Example: Mounting a PersistentVolume for Static Provisioning Using the FlexVolume Driver

For static provisioning, configuring a PersistentVolume has some advantages over annotating Kubernetes volume information in a Pod spec:
  • The configuration file can be shared for use by multiple Pod specs.
  • The configuration file enables the PersistentVolume to be mounted and available even when the Pod spec that references it is removed.
For example: A marketing volume exists in the Data Fabric file system under the path /Departments/Marketing. An administrator wants to statically provision this volume and make it available to multiple users. It is critical that data access is as fast as possible. To make this work, the administrator must:
  1. Create a PersistentVolume (PV).
  2. Set the AccessMode of the PV to ReadWriteOnce.
  3. Create a PersistentVolumeClaim (PVC) spec.
  4. Set the AccessMode of the PVC to ReadWriteOnce.
  5. Create the Pod spec.
  6. Generate a Data Fabric service ticket, and set the flexVolume securityType parameter to secure. For information about generating a service ticket, see Generating a Service Ticket.
  7. Configure a Ticket Secret, and include the base64-encoded contents of the ticket file in the Ticket Secret. See Configuring a Secret.
  8. Set the runAsUser and the fsGroup parameters to the UID and GID of the user that created the ticket.
  9. Set the platinum parameter in the Pod spec to platinum: "true". See Enabling the Platinum Posix Client for Kubernetes Interfaces for Data Fabric FlexVolume Driver.
  10. Point the volumePath in the flexVolume setting to the desired Data Fabric path.
  11. Fill in the cldbHosts and cluster information.
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-testsecure1
  namespace: mapr-examples
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  claimRef:
    namespace: mapr-examples
    name: pvc-testsecure1
  flexVolume:
    driver: "mapr.com/maprfs"
    options:
      platinum: "true"
      cluster: "mycluster"
      cldbHosts: "cldb1 cldb2 cldb3"
      volumePath: "/path/in/mapr"
      securityType: "secure"
      ticketSecretName: "mapr-ticket-secret"
      ticketSecretNamespace: "mapr-examples"
---
apiVersion: v1
kind: Pod
metadata:
  name: test-securepv
  namespace: mapr-examples
spec:
  containers:
  - name: mycontainer
    image: myrepo/myorg/mycontainer
    args:
    - sleep
    - "1000000"
    resources:
      requests:
        memory: "2Gi"
        cpu: "500m"
    volumeMounts:
    - mountPath: /mapr
      name: maprvolume
  volumes:
    - name: maprvolume
      persistentVolumeClaim:
        claimName: pvc-testsecure1
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-testsecure1
  namespace: mapr-examples
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5G
---
apiVersion: v1
kind: Secret
metadata:
  name: mapr-ticket-secret
  namespace: mapr-examples
type: Opaque
data:
  CONTAINER_TICKET: <BASE64-ENCODED VERSION OF TICKET-FILE CONTENTS>

PersistentVolume (PV)

Parameter Notes
Capacity Specifies how big the allocated storage should be. This value is not validated against the Data Fabric quota or advisory quota. It is up to the person creating the PV to specify this value accurately.
accessModes How the PersistentVolume is mounted on the host. It's important that the PV and PVC modes are the same so that they can bind. For more information, see Kubernetes Access Modes and Access Modes.
persistentVolumeReclaimPolicy Specifies what happens to the volume when it is released by its claim. The Retain value keeps the PVC around for manual cleanup. Delete deletes the PV from Kubernetes.
NOTE
If this volume was created using dynamic provisioning, Delete causes the underlying volume to be deleted. Recycle is not supported by Kubernetes FlexVolumes. For more information, see Reclaiming.
claimRef Specifies a default PVC to bind to. If unspecified, the PV selected for a PVC is randomly allocated based on the access mode and provides at least as much storage capacity as requested by the PVC.
flexVolume: driver The Data Fabric FlexVolume driver being used. Call it by specifying driver: mapr.com/maprfs.
platinum If set to platinum: "true", the POSIX client uses the platinum driver for better performance. Note that the platinum driver consumes more host resources and Data Fabric Platinum licenses.
cluster The Data Fabric cluster name.
cldbHosts The hostname or IP addresses of the CLDB hosts for the Data Fabric cluster. You must provide at least one CLDB host. For fault-tolerance, providing multiple CLDB hosts is recommended. To specify multiple hosts, separate each name or IP address by a space.
volumePath The mount point within the Data Fabric file system. This parameter specifies an existing Data Fabric path. For example, you can specify the root volume as "/", providing access to the entire filesystem.
securityType A parameter that indicates whether Data Fabric tickets are used or not used. If Data Fabric tickets are used, specify secure. Otherwise, specify unsecure.
ticketSecretName The name of the Ticket Secret that contains the ticket to use when mounting to the Data Fabric cluster. See Configuring a Secret.
ticketSecretNamespace The namespace that contains the Ticket Secret. Use the same namespace as the namespace used by the Pod.

Pod

Parameter Notes
apiVersion The Kubernetes API version for the Pod spec.
kind The kind of object being created. The example uses a naked Pod for clarity. Generally, it is better to use a Deployment, DaemonSet, or StatefulSet for high availability and ease of upgrade.
metadata: name The Pod name.
metadata: namespace The namespace in which the Pod runs.
volumeMounts: mountPath A directory inside the container that is designated as the mount path.
volumeMounts: name A name that you assign to the Kubernetes volumeMounts resource. This value should match Volumes: name.
Volumes: name A string to identify the name of the Kubernetes volumes resource. This value should match volumeMounts: name.

PersistentVolumeClaim (PVC)

Parameter Notes
AccessMode How the requested PersistentVolume is mounted on the host. It's important that the PV and PVC modes are the same so that they can bind. For more information, see Kubernetes Access Modes and Access Modes.

Secret

Parameter Notes
metadata: name The name of the Ticket Secret. See Configuring a Secret
metadata: namespace The namespace in which the Ticket Secret runs.
CONTAINER_TICKET The contents of the Data Fabric ticket encoded in base64. If you specified secure for the securityType, you must provide the ticket. To encode the ticket, see Converting a String to Base64. You may remove the ticket if the Data Fabric cluster is not secure.