Example: Statically Provisioning a Data Fabric Volume Using the FlexVolume Plug-in
You can designate a Data Fabric volume for use with
Kubernetes by specifying the Data Fabric FlexVolume parameters
directly inside the Pod spec. In the Pod spec, you define a Kubernetes volume and add the
Data Fabric FlexVolume information to it. You can supply
path information by using the volumePath
parameter. The Kubernetes volume is
only as persistent as the Pod. By defining the volume this way, when the Pod is removed, the
Kubernetes volume is also immediately unmounted and removed. This approach to static
provisioning is most appropriate when you want to get up and running quickly or when you want
the Pod and Kubernetes volume lifecycle to be the same.
- Generate a Data Fabric service ticket, and set the
securityType
parameter in the Pod spec tosecure
. See Generating a Service Ticket. - Configure a Ticket Secret, and include the base64-encoded contents of the ticket file in the Ticket Secret. See Configuring a Secret.
- Set the
runAsUser
and thefsGroup
parameters to the UID and GID of the user that created the ticket. - Point the
volumePath
in theflexVolume
setting to the desired path, and fill in thecldbHosts
andcluster
information.
maprfs
StorageClass. If a default
StorageClass is not provided for GKE and AWS deployments, the volume is created using your
default StorageClass, which might not be a good fit. For information about changing the
default StorageClass, see Change the default StorageClass. apiVersion: v1
kind: Pod
metadata:
name: test-secure
namespace: mapr-examples
spec:
securityContext:
runAsUser: 1000
fsGroup: 2000
containers:
- name: mycontainer
image: myrepo/myorg/mycontainer
args:
- sleep
- "1000000"
imagePullPolicy: Always
resources:
requests:
memory: "2Gi"
cpu: "500m"
volumeMounts:
- mountPath: /mapr
name: maprvolume
volumes:
- name: maprvolume
flexVolume:
driver: "mapr.com/maprfs"
readOnly: true
options:
volumePath: "/path/to/data/in/mapr"
cluster: "mycluster"
cldbHosts: "cldb1 cldb2 cldb3"
securityType: "secure"
ticketSecretName: "mapr-ticket-secret"
ticketSecretNamespace: "mapr-examples"
---
apiVersion: v1
kind: Secret
metadata:
name: mapr-ticket-secret
namespace: mapr-examples
type: Opaque
data:
CONTAINER_TICKET: <BASE64 ENCODED VERSION OF CONTENTS OF TICKET FILE>
The following tables describe the parameters in the example:
Pod
Parameter | Notes |
apiVersion |
The Kubernetes API version for the Pod spec. |
kind |
The kind of object being created. For clarity, the example uses a naked Pod. Generally, it is better to use a Deployment, DaemonSet, or StatefulSet for high availability (HA) and ease of upgrade. |
metadata: name |
The Pod name. |
metadata: namespace |
The namespace in which the Pod runs. |
securityContext: runAsUser |
The user ID to run the container under. This user ID must be the same as the user ID for which the ticket was generated. |
securityContext: fsGroup |
The group ID to run the container under. This group ID must be the same as the group ID of the user for which the ticket was generated. |
volumeMounts: mountPath |
A directory inside the container that is designated as the mount path. |
volumeMounts: name |
A name that you assign to the Kubernetes volumeMounts resource.
Matches with Volumes: name . |
Volumes: name |
A string to identify the name of the Kubernetes volumes
resource. Matches with volumeMounts: name . |
flexVolume: driver |
The Data Fabric FlexVolume driver being used.
Call it using this driver: mapr.com/maprfs . |
flexVolume: readOnly |
Specifies that the FlexVolume driver should tell the Data Fabric POSIX Client to mount the volume with the read-only flag. |
volumePath |
The mount point within the Data Fabric file
system. This parameter specifies an existing Data Fabric path. For example, you can specify the root volume as "/" ,
providing access to the entire filesystem. |
cluster |
The Data Fabric cluster name. |
cldbHosts |
The DNS names or IP addresses of the CLDB hosts for the Data Fabric cluster. You must provide at least one CLDB host. For fault-tolerance, providing multiple CLDB hosts is recommended. To specify multiple hosts, separate each name or IP address by a space. |
securityType |
A parameter that indicates whether Data Fabric
tickets are used or not used. If Data Fabric tickets
are used, specify secure . Otherwise, specify
unsecure . |
ticketSecretName |
The name of the Secret that contains the ticket to use when mounting to the Data Fabric cluster. See Configuring a Secret. |
ticketSecretNamespace |
The namespace that contains the Secret. See Configuring a Secret |
Secret
Parameter | Notes |
apiVersion |
The Kubernetes API version. |
kind |
The type of object being created. |
name |
A string to identify the Secret. |
namespace |
The namespace in which the Secret runs. |
type |
The type of Secret being created. For type Opaque , clients must
treat these values as opaque and pass them unmodified back to the server. |
CONTAINER_TICKET |
The contents of the Data Fabric ticket encoded in
base64. If you specified secure for the
securityType , you must provide the ticket. To encode the ticket, see
Converting a String to Base64. You may remove the
ticket if the Data Fabric cluster is not
secure. |