Steps to set up NFS based Persistent Volumes
Lets first update the default security context for the current namespace to enable containers to run with privileged permissions. This is needed to make sure postgres has the permissions to write files to database path, which is restricted by default.
oc login -u system:admin oc adm policy add-scc-to-user privileged -z default oc login -u developer oc project instavote
In order to use the dynamic provisioning, lets first update the db deploymentconfig with volume and volumeMounts configs as given in example below.
apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: name: db namespace: instavote spec: replicas: 1 selector: tier: back app: postgres minReadySeconds: 10 template: metadata: labels: app: postgres role: db tier: back version: "9.4" spec: containers: - image: postgres:9.4 imagePullPolicy: Always name: db ports: - containerPort: 5432 protocol: TCP securityContext: privileged: true volumeMounts: - name: db-vol mountPath: /var/lib/postgresql/data #create a volume with pvc volumes: - name: db-vol persistentVolumeClaim: claimName: db-pvc
Apply db-dc-pvc.yaml as
oc apply -f db-dc-pvc.yaml oc get pod -o wide --selector='role=db' oc get pvc,pv
- Observe and note which host the pod for db is launched.
- What state is it in ? why?
Creating a Persistent Volume Claim
switch to project directory
Create the following file with the specs below
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: db-pvc spec: accessModes: - ReadWriteOnce volumeMode: Filesystem resources: requests: storage: 2Gi storageClassName: nfs
create the Persistent Volume Claim and validate
oc get pvc oc apply -f db-pvc.yaml oc get pvc,pv
Set up NFS Provisioner in kubernetes
Change into nfs provisioner installation dir
Deploy nfs-client provisioner.
oc login -u system:admin -n instavote oc apply -f nfs/
This will create all the objects required to setup a nfs provisioner. It would be launched with Statefulsets. Read the official documentation on Statefulsets to understand how its differnt than deployments.
oc get pods
[root@demo-02 storage]# oc get pods NAME READY STATUS RESTARTS AGE nfs-provisioner-0 1/1 Running 0 43s
- Do you see the pod nfs-provisioner-0 created ? If no, why? Try to find the root cause.
oc get sts oc describe sts nfs-provisioner
This should tell you that the requested kernel capabilities can not be provided. Why ?
oc adm policy add-scc-to-user privileged -z nfs-provisioner
- How does the above command fix it ? What does it do?
Now lets continue with the persistent volume setup.
oc get storageclass oc get pods oc logs -f nfs-provisioner-0
Now, observe the output of the following commands,
oc get pvc,pv oc get pods
- Do you see pvc bound to pv ?
- Do you see the pod for db running ?
Observe the dynamic provisioning, go to the host which is running nfs provisioner and look inside /srv path to find the provisioned volume.
In this lab, you not only setup dynamic provisioning using NFS, but also learnt about statefulsets as well as rbac policies applied to the nfs provisioner.