Example: Mounting a PersistentVolume for Static Provisioning Using the FlexVolume Driver
For static provisioning, configuring a PersistentVolume has some advantages over annotating
Kubernetes volume information in a Pod spec:
- The configuration file can be shared for use by multiple Pod specs.
- The configuration file enables the PersistentVolume to be mounted and available even when the Pod spec that references it is removed.
For example: A marketing volume exists in the Data Fabric
file system under the path
/Departments/Marketing
. An administrator wants to
statically provision this volume and make it available to multiple users. It is critical that
data access is as fast as possible. To make this work, the administrator must:- Create a PersistentVolume (PV).
- Set the
AccessMode
of the PV toReadWriteOnce
. - Create a PersistentVolumeClaim (PVC) spec.
- Set the
AccessMode
of the PVC toReadWriteOnce
. - Create the Pod spec.
- Generate a Data Fabric service ticket, and set the
flexVolume securityType
parameter tosecure
. For information about generating a service ticket, see Generating a Service Ticket. - Configure a Ticket Secret, and include the base64-encoded contents of the ticket file in the Ticket Secret. See Configuring a Secret.
- Set the
runAsUser
and thefsGroup
parameters to the UID and GID of the user that created the ticket. - Set the
platinum
parameter in the Pod spec toplatinum: "true"
. See Enabling the Platinum Posix Client for Kubernetes Interfaces for Data Fabric FlexVolume Driver. - Point the
volumePath
in theflexVolume
setting to the desired Data Fabric path. - Fill in the
cldbHosts
andcluster
information.
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-testsecure1
namespace: mapr-examples
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
claimRef:
namespace: mapr-examples
name: pvc-testsecure1
flexVolume:
driver: "mapr.com/maprfs"
options:
platinum: "true"
cluster: "mycluster"
cldbHosts: "cldb1 cldb2 cldb3"
volumePath: "/path/in/mapr"
securityType: "secure"
ticketSecretName: "mapr-ticket-secret"
ticketSecretNamespace: "mapr-examples"
---
apiVersion: v1
kind: Pod
metadata:
name: test-securepv
namespace: mapr-examples
spec:
containers:
- name: mycontainer
image: myrepo/myorg/mycontainer
args:
- sleep
- "1000000"
resources:
requests:
memory: "2Gi"
cpu: "500m"
volumeMounts:
- mountPath: /mapr
name: maprvolume
volumes:
- name: maprvolume
persistentVolumeClaim:
claimName: pvc-testsecure1
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-testsecure1
namespace: mapr-examples
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5G
---
apiVersion: v1
kind: Secret
metadata:
name: mapr-ticket-secret
namespace: mapr-examples
type: Opaque
data:
CONTAINER_TICKET: <BASE64-ENCODED VERSION OF TICKET-FILE CONTENTS>
PersistentVolume (PV)
Parameter | Notes |
Capacity |
Specifies how big the allocated storage should be. This value is not validated against the Data Fabric quota or advisory quota. It is up to the person creating the PV to specify this value accurately. |
accessModes |
How the PersistentVolume is mounted on the host. It's important that the PV and PVC modes are the same so that they can bind. For more information, see Kubernetes Access Modes and Access Modes. |
persistentVolumeReclaimPolicy |
Specifies what happens to the volume when it is released by its claim. The
Retain value keeps the PVC around for manual cleanup.
Delete deletes the PV from Kubernetes. NOTE If this volume was
created using dynamic provisioning, Delete causes the underlying
volume to be deleted. Recycle is not supported by Kubernetes
FlexVolumes. For more information, see Reclaiming. |
claimRef |
Specifies a default PVC to bind to. If unspecified, the PV selected for a PVC is randomly allocated based on the access mode and provides at least as much storage capacity as requested by the PVC. |
flexVolume: driver |
The Data Fabric FlexVolume driver being used.
Call it by specifying driver: mapr.com/maprfs . |
platinum |
If set to platinum: "true" , the POSIX client uses the platinum
driver for better performance. Note that the platinum driver consumes more host
resources and Data Fabric Platinum licenses. |
cluster |
The Data Fabric cluster name. |
cldbHosts |
The hostname or IP addresses of the CLDB hosts for the Data Fabric cluster. You must provide at least one CLDB host. For fault-tolerance, providing multiple CLDB hosts is recommended. To specify multiple hosts, separate each name or IP address by a space. |
volumePath |
The mount point within the Data Fabric file
system. This parameter specifies an existing Data Fabric path. For example, you can specify the root volume as "/" ,
providing access to the entire filesystem. |
securityType |
A parameter that indicates whether Data Fabric
tickets are used or not used. If Data Fabric tickets
are used, specify secure . Otherwise, specify
unsecure . |
ticketSecretName |
The name of the Ticket Secret that contains the ticket to use when mounting to the Data Fabric cluster. See Configuring a Secret. |
ticketSecretNamespace |
The namespace that contains the Ticket Secret. Use the same namespace as the namespace used by the Pod. |
Pod
Parameter | Notes |
apiVersion |
The Kubernetes API version for the Pod spec. |
kind |
The kind of object being created. The example uses a naked Pod for clarity. Generally, it is better to use a Deployment, DaemonSet, or StatefulSet for high availability and ease of upgrade. |
metadata: name |
The Pod name. |
metadata: namespace |
The namespace in which the Pod runs. |
volumeMounts: mountPath |
A directory inside the container that is designated as the mount path. |
volumeMounts: name |
A name that you assign to the Kubernetes volumeMounts resource.
This value should match Volumes: name . |
Volumes: name |
A string to identify the name of the Kubernetes volumes
resource. This value should match volumeMounts: name . |
PersistentVolumeClaim (PVC)
Parameter | Notes |
---|---|
AccessMode |
How the requested PersistentVolume is mounted on the host. It's important that the PV and PVC modes are the same so that they can bind. For more information, see Kubernetes Access Modes and Access Modes. |
Secret
Parameter | Notes |
---|---|
metadata: name |
The name of the Ticket Secret. See Configuring a Secret |
metadata: namespace |
The namespace in which the Ticket Secret runs. |
CONTAINER_TICKET |
The contents of the Data Fabric ticket encoded in
base64. If you specified secure for the securityType ,
you must provide the ticket. To encode the ticket, see Converting a String to Base64. You may remove the ticket if
the Data Fabric cluster is not secure. |