ | | [ nfs.srv.world ] | | | NFS Server +--+ | |10.0.0.35 | | +----------------------+ |
[1] |
Configure NFS Server, refer to here.
On this example, configure [/var/lib/nfs/share] directory on [nfs.srv.world] as a shared directory. |
[2] | Login as Cluster admin user and create PV (Persistent Volume) object. And also add [anyuid] SCC (Security Context Constraints) to the authenticated users in Cluster. |
# default SCC list [origin@ctrl ~]$ oc get scc NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP PRIORITY READONLYROOTFS VOLUMES anyuid false [] MustRunAs RunAsAny RunAsAny RunAsAny 10 false [configMap downwardAPI emptyDir persistentVolumeClaim projected secret] hostaccess false [] MustRunAs MustRunAsRange MustRunAs RunAsAny <none> false [configMap downwardAPI emptyDir hostPath persistentVolumeClaim projected secret] hostmount-anyuid false [] MustRunAs RunAsAny RunAsAny RunAsAny <none> false [configMap downwardAPI emptyDir hostPath nfs persistentVolumeClaim projected secret] hostnetwork false [] MustRunAs MustRunAsRange MustRunAs MustRunAs <none> false [configMap downwardAPI emptyDir persistentVolumeClaim projected secret] nonroot false [] MustRunAs MustRunAsNonRoot RunAsAny RunAsAny <none> false [configMap downwardAPI emptyDir persistentVolumeClaim projected secret] privileged true [*] RunAsAny RunAsAny RunAsAny RunAsAny <none> false [*] restricted false [] MustRunAs MustRunAsRange MustRunAs RunAsAny <none> false [configMap downwardAPI emptyDir persistentVolumeClaim projected secret]
[origin@ctrl ~]$
oc adm policy add-scc-to-group anyuid system:authenticated scc "anyuid" added to groups: ["system:authenticated"] apiVersion: v1 kind: PersistentVolume metadata: # any PV name name: nfs-pv spec: capacity: # storage size storage: 10Gi accessModes: # ReadWriteMany(RW from multi nodes), ReadWriteOnce(RW from a node), ReadOnlyMany(R from multi nodes) - ReadWriteMany persistentVolumeReclaimPolicy: # retain even if pods terminate Retain nfs: # NFS server's definition path: /var/lib/nfs/share server: 10.0.0.35 readOnly: false oc create -f nfs-pv.yml persistentvolume "nfs-pv" created [origin@ctrl ~]$ oc get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE nfs-pv 10Gi RWX Retain Available 6s |
[3] | Login as any user in Cluster and create PVC (Persistent Volume Claim) object. |
apiVersion: v1 kind: PersistentVolumeClaim metadata: # any PVC name name: nfs-pvc spec: accessModes: # ReadWriteMany(RW from multi nodes), ReadWriteOnce(RW from a node), ReadOnlyMany(R from multi nodes) - ReadWriteMany resources: requests: # storage size to use storage: 1Gi oc create -f nfs-pvc.yml persistentvolumeclaim "nfs-pvc" created [cent@ctrl ~]$ oc get pvc NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE nfs-pvc Bound nfs-pv 10Gi RWX 5s |
[4] | On all Compute Nodes, Change SELinux boolean value. |
[root@node01 ~]# setsebool -P virt_use_nfs on |
[5] | Login as a user who created PVC (Persistent Volume Claim) object and create a Pod which mounts NFS share. |
apiVersion: v1 kind: Pod metadata: # any Pod name name: nginx-nfs labels: name: nginx-nfs spec: containers: - name: nginx-nfs image: fedora/nginx ports: - name: web containerPort: 80 volumeMounts: # mount point in container - name: nfs-share mountPath: /usr/share/nginx/html volumes: - name: nfs-share persistentVolumeClaim: # PVC name you created claimName: nfs-pvc oc create -f nginx-nfs.yml pod "nginx-nfs" created [cent@ctrl ~]$ oc get pods NAME READY STATUS RESTARTS AGE nginx-nfs 1/1 Running 0 58s # shell access to container [cent@ctrl ~]$ oc exec -it nginx-nfs bash
# verify mounting [root@nginx-nfs /]# df /usr/share/nginx/html Filesystem 1K-blocks Used Available Use% Mounted on 10.0.0.35:/var/lib/nfs/share 27246080 1175040 26071040 5% /usr/share/nginx/html # create a test page [root@nginx-nfs /]# echo 'NFS Persistent Storage Test' > /usr/share/nginx/html/index.html [root@nginx-nfs /]# exit exit oc describe pod nginx-nfs | grep ^IP IP: 10.130.0.7 # verify accessing [cent@ctrl ~]$ curl 10.130.0.7 NFS Persistent Storage Test |
Sponsored Link |
|