diff --git a/_topic_map.yml b/_topic_map.yml index 48ae2ca37c..8a87d4c90c 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -359,6 +359,8 @@ Topics: File: persistent-storage-iscsi - Name: Persistent storage using Container Storage Interface (CSI) File: persistent-storage-csi + - Name: Persistent storage using OpenStack Manila + File: persistent-storage-manila - Name: Dynamic provisioning File: dynamic-provisioning --- diff --git a/modules/persistent-storage-manila-install.adoc b/modules/persistent-storage-manila-install.adoc new file mode 100644 index 0000000000..7ac04c2f11 --- /dev/null +++ b/modules/persistent-storage-manila-install.adoc @@ -0,0 +1,150 @@ +// Module included in the following assemblies: +// +// * storage/persistent-storage/persistent-storage-manila.adoc + +[id="persistent-storage-manila-install-{context}"] += Installing the external provisioner + +To use OpenStack Manila persistent storage you must install +and configure an external provisioner in the {product-title} +cluster. + +The external provisioner is distributed as a container image +and can be run in the {product-title} cluster as usual. + +.Procedure + +. Create a service account: ++ +[source,yaml] +---- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: manila-provisioner-runner +---- + +. Create a ClusterRole: ++ +[source,yaml] +---- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: manila-provisioner-role +rules: + - apiGroups: [""] + resources: ["persistentvolumes", "endpoints"] + verbs: ["get", "list", "watch", "create", "delete", "update"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["get", "list", "watch", "update"] + - apiGroups: ["storage.k8s.io"] + resources: ["storageclasses"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["list", "watch", "create", "update", "patch"] + - apiGroups: ["v1"] + resources: ["secrets"] + verbs: ["get", "list"] +---- + +. Bind the rules via ClusterRoleBinding: ++ +[source,yaml] +---- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manila-provisioner +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manila-provisioner-role +subjects: +- kind: ServiceAccount + name: manila-provisioner-runner + namespace: default +---- + +. Create a new secret: ++ +[source,yaml] +---- +apiVersion: v1 +kind: Secret +metadata: + name: manila-secret <1> + namespace: default <2> +data: + os-authURL: + os-userName: + os-password: + os-projectName: + os-domainName: + os-region: +---- +<1> The secret name will be referenced by the Manila volume's +StorageClass. +<2> The secret namespace will be referenced by the Manila +volume's StorageClass. + +. Create a new StorageClass: ++ +[source,yaml] +---- +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: "manila-share" +provisioner: "externalstorage.k8s.io/manila" +parameters: + type: "default" <1> + zones: "nova" <2> + protocol: "NFS" <3> + backend: "nfs" <4> + osSecretName: "manila-secret" <5> + osSecretNamespace: "default" <6> + nfs-share-client: "0.0.0.0" <7> +---- +<1> The link:https://docs.openstack.org/manila/latest/admin/shared-file-systems-share-types.html[Manila share type] +the provisioner will create for the volume. This field is optional, +and defaults to `default`. +<2> Set of Manila availability zones that the volume might be created +in. This field is optional, and defaults to `nova`. +<3> Protocol used when provisioning a share. Valid options are +`NFS` and `CEPHFS`. This field is required. +<4> Backend share used for granting access and creating the +`PersistentVolumeSource`. Valid options are `nfs` and `cephfs`. +This field is required. +<5> Name of the secret object containing OpenStack credentials. +This field is required. +<6> Namespace of the OpenStack credentials secret object. This field +is optional, and defaults to `default`. +<7> Default NFS client for the share exported. This field is optional, +and is only used for the `NFS` protocol. Defaults to `0.0.0.0`. + +. Start the provisioner itself. The following example uses a Deployment: ++ +[source, yaml] +---- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: manila-provisioner +spec: + replicas: 1 + strategy: + type: Recreate + template: + metadata: + labels: + app: manila-provisioner + spec: + serviceAccountName: manila-provisioner-runner + containers: + - image: "registry.redhat.io/openshift/manila-provisioner:latest" + imagePullPolicy: "IfNotPresent" + name: manila-provisioner +---- diff --git a/modules/persistent-storage-manila-usage.adoc b/modules/persistent-storage-manila-usage.adoc new file mode 100644 index 0000000000..b09ae0e47b --- /dev/null +++ b/modules/persistent-storage-manila-usage.adoc @@ -0,0 +1,34 @@ +// Module included in the following assemblies: +// +// * storage/persistent-storage/persistent-storage-manila.adoc + +[id="persistent-storage-manila-usage-{context}"] += Provisioning an OpenStack Manila persistent volume + +OpenStack Manila shares are dynamically provisioned as needed. When the +PersistentVolumeClaim is deleted the provisioner will automatically +delete and unexport the OpenStack Manila share. + +.Prerequisites + +* The OpenStack Manila external provisioner must be installed. + +.Procedure + +* Create a PersistentVolumeClaim using the corresponding +StorageClass. ++ +[source,yaml] +---- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: manila-nfs-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2G + storageClassName: manila-share +---- diff --git a/storage/persistent-storage/persistent-storage-manila.adoc b/storage/persistent-storage/persistent-storage-manila.adoc new file mode 100644 index 0000000000..f9be3da492 --- /dev/null +++ b/storage/persistent-storage/persistent-storage-manila.adoc @@ -0,0 +1,28 @@ +[id="persistent-storage-using-manila"] += Persistent storage using OpenStack Manila +include::modules/common-attributes.adoc[] +:context: persistent-storage-manila + +toc::[] + +{product-title} is capable of provisioning PVs using the +link:https://wiki.openstack.org/wiki/Manila[OpenStack Manila] shared +file system service. + +It is assumed the OpenStack Manila service has been correctly set up and is +accessible from the {product-title} cluster. Only the NFS share type can be +provisioned. + +:FeatureName: OpenStack Manila persistent storage +include::modules/technology-preview.adoc[leveloffset=+0] + +.Additional resources + +* link:https://kubernetes.io/docs/concepts/storage/persistent-volumes/[Persistent volumes (PV)] +* link:https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims[Persistent volume claims (PVCs)] +* link:https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/[Dynamic provisioning] +* link:https://kubernetes.io/docs/admin/authorization/rbac/[RBAC authorization] + +include::modules/persistent-storage-manila-install.adoc[leveloffset=+1] + +include::modules/persistent-storage-manila-usage.adoc[leveloffset=+1]