Example: Mounting a PersistentVolume for Dynamic Provisioning Using the FlexVolume Driver

This example also uses a PersistentVolume. However, unlike the previous example, when you use the Data Fabric dynamic provisioner, you do not need to create a PersistentVolume manually. The PersistentVolume is created automatically based on the parameters specified in the referenced StorageClass.

Dynamic provisioning is useful in cases where you do not want Data Fabric and Kubernetes administrators to create storage manually to store the Pod storage state.

The following example uses a PersistentVolumeClaim that references a Storage Class. In this example, a Kubernetes Administrator has created a storage class called secure-maprfs for Pod creators to use when they want to create persistent storage for their Pods. In this example, it is important for the created Pod storage to survive the deletion of a Pod.

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
   name: secure-maprfs
   namespace: mapr-examples
provisioner: mapr.com/maprfs
parameters:
    restServers: "rest1:8443"
    cldbHosts: "cldb1 cldb2 cldb3"
    cluster: "mysecurecluster"
    securityType: "secure"
    ticketSecretName: "mapr-ticket-secret"
    ticketSecretNamespace: "mapr-examples"
    maprSecretName: "mapr-provisioner-secrets"
    maprSecretNamespace: "mapr-examples"
    namePrefix: "pv"
    mountPrefix: "/pv"
    readOnly: "true"
    reclaimPolicy: "Retain"
    advisoryquota: "100M"
    readonly: "1"

---

kind: Pod
apiVersion: v1
metadata:
  name: test-secure-provisioner
  namespace: mapr-examples
spec:
  containers:
  - name: busybox
    image: busybox
    args:
    - sleep
    - "1000000"
    imagePullPolicy: Always
    volumeMounts:
      - name: maprfs-pvc
        mountPath: "/dynvolume"
  restartPolicy: "Never"
  volumes:
    - name: maprfs-pvc
      persistentVolumeClaim:
        claimName: maprfs-secure-pvc

---

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: maprfs-secure-pvc
  namespace: mapr-examples
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: secure-maprfs
  resources:
    requests:
      storage: 300M
---

apiVersion: v1
kind: Secret
metadata:
  name: mapr-provisioner-secrets
  namespace: mapr-examples
type: Opaque
data:
  MAPR_CLUSTER_USER: CHANGETHIS!
  MAPR_CLUSTER_PASSWORD: CHANGETHIS!

---

apiVersion: v1
kind: Secret
metadata:
  name: mapr-ticket-secret
  namespace: mapr-examples
type: Opaque
data:
  CONTAINER_TICKET: <BASE64 ENCODED VERSION OF CONTENTS OF TICKET FILE>

The following tables describe the parameters in the example:

StorageClass

Parameter	Notes
`apiVersion`	The Kubernetes APi version for the StorageClass spec.
`kind`	The kind of object being created. This is a StorageClass.
`metadata: name`	The name of the StorageClass. Administrators should specify the name carefully because it will be used by Pod authors to help select the right StorageClass for their needs.
`metadata: namespace`	The namespace in which the StorageClass runs. This namespace can be different from the namespace used by the PVC and Pod, since the StorageClass namespace can be a cross-namespace resource.
`provisioner`	The provisioner being used. for the Data Fabric provisioner, specify `mapr.com/maprfs`.
`restServers`	A space-separated list of Data Fabric webservers. Specify the hostname or IP address and port number of each REST server for the Data Fabric cluster. For fault tolerance, providing multiple REST server hosts is recommended.
`cldbHosts`	The hostname or IP addresses of the CLDB hosts for the Data Fabric cluster. You must provide at least one CLDB host. For fault-tolerance, providing multiple CLDB hosts is recommended. To specify multiple hosts, separate each name or IP address by a space.
`cluster`	The Data Fabric cluster name.
`securityType`	A parameter that indicates whether Data Fabric tickets are used or not used. If Data Fabric tickets are used, specify `secure`. Otherwise, specify `unsecure`.
`ticketSecretName`	The name of the Secret that contains the ticket to use when mounting to the Data Fabric cluster. See Configuring a Secret.
`ticketSecretNamespace`	The namespace that contains the Secret. Use the same namespace as the namespace used by the Pod.
`maprSecretName`	The name of the Kubernetes Secret that is used to store Data Fabric administrative credentials (user, password, and ticket information for the Data Fabric webserver). To use the provisioner, you must configure a Secret. See Configuring a Secret.
`maprSecretNamespace`	The namespace for the Secret containing the Data Fabric administrative credentials (user name and password information for a Data Fabric user that has the privileges to create Data Fabric volumes). This namespace can be different from the namespace used by the Pod, since a Pod author or namespace admin might not be trusted to create administration Secrets for the Data Fabric cluster.
`namePrefix`	A prefix for the Data Fabric volume to be created. For example, if you specify `PV` as the `namePrefix`, the first dynamically created volume might be named `PV.bevefsescr`. The provisioner generates random names using lower-case letters. If you do not specify a prefix, the provisioner uses `maprprovisioner` as a prefix.
`mountPrefix`	The parent path of the mount in Data Fabric file system. If you do not specify a mount prefix, the provisioner mounts your volume under the Data Fabric root.
`readOnly`	This parameter specifies that the POSIX driver should mount the Data Fabric path as read only. This is different from the `readonly` parameter for volume creation that creates the volume as read only.
`reclaimPolicy`	Kubernetes does not currently support passing a non-delete reclaim policy to the StorageClass. This parameter allows you to specify `Retain`. This ensures that provisioned volumes are not automatically deleted when their calling Pods are deleted. If you specify `Retain`, you must clean up your provisioned volumes manually.
`advisoryquota`	The advisory storage quota for the Data Fabric volume. `advisoryquota` is one of the Data Fabric parameters that you can specify for dynamic provisioning. For more information, see Before You Begin.
`readonly`	When the value is `1`, this parameter specifies that the Data Fabric volume should be created as read-only. This is different from the `readOnly` parameter that mounts the Data Fabric path as read only.

Pod

Parameter	Notes
`apiVersion`	The Kubernetes API version for the Pod spec.
`kind`	The kind of object being created. For clarity, this example uses a naked Pod. Generally, it is better to use a Deployment, DaemonSet, or StatefulSet for high availability and ease of upgrade.
`metadata: name`	The Pod name.
`metadata: namespace`	The namespace in which the Pod runs. It should be the same namespace in which the PVC runs.
`volumeMounts: mountPath`	A directory inside the container that is designated as the mount path.
`volumeMounts: name`	A name that you assign to the Kubernetes `volumeMounts` resource. The value should match `Volumes: name`.
`Volumes: name`	A string to identify the name of the Kubernetes `volumes` resource. The value should match `volumeMounts: name`.
`persistentVolumeClaim: claimName`	The name of the PersistentVolumeClaim (PVC). For more information, see PersistentVolumeClaims.

PVC

Parameter	Notes
`apiVersion`	The Kubernetes API version for the Pod spec.
`kind`	The kind of object being created. This is a PersistentVolumeClaim (PVC).
`metadata: name`	The PVC name.
`metadata: namespace`	The namespace in which the PVC runs. This should be the same namespace used by the Pod.
`accessModes`	How the PersistentVolume is mounted on the host. (This is a limitation of the FlexVolume driver.) For more information, see Access Modes.
`storageClassName`	The name of the storage class requested by the PersistentVolumeClaim. For more information, see Dynamic Provisioning and Storage Classes.
`requests: storage`	The storage resources being requested, or that were requested and have been allocated. The Pod author can use this parameter to tell Data Fabric how much quota is needed for the Data Fabric volume. For the units, see Resource Model.

Provisioner Secret

In the mapr-provisioner-secrets Secret:

Parameter	Notes
`MAPR_CLUSTER_USER`	This is the base64-encoded user ID used to log in to the Data Fabric REST server and create or delete volumes. See Converting a String to Base64. For more information about Secrets, see Secrets.
`MAPR_CLUSTER_PASSWORD`	This is the base64-encoded password for the MAPR_CLUSTER_USER. See Converting a String to Base64. For more information about Secrets, see Secrets.

Ticket Secret

In the mapr-ticket-secret Secret:

Parameter	Notes
`CONTAINER_TICKET`	The contents of the Data Fabric ticket encoded in base64. If you specified `secure` for the `securityType`, you must provide the ticket. To encode the ticket, see Converting a String to Base64. You may remove the ticket if the Data Fabric cluster is not secure. For more information about Secrets, see Secrets.

HPE Ezmeral Data Fabric – Customer-Managed 7.9.0 Documentation
Abstract	This site contains documentation for the customer-managed platform of the HPE Ezmeral Data Fabric version 7.9.0 including installation, configuration, administration, and reference content, as well as content for the associated bundled ecosystem components and drivers.
Published	November 2024
Edition	7.9.0