Example: Statically Provisioning a Volume Using the Container Storage Interface (CSI) Storage Plugin

About this task

You can designate a volume for use with Kubernetes by specifying the volume parameters directly inside the PersistentVolume spec.

Suppose you want to get an application container up and running quickly in the HPE Ezmeral Data Fabric. You already have a file-system path that you want to use for the application. You only need the data accessible to read. To make this work, you must do the following:

Procedure

  1. Generate a service ticket and set the securityType parameter in the PersistentVolume spec to secure if the volume to mount is on a secure cluster.
    See Generating a Service Ticket for more information. For example:
    kind: PersistentVolume
    metadata:
      name: pv-securepv-test
      namespace: test-csi
      spec:
        accessModes:
        …
        csi:
          …
          volumeAttributes:
            …
            securityType: "secure"
  2. If the volume to mount is on a secure cluster, configure a Ticket Secret, and include the base64-encoded contents of the ticket file in the Ticket Secret.
    For more information, see Configuring a Secret. The following table describes the properties of the Secret file:
    Property Notes
    apiVersion The Kubernetes API version.
    kind The type of object being created.
    name A string to identify the Secret.
    namespace The namespace in which the Secret runs.
    type The type of Secret being created. For type Opaque, clients must treat these values as opaque and pass them unmodified back to the server.
    CONTAINER_TICKET The contents of the ticket encoded in base64. If you specified secure for the securityType, you must provide the ticket. To encode the ticket, see Converting a String to Base64. You may remove the ticket if the cluster is not secure.
  3. Set the runAsUser and the fsGroup parameters in the pod spec to the UID and GID of the user that created the ticket.
    For example:
    apiVersion: v1
    kind: Pod
    metadata:
      name: test-pv1
      namespace: test-csi
    spec:
      ...
      securityContext:
        runAsUser: 1000
        fsGroup:2000
      ...
    The following table lists the properties specified in the sample pod spec:
    Parameter Notes
    apiVersion The Kubernetes API version for the pod spec.
    kind The kind of object being created. For clarity, the example uses a naked pod. Generally, it is better to use a Deployment, DaemonSet, or StatefulSet for high availability (HA) and ease of upgrade.
    metadata: name The pod name.
    metadata: namespace The namespace in which the pod runs.
    securityContext: runAsUser The user ID to run the container under. This user ID must be the same as the user ID for which the ticket was generated.
    securityContext: fsGroup The group ID to run the container under. This group ID must be the same as the group ID of the user for which the ticket was generated.
  4. Point the volumePath in the CSI driver setting to the desired path, and fill in the cldbHosts and cluster information.
    For the complete list of volume attributes, see volume create; however, note that volume attributes like mount, quota, createparent, path, and name are ignored when provisioning a volume. For more information, see Data Fabric Parameters for Static and Dynamic Provisioning.

    For example:

    FUSE
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: test-simplepv
      namespace: test-csi
    spec:
      accessModes:
      - ReadWriteOnce
      persistentVolumeReclaimPolicy: Delete
      capacity:
        storage: 5Gi
      csi:
        driver: com.mapr.csi-kdf
        volumeHandle: test-simplepv
        volumeAttributes:
          volumePath: "/"
          cluster: "clusterA"
          cldbHosts: "10.10.10.210"
          securityType: "secure"
          platinum: "true"
    Loopback NFS
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: test-simplepv
      namespace: test-csi
    spec:
      accessModes:
      - ReadWriteOnce
      persistentVolumeReclaimPolicy: Delete
      capacity:
        storage: 5Gi
      csi:
        driver: com.mapr.csi-nfskdf
        volumeHandle: test-simplepv
        volumeAttributes:
          volumePath: "/"
          cluster: "clusterA"
          cldbHosts: "10.10.10.210"
          securityType: "secure"
    The following table lists the properties shown in the sample PersistentVolume spec:
    Parameter Notes
    apiVersion The Kubernetes API version for the Pod spec.
    kind The kind of object being created.
    metadata: name The Pod name.
    metadata: namespace The namespace in which the Pod runs.
    accessModes How the PersistentVolume is mounted on the host. All modes work the same.
    NOTE
    The PV and PVC modes must be the same so that they can bind.
    For more information, see Access Modes.
    csi: driver The CSI Driver being used. Call it using one of these drivers:
    • FUSE driver: com.mapr.csi-kdf
    • Loopback NFS driver: com.mapr.csi-nfskdf
    csi: volumeHandle The existing volume name or unique volume name for static provisioning.
    volumePath The mount point within the filesystem. This parameter specifies an existing MapR path.
    cluster The cluster name.
    cldbHosts The DNS names or IP addresses of the CLDB hosts for the cluster. You must provide at least one CLDB host. For fault-tolerance, providing multiple CLDB hosts is recommended.

    To specify multiple hosts, separate each name or IP address by a space.

    securityType A parameter that indicates whether tickets are used or not used. If tickets are used, specify secure. Otherwise, specify unsecure.