Skip to main content

Openshift/K8S: How to create an NFS Persistent Volume Claim for your Containers


 Unlike virtualization, in modern containerization technologies Kubernetes or Openshift doesn't include embedded storage with containers. Altough a standard vm contains embedded storage due to requirement of operation systems, already comes with virtual disks and it's storage space. 

In Kubernetes,  Openshift and other variants, as an Administrator, you need to preconfigure the storage for for your containers/pods. You or your administrator needs to provide your node to persistent storage space(s). This spaces can be traditional block storage (iscsi, fc), file storage (cifs,nfs) or cloud storage (s3,azure files,ebs).


Whatever technology you use, you need a Persistent Volume Claim (PVC) to provide persistent storage space to containers. 

As a first task, I recommend you to create a resource quota for your PVC to limit exhausting storage space. I'm going to tell openshift to limit "the project" or "namespace" to use total 500GB storage space and maximum allowed PVC count to limit 3. 

[ozgurkkisa@workstation ~]$oc create quota storage \
  --hard=requests.storage=500G,persistentvolumeclaims=3
In other words, an Admin or a Developer can create max 3 PvC and total 500 GB space for projects containers. So they would be create space for their containers, for instance pvc1 = 150 GB, pvc2 = 150 GB, pv3 = 200 GB.

At first, create an empty file with .yml extension. I named my file as pvc.yml:

[ozgurkkisa@workstation ~]$ touch pvc.yml
Open file that you created with your favorite  text editor. For example nano or vim. Then write or paste the content below :

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: Apache-www
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs-storage
  resources:
    requests:
      storage: 300Gi

In this example, I created a pvc named Apache-www, storage space as 300 GB and access mode as ReadWriteMany.

After you save your yml file, activate it by typing  :

[student@workstation ~]$ oc apply -f pvc.yml
persistentvolumeclaim/Apache-www created

Tip:If you made a mistake or simply delete the pvc that you create use :

oc delete persistentvolumeclaim Apache-www
persistentvolumeclaim "Apache-www" deleted
After applying change you may check your new PvC to by typing this command:

[student@workstation ~]$ oc get persistentvolumeclaims
NAME         STATUS  VOLUME   CAPACITY  ACCESS MODES  STORAGECLASS  AGE
Apache-www  Bound   pvc-...  300Gi       RWX           nfs-storage  15s
Our PvC is now ready! So we can use it in any container in project or namespace. To defining a PvC for container/pod, you have to put required info in yaml file of container application. For example, let's say we have an Apache application named httpd. We want to put our web site/application files to persistent storage. We have to provide the additional info in provisioning file : 


apiVersion: apps/v1
kind: Deployment
metadata:
   name: httpd
spec:
   replicas: 1
   selector:
      app: httpd
   template:
      metadata:
      labels:
      app: httpd
   spec:
      containers:
      - image: registy.access.redhat.com/rhscl/httpd-24-rhel7
        imagePullPolicy : Always
        name: httpd
        ports:
        - containerport: 8080
          protocol: TCP
        - containerPort: 8443
          protocol: TCP
        VolumeMounts:
        - mountPath: /var/www/html
          name: html
        restartPolicy: Always
        volumes: 
        - name: html
          persistenVolumeClaim:
             Apache-www
Be aware that marked with yellow lines. These are volume spesific data that bind persistent storage to our container/pod. In the sample above, we simply add persistent volume claim named Apache-www and it's related space to containers /var/www/html directory.

You can save the file as apache.yml. After required info added  and saved to file you need to create/redeploy your apache instance by running command : 


[ozgurkkisa@workstation ~]$ oc apply -f apache.yml

After a while, your new/existing pods would be created or redeployed. Wher your pods crashed or stopped, your data would be persisted in the storage. 

Hope to see in new articles and tips soon.

With my best wishes 😀






Labels:

Comments

Post a Comment

Popular posts from this blog

Openshift/K8S : Get routes hostnames and learn their reachability

  Undoubtedly, route have a key role to accessing your pods and their applications inside.  You may want to learn your whole Kubernetes or Openshift routes and their hostnames. Also you want to learn reachability of them. Here comes a shortcut! First step is creating a variable : hosts=$(oc get route -A \ -o jsonpath='{.items[*].spec.host}') You can ensure that just getting the hostnames,  rather than any other info by running : echo $hosts After this point we need a series of shell command to get names and HTTP status of our routes. For this task, write out the codes shown below :  for host in $hosts ; do \ curl https://$host -k -w "%{url_effective} %{http_code}\n" -o /dev/null -s ; \ done https://oauth-openshift.apps.ocp4.ozgurkkisa.com/ 403 https://console-openshift-console.apps.ocp4.ozgurkkisa.com/ 200 https://downloads-openshift-console.apps.ocp4.ozgurkkisa.com/ 200 https://alertmanager-main-openshift-monitoring.apps.ocp4.ozgurkkisa.com/ 403 https://grafa...
Post a Comment
Read more

K8S/OPENSHIFT: POD CRASHING,SECURITY CONTEXT CONTRAINTS PROBLEM?

  Your new daily given task is creating a new app in a new namespace. You investigated and found your image. Then you started to create your app. After app created you checked and realized that the your new apps pod is not starting! Here look at this example. I Used gitlab here as an instance. [ozgurk@myworkstation ~]$ oc new-app --name gitlab \ > --docker-image quay.io/redhattraining/gitlab-ce:8.4.3-ce.0 --> Creating resources ... imagestream.image.openshift.io "gitlab" created deployment.apps "gitlab" created service "gitlab" created --> Success  Until here, everything looking normal. Check your pod status :  [ozgurk@myworkstation ~]$ oc get pods NAME READY STATUS RESTARTS AGE gitlab-6d61db3479-yyjl 0/1 Error 1 43s As seen above, our pod is in a trouble. It's better to start investigation from pod logs. [ozgurk@myworkstation ~]$ oc logs pod/ gitlab-6d61db3479-yyjl ===========...
Post a Comment
Read more

OPENSHIFT/K8S: Enable HTPasswd Authentication for your Openshift Cluster

 Openshift provides different kind of authentication mechanisms for authentication. Openshift comes with a default kubeadmin user as a factory default. In addition to default admin, in real world you want different users with different permission levels to separate roles.  You can use Ldap, Github or Github Enterprise, Keystone Server, OpenID Connect or HTPasswd authentication. All these methods are named as Identity providers.All methods are external solutions or requires additional servers/services to deploy to authenticate except HTPasswd authentication. HTPasswd authentication  consist of simple and locally managed password files. Simply, you define usernames and equivalent password for them. htpasswd file contains a list of users and their secrets. HTPasswd files keeps users password encrypted by several encryption algorithms like, MD5(default), SHA1, SHA256 and Bcrypt (Most secure for htpasswd.) Screenshot 1- A simple and sample htpasswd file A simple htpasswd file...
Post a Comment
Read more