starlingx/docs
Code Issues Proposed changes
docs/doc/source/storage/kubernetes/enable-readwriteonce-pvc-support-in-additional-namespaces.rst
Litao Gao 22f58200f6 Adjustment for the kubernetes 1.24 behavior change 
In K8s 1.24, when a ServiceAccount is created, no
more Secret is created automatically. Need to add
extra steps for secret creation.

Closes-bug: 1997750

Signed-off-by: Litao Gao <litao.gao@windriver.com>
Change-Id: Iffa965717b35c55e129e21eca79bfbb1f6668f5d
2022-12-01 23:04:24 -05:00

225 lines
12 KiB
ReStructuredText
Raw Blame History

.. vqw1561030204071
.. _enable-readwriteonce-pvc-support-in-additional-namespaces:
=========================================================
Enable ReadWriteOnce PVC Support in Additional Namespaces
=========================================================
The default general **rbd-provisioner** storage class is enabled for the
default, kube-system, and kube-public namespaces. To enable an additional
namespace, for example for an application-specific namespace, a
modification to the configuration \(helm overrides\) of the
|RBD| provisioner service is required.
.. rubric:: |context|
The following example illustrates the configuration of three additional
application-specific namespaces to access the |RBD| provisioner's **general storage class**.
.. note::
Due to limitations with templating and merging of overrides, the entire
storage class must be redefined in the override when updating specific
values.
.. rubric:: |proc|
#. List installed helm chart overrides for the platform-integ-apps.
.. code-block:: none
~(keystone_admin)$ system helm-override-list platform-integ-apps
+--------------------+----------------------+
| chart name | overrides namespaces |
+--------------------+----------------------+
| ceph-pools-audit | [u'kube-system'] |
| cephfs-provisioner | [u'kube-system'] |
| helm-toolkit | [] |
| rbd-provisioner | [u'kube-system'] |
+--------------------+----------------------+
#. Review existing overrides for the rbd-provisioner chart. You will refer
to this information in the following step.
.. code-block:: none
~(keystone_admin)$ system helm-override-show platform-integ-apps rbd-provisioner kube-system
+--------------------+--------------------------------------------------+
| Property | Value |
+--------------------+--------------------------------------------------+
| combined_overrides | classdefaults: |
| | adminId: admin |
| | adminSecretName: ceph-admin |
| | monitors: |
| | - 192.168.204.4:6789 |
| | - 192.168.204.2:6789 |
| | - 192.168.204.3:6789 |
| | - 192.168.204.60:6789 |
| | classes: |
| | - additionalNamespaces: |
| | - default |
| | - kube-public |
| | chunk_size: 64 |
| | crush_rule_name: storage_tier_ruleset |
| | name: general |
| | pool_name: kube-rbd |
| | replication: 2 |
| | userId: ceph-pool-kube-rbd |
| | userSecretName: ceph-pool-kube-rbd |
| | global: |
| | defaultStorageClass: general |
| | replicas: 2 |
| | |
| name | rbd-provisioner |
| namespace | kube-system |
| system_overrides | classdefaults: |
| | adminId: admin |
| | adminSecretName: ceph-admin |
| | monitors: ['192.168.204.4:6789', |
| |'192.168.204.2:6789', '192.168.204.3:6789', |
| | '192.168.204.60:6789'] |
| | classes: |
| | - additionalNamespaces: [default, kube-public] |
| | chunk_size: 64 |
| | crush_rule_name: storage_tier_ruleset |
| | name: general |
| | pool_name: kube-rbd |
| | replication: 2 |
| | userId: ceph-pool-kube-rbd |
| | userSecretName: ceph-pool-kube-rbd |
| | global: {defaultStorageClass: general, replicas: |
| | 2} |
| | |
| user_overrides | None |
+--------------------+--------------------------------------------------+
#. Create an overrides yaml file defining the new namespaces. In this example we will create the file /home/sysadmin/update-namespaces.yaml with the following content:
.. code-block:: none
~(keystone_admin)]$ cat <<EOF > ~/update-namespaces.yaml
classes:
- additionalNamespaces: [default, kube-public, new-app, new-app2, new-app3]
chunk_size: 64
crush_rule_name: storage_tier_ruleset
name: general
pool_name: kube-rbd
replication: 2
userId: ceph-pool-kube-rbd
userSecretName: ceph-pool-kube-rbd
EOF
#. Apply the overrides file to the chart.
.. code-block:: none
~(keystone_admin)$ system helm-override-update --values /home/sysadmin/update-namespaces.yaml platform-integ-apps rbd-provisioner kube-system
+----------------+-----------------------------------------+
| Property | Value |
+----------------+-----------------------------------------+
| name | rbd-provisioner |
| namespace | kube-system |
| user_overrides | classes: |
| | - additionalNamespaces: |
| | - default |
| | - kube-public |
| | - new-app |
| | - new-app2 |
| | - new-app3 |
| | chunk_size: 64 |
| | crush_rule_name: storage_tier_ruleset |
| | name: general |
| | pool_name: kube-rbd |
| | replication: 2 |
| | userId: ceph-pool-kube-rbd |
| | userSecretName: ceph-pool-kube-rbd |
+----------------+-----------------------------------------+
#. Confirm that the new overrides have been applied to the chart.
The following output has been edited for brevity.
.. code-block:: none
~(keystone_admin)$ system helm-override-show platform-integ-apps rbd-provisioner kube-system
+---------------------+--------------------------------------+
| Property | Value |
+--------------------+------------------------------------- --+
| combined_overrides | ... |
| | |
| name | |
| namespace | |
| system_overrides | ... |
| | |
| | |
| user_overrides | classes: |
| | - additionalNamespaces: |
| | - default |
| | - kube-public |
| | - new-app |
| | - new-app2 |
| | - new-app3 |
| | chunk_size: 64 |
| | crush_rule_name: storage_tier_ruleset|
| | name: general |
| | pool_name: kube-rbd |
| | replication: 2 |
| | userId: ceph-pool-kube-rbd |
| | userSecretName: ceph-pool-kube-rbd |
+--------------------+----------------------------------------+
#. Apply the overrides.
#. Run the :command:`application-apply` command.
.. code-block:: none
~(keystone_admin)$ system application-apply platform-integ-apps
+---------------+----------------------------------+
| Property | Value |
+---------------+----------------------------------+
| active | True |
| app_version | 1.0-24 |
| created_at | 2019-05-26T06:22:20.711732+00:00 |
| manifest_file | manifest.yaml |
| manifest_name | platform-integration-manifest |
| name | platform-integ-apps |
| progress | None |
| status | applying |
| updated_at | 2019-05-26T22:27:26.547181+00:00 |
+---------------+----------------------------------+
#. Monitor progress using the :command:`application-list` command.
.. code-block:: none
~(keystone_admin)$ system application-list
+-------------+---------+---------------+---------------+---------+-----------+
| application | version | manifest name | manifest file | status | progress |
+-------------+---------+---------------+---------------+---------+-----------+
| platform- | 1.0-24 | platform | manifest.yaml | applied | completed |
| integ-apps | | -integration | | | |
| | | -manifest | | | |
+-------------+---------+---------------+---------------+---------+-----------+
You can now create and mount PVCs from the default |RBD| provisioner's
**general storage class**, from within these application-specific namespaces.
#. Apply the secret to the new rbd-provisioner namespace.
Check if the secret has been created in the new namespace by running the
following command:
.. code-block:: none
~(keystone_admin)$ kubectl get secret ceph-pool-kube-rbd -n <namespace>
If the secret has not been created in the new namespace, create it by
running the following command:
.. code-block:: none
~(keystone_admin)$ kubectl get secret ceph-pool-kube-rbd -n default -o yaml | grep -v '^\s*namespace:\s' | kubectl apply -n <namespace> -f -
View Git Blame Copy Permalink