Created
October 4, 2019 19:59
-
-
Save ShyamsundarR/f16d32e3edd5b38df50e90106674a943 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: PersistentVolume | |
metadata: | |
# Can be anything, but has to be matched at line 47 | |
# Also should avoid conflicts with existing PV names in the namespace | |
name: preprov-pv-cephfs-01 | |
spec: | |
accessModes: | |
- ReadWriteMany | |
capacity: | |
storage: 5Gi | |
csi: | |
driver: rook-ceph.cephfs.csi.ceph.com | |
nodeStageSecretRef: | |
name: rook-ceph-csi | |
namespace: rook-ceph | |
volumeAttributes: | |
clusterID: rook-ceph | |
fsName: myfs | |
# The key "staticVolume" states this is pre-provisioned | |
# NOTE: This was "preProvisionedVolume: "true"" in Ceph-CSI versions 1.0 and below | |
staticVolume: "true" | |
# Path of the PV on the CephFS filesystem | |
rootPath: /staticpvs/pv-1 | |
# Can be anything, need not match PV name, or volumeName in PVC | |
# Retained as the same for simplicity and uniquness | |
volumeHandle: preprov-pv-cephfs-01 | |
# Reclaim policy must be "retain" as, | |
# deletion of pre-provisioned volumes is not supported | |
persistentVolumeReclaimPolicy: Retain | |
volumeMode: Filesystem | |
claimRef: | |
# Name should match "claimName" in PVC claim section | |
name: csi-cephfs-pvc-preprov | |
namespace: default | |
--- | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
name: csi-cephfs-pvc-preprov | |
spec: | |
accessModes: | |
- ReadWriteMany | |
resources: | |
requests: | |
storage: 5Gi | |
volumeName: preprov-pv-cephfs-01 | |
--- | |
apiVersion: v1 | |
kind: Pod | |
metadata: | |
name: csicephfs-preprov-demo-pod | |
spec: | |
containers: | |
- image: busybox | |
name: busybox | |
command: | |
- sleep | |
- "3600" | |
imagePullPolicy: IfNotPresent | |
volumeMounts: | |
- name: mypvc | |
mountPath: /mnt | |
volumes: | |
- name: mypvc | |
persistentVolumeClaim: | |
claimName: csi-cephfs-pvc-preprov |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No, thank you.
The step to create a client key and a secret is a choice for security conscious setups. You could use a single secret across all static PVs that are created. This secret can be in any namespace, but the namespace needs to be reflected in here.
The above reduces it to a single secret creation step.
I am not aware of how flexVolume worked, so not commenting on the same.
With
provisionVolume: false
the method of using static PVs was to request for one dynamically, and the provisioner detecting it as a pre-provisioned PV and hence using the same secret as that used by the CSI plugins. The entire provisioning step (and hence de-provisioning) was superfluous, and the intention was to go with kubernetes based static PV definitions instead.