Example: Statically Provisioning a Volume Using the Container Storage Interface (CSI) Storage Plugin
About this task
You can designate a volume for use with Kubernetes by specifying the volume parameters directly inside the PersistentVolume spec.
Suppose you want to get an application container up and running quickly in the HPE Ezmeral Data Fabric. You already have a file-system path that you want to use for the application. You only need the data accessible to read. To make this work, you must do the following:
Procedure
-
Generate a service ticket and set the
securityType
parameter in the PersistentVolume spec tosecure
if the volume to mount is on a secure cluster.See Generating a Service Ticket for more information. For example:kind: PersistentVolume metadata: name: pv-securepv-test namespace: test-csi spec: accessModes: … csi: … volumeAttributes: … securityType: "secure"
-
If the volume to mount is on a secure cluster, configure a Ticket Secret, and
include the base64-encoded contents of the ticket file in the Ticket
Secret.
For more information, see Configuring a Secret. The following table describes the properties of the Secret file:
Property Notes apiVersion
The Kubernetes API version. kind
The type of object being created. name
A string to identify the Secret. namespace
The namespace in which the Secret runs. type
The type of Secret being created. For type Opaque
, clients must treat these values as opaque and pass them unmodified back to the server.CONTAINER_TICKET
The contents of the ticket encoded in base64. If you specified secure
for thesecurityType
, you must provide the ticket. To encode the ticket, see Converting a String to Base64. You may remove the ticket if the cluster is not secure. -
Set the
runAsUser
and thefsGroup
parameters in the pod spec to the UID and GID of the user that created the ticket.For example:
The following table lists the properties specified in the sample pod spec:apiVersion: v1 kind: Pod metadata: name: test-pv1 namespace: test-csi spec: ... securityContext: runAsUser: 1000 fsGroup:2000 ...
Parameter Notes apiVersion
The Kubernetes API version for the pod spec. kind
The kind of object being created. For clarity, the example uses a naked pod. Generally, it is better to use a Deployment, DaemonSet, or StatefulSet for high availability (HA) and ease of upgrade. metadata: name
The pod name. metadata: namespace
The namespace in which the pod runs. securityContext: runAsUser
The user ID to run the container under. This user ID must be the same as the user ID for which the ticket was generated. securityContext: fsGroup
The group ID to run the container under. This group ID must be the same as the group ID of the user for which the ticket was generated. -
Point the
volumePath
in the CSI driver setting to the desired path, and fill in thecldbHosts
andcluster
information.For the complete list of volume attributes, seevolume create
; however, note that volume attributes likemount
,quota
,createparent
,path
, andname
are ignored when provisioning a volume. For more information, see Data Fabric Parameters for Static and Dynamic Provisioning.For example:
FUSEapiVersion: v1 kind: PersistentVolume metadata: name: test-simplepv namespace: test-csi spec: accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Delete capacity: storage: 5Gi csi: driver: com.mapr.csi-kdf volumeHandle: test-simplepv volumeAttributes: volumePath: "/" cluster: "clusterA" cldbHosts: "10.10.10.210" securityType: "secure" platinum: "true"
Loopback NFSThe following table lists the properties shown in the sample PersistentVolume spec:apiVersion: v1 kind: PersistentVolume metadata: name: test-simplepv namespace: test-csi spec: accessModes: - ReadWriteOnce persistentVolumeReclaimPolicy: Delete capacity: storage: 5Gi csi: driver: com.mapr.csi-nfskdf volumeHandle: test-simplepv volumeAttributes: volumePath: "/" cluster: "clusterA" cldbHosts: "10.10.10.210" securityType: "secure"
Parameter Notes apiVersion
The Kubernetes API version for the Pod spec. kind
The kind of object being created. metadata: name
The Pod name. metadata: namespace
The namespace in which the Pod runs. accessModes
How the PersistentVolume is mounted on the host. All modes work the same. For more information, see Access Modes.NOTEThe PV and PVC modes must be the same so that they can bind.csi: driver
The CSI Driver being used. Call it using one of these drivers: - FUSE driver:
com.mapr.csi-kdf
- Loopback NFS driver:
com.mapr.csi-nfskdf
csi: volumeHandle
The existing volume name or unique volume name for static provisioning. volumePath
The mount point within the filesystem. This parameter specifies an existing MapR path. cluster
The cluster name. cldbHosts
The DNS names or IP addresses of the CLDB hosts for the cluster. You must provide at least one CLDB host. For fault-tolerance, providing multiple CLDB hosts is recommended. To specify multiple hosts, separate each name or IP address by a space.
securityType
A parameter that indicates whether tickets are used or not used. If tickets are used, specify secure
. Otherwise, specifyunsecure
. - FUSE driver: