Example: Mounting a PersistentVolume for Static Provisioning Using the FlexVolume Driver
For static provisioning, configuring a PersistentVolume has some advantages over annotating
Kubernetes volume information in a Pod spec:
- The configuration file can be shared for use by multiple Pod specs.
- The configuration file enables the PersistentVolume to be mounted and available even when the Pod spec that references it is removed.
For example: A marketing volume exists in the MapR filesystem under the path
/Departments/Marketing
. An administrator wants to statically provision this
volume and make it available to multiple users. It is critical that data access is as fast as
possible. To make this work, the administrator must:- Create a PersistentVolume (PV).
- Set the
AccessMode
of the PV toReadWriteOnce
. - Create a PersistentVolumeClaim (PVC) spec.
- Set the
AccessMode
of the PVC toReadWriteOnce
. - Create the Pod spec.
- Generate a MapR service ticket, and set the
flexVolume securityType
parameter tosecure
. For information about generating a service ticket, see Generating a Service Ticket. - Configure a Ticket Secret, and include the base64-encoded contents of the ticket file in the Ticket Secret. See Configuring a Secret.
- Set the
runAsUser
and thefsGroup
parameters to the UID and GID of the user that created the ticket. - Set the
platinum
parameter in the Pod spec toplatinum: "true"
. See Enabling the Platinum Posix Client for Kubernetes Interfaces for Data Fabric FlexVolume Driver. - Point the
volumePath
in theflexVolume
setting to the desired MapR path. - Fill in the
cldbHosts
andcluster
information.
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-testsecure1
namespace: mapr-examples
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
claimRef:
namespace: mapr-examples
name: pvc-testsecure1
flexVolume:
driver: "mapr.com/maprfs"
options:
platinum: "true"
cluster: "mycluster"
cldbHosts: "cldb1 cldb2 cldb3"
volumePath: "/path/in/mapr"
securityType: "secure"
ticketSecretName: "mapr-ticket-secret"
ticketSecretNamespace: "mapr-examples"
---
apiVersion: v1
kind: Pod
metadata:
name: test-securepv
namespace: mapr-examples
spec:
containers:
- name: mycontainer
image: myrepo/myorg/mycontainer
args:
- sleep
- "1000000"
resources:
requests:
memory: "2Gi"
cpu: "500m"
volumeMounts:
- mountPath: /mapr
name: maprvolume
volumes:
- name: maprvolume
persistentVolumeClaim:
claimName: pvc-testsecure1
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-testsecure1
namespace: mapr-examples
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5G
---
apiVersion: v1
kind: Secret
metadata:
name: mapr-ticket-secret
namespace: mapr-examples
type: Opaque
data:
CONTAINER_TICKET: <BASE64-ENCODED VERSION OF TICKET-FILE CONTENTS>
PersistentVolume (PV)
Parameter | Notes |
Capacity |
Specifies how big the allocated storage should be. This value is not validated against the MapR quota or advisory quota. It is up to the person creating the PV to specify this value accurately. |
accessModes |
How the PersistentVolume is mounted on the host. It's important that the PV and PVC modes are the same so that they can bind. For more information, see Kubernetes Access Modes and Access Modes. |
persistentVolumeReclaimPolicy |
Specifies what happens to the volume when it is released by its claim. The
Retain value keeps the PVC around for manual cleanup.
Delete deletes the PV from Kubernetes. NOTE If this volume was
created using dynamic provisioning, Delete causes the underlying
volume to be deleted. Recycle is not supported by Kubernetes
FlexVolumes. For more information, see Reclaiming. |
claimRef |
Specifies a default PVC to bind to. If unspecified, the PV selected for a PVC is randomly allocated based on the access mode and provides at least as much storage capacity as requested by the PVC. |
flexVolume: driver |
The MapR FlexVolume driver being used. Call it by specifying driver:
mapr.com/maprfs . |
platinum |
If set to platinum: "true" , the POSIX client uses the platinum
driver for better performance. Note that the platinum driver consumes more host
resources and MapR Platinum licenses. |
cluster |
The MapR cluster name. |
cldbHosts |
The hostname or IP addresses of the CLDB hosts for the MapR cluster. You must provide at least one CLDB host. For fault-tolerance, providing multiple CLDB hosts is recommended. To specify multiple hosts, separate each name or IP address by a space. |
volumePath |
The mount point within the MapR filesystem. This parameter specifies an existing
MapR path. For example, you can specify the root volume as "/" ,
providing access to the entire filesystem. |
securityType |
A parameter that indicates whether MapR tickets are used or not used. If MapR
tickets are used, specify secure . Otherwise, specify
unsecure . |
ticketSecretName |
The name of the Ticket Secret that contains the ticket to use when mounting to the MapR cluster. See Configuring a Secret. |
ticketSecretNamespace |
The namespace that contains the Ticket Secret. Use the same namespace as the namespace used by the Pod. |
Pod
Parameter | Notes |
apiVersion |
The Kubernetes API version for the Pod spec. |
kind |
The kind of object being created. The example uses a naked Pod for clarity. Generally, it is better to use a Deployment, DaemonSet, or StatefulSet for high availability and ease of upgrade. |
metadata: name |
The Pod name. |
metadata: namespace |
The namespace in which the Pod runs. |
volumeMounts: mountPath |
A directory inside the container that is designated as the mount path. |
volumeMounts: name |
A name that you assign to the Kubernetes volumeMounts resource.
This value should match Volumes: name . |
Volumes: name |
A string to identify the name of the Kubernetes volumes
resource. This value should match volumeMounts: name . |
PersistentVolumeClaim (PVC)
Parameter | Notes |
---|---|
AccessMode |
How the requested PersistentVolume is mounted on the host. It's important that the PV and PVC modes are the same so that they can bind. For more information, see Kubernetes Access Modes and Access Modes. |
Secret
Parameter | Notes |
---|---|
metadata: name |
The name of the Ticket Secret. See Configuring a Secret |
metadata: namespace |
The namespace in which the Ticket Secret runs. |
CONTAINER_TICKET |
The contents of the MapR ticket encoded in base64. If you specified
secure for the securityType , you must provide the
ticket. To encode the ticket, see Converting a String to Base64. You may remove the ticket if
the MapR cluster is not secure. |