CentOS 7 : OpenShift : Persistent Storage : Server World

OpenShift Origin 3.6 : Use Persistent Storage

2017/12/10

Use Persistent Storage in OpenShift Cluster.

On this example, Configure NFS backend storage.

This example is based on the environment like follows.

-----------+--------------+------------------------------------------+------------
           |10.0.0.30     |             |10.0.0.51                   |10.0.0.52
+----------+-----------+  |  +----------+-----------+     +----------+-----------+
|  [  dlp.srv.world ]  |  |  | [ node01.srv.world ] |     | [ node02.srv.world ] |
|     (Master Node)    |  |  |    (Compute Node)    |     |    (Compute Node)    |
|     (Compute Node)   |  |  |                      |     |                      |
+----------------------+  |  +----------------------+     +----------------------+
                          |
+----------------------+  |
|  [  nfs.srv.world ]  |  |
|      NFS Server      +--+
|                      |10.0.0.35
+----------------------+

[1]	Configure NFS Server, refer to here. On this example, configure [/var/lib/nfs/share] directory on [nfs.srv.world] as a shared directory.
[2]	Login as Cluster admin user and create PV (Persistent Volume) object. And also add "anyuid" SCC (Security Context Constraints) to the authenticated users in Cluster.

# default SCC list

[origin@dlp ~]$

oc get scc

NAME             PRIV   CAPS  SELINUX     RUNASUSER        FSGROUP     SUPGROUP    PRIORITY   READONLYROOTFS
anyuid           false  []    MustRunAs   RunAsAny         RunAsAny    RunAsAny    10         false
hostaccess       false  []    MustRunAs   MustRunAsRange   MustRunAs   RunAsAny    <none>     false   ...
hostmount-anyuid false  []    MustRunAs   RunAsAny         RunAsAny    RunAsAny    <none>     false   ...
hostnetwork      false  []    MustRunAs   MustRunAsRange   MustRunAs   MustRunAs   <none>     false   ...
nonroot          false  []    MustRunAs   MustRunAsNonRoot RunAsAny    RunAsAny    <none>     false   ...
privileged       true   [*]   RunAsAny    RunAsAny         RunAsAny    RunAsAny    <none>     false   ...
restricted       false  []    MustRunAs   MustRunAsRange   MustRunAs   RunAsAny    <none>     false   ...

[origin@dlp ~]$

oc adm policy add-scc-to-group anyuid system:authenticated

# create PV setting file

[origin@dlp ~]$

vi nfs-pv.yml

apiVersion: v1
kind: PersistentVolume
metadata:
  # any PV name
  name: nfs-pv
spec:
  capacity:
    # storage size
    storage: 10Gi
  accessModes:
    # ReadWriteMany(RW from multi nodes), ReadWriteOnce(RW from a node), ReadOnlyMany(R from multi nodes)
    - ReadWriteMany
  persistentVolumeReclaimPolicy:
    # retain even if pods terminate
    Retain
  nfs:
    # NFS server's definition
    path: /var/lib/nfs/share
    server: 10.0.0.35
    readOnly: false

[origin@dlp ~]$

oc create -f nfs-pv.yml

persistentvolume "nfs-pv" created
[origin@dlp ~]$

oc get pv

NAME      CAPACITY   ACCESSMODES   RECLAIMPOLICY   STATUS      CLAIM     STORAGECLASS   REASON    AGE
nfs-pv    10Gi       RWX           Retain          Available                                      6s

[3]	Login as any user in Cluster and create PVC (Persistent Volume Claim) object.

# create PVC setting file

[cent@dlp ~]$

vi nfs-pvc.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  # any PVC name
  name: nfs-pvc
spec:
  accessModes:
  # ReadWriteMany(RW from multi nodes), ReadWriteOnce(RW from a node), ReadOnlyMany(R from multi nodes)
  - ReadWriteMany
  resources:
     requests:
       # storage size to use
       storage: 1Gi

[cent@dlp ~]$

oc create -f nfs-pvc.yml

persistentvolumeclaim "nfs-pvc" created
[cent@dlp ~]$

oc get pvc

NAME      STATUS    VOLUME    CAPACITY   ACCESSMODES   STORAGECLASS   AGE
nfs-pvc   Bound     nfs-pv    10Gi       RWX                          15s

[4]	On all Compute Nodes, Change SELinux boolean value.

[root@dlp ~]#

setsebool -P virt_use_nfs on

[5]	Login as a user who created PVC (Persistent Volume Claim) object and create a Pod which mounts NFS share.

# create Pod setting file

[cent@dlp ~]$

vi nginx-nfs.yml

apiVersion: v1
kind: Pod
metadata:
  # any Pod name
  name: nginx-nfs
  labels:
    name: nginx-nfs
spec:
  containers:
    - name: nginx-nfs
      image: fedora/nginx
      ports:
        - name: web
          containerPort: 80
      volumeMounts:
        # mount point in container
        - name: nfs-share
          mountPath: /usr/share/nginx/html
  volumes:
    - name: nfs-share
      persistentVolumeClaim:
        # PVC name you created
        claimName: nfs-pvc

[cent@dlp ~]$

oc create -f nginx-nfs.yml

pod "nginx-nfs" created
[cent@dlp ~]$

oc get pods

NAME        READY     STATUS    RESTARTS   AGE
nginx-nfs   1/1       Running   0          48s

# shell access to container

[cent@dlp ~]$

oc exec -it nginx-nfs bash

# verify mounting

[root@nginx-nfs /]#

df /usr/share/nginx/html

Filesystem                   1K-blocks    Used Available Use% Mounted on
10.0.0.35:/var/lib/nfs/share  27246080 1541632  25704448   6% /usr/share/nginx/html

# create a test page

[root@nginx-nfs /]#

echo 'NFS Persistent Storage Test' > /usr/share/nginx/html/index.html

[root@nginx-nfs /]#

exit

[cent@dlp ~]$

oc describe pod nginx-nfs | grep ^IP

IP:                     10.130.0.4

# verify accessing

[cent@dlp ~]$

curl 10.130.0.4

NFS Persistent Storage Test