Persistent Storage Using Azure File
cifs-utilson all nodes:
$ sudo yum install samba-client samba-common cifs-utils
Enable SELinux booleans on all nodes:
$ /usr/sbin/setsebool -P virt_use_samba on $ /usr/sbin/setsebool -P virt_sandbox_use_samba on
mountcommand to check
file_modepermissions, for example:
file_mode permissions are set to
0755, change the default value
0775. This manual step is required because the default
file_mode permissions changed from
0755 in OKD 3.9. The following examples show configuration files with the changed values.
The following file system features are not supported by Azure File:
Additionally, the owner user identifier (UID) of the Azure File mounted directory is different from the process UID of the container.
You might experience instability in your environment if you use any container images that use unsupported file system features. Containers for PostgreSQL and MySQL are known to have issues when used with Azure File.
If you use MySQL containers, you must modify the PV configuration as a workaround to a file ownership mismatch between the mounted directory UID and the container process UID. Make the following changes to your PV configuration file:
Specify the Azure File mounted directory UID in the
runAsUservariable in the PV configuration file:
spec: containers: ... securityContext: runAsUser: <mounted_dir_uid>
Specify the container process UID under
mountOptionsin the PV configuration file:
mountOptions: - dir_mode=0700 - file_mode=0600 - uid=<container_process_uid> - gid=0
The following example configuration file displays a PV configuration using Azure File:
apiVersion: "v1" kind: "PersistentVolume" metadata: name: "azpv" spec: capacity: storage: "1Gi" accessModes: - "ReadWriteMany" azureFile: secretName: azure-secret shareName: azftest readOnly: false mountOptions: - dir_mode=0777 - file_mode=0777
The following example configuration file displays a storage class using Azure File:
kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: azurefile provisioner: kubernetes.io/azure-file mountOptions: - dir_mode=0777 - file_mode=0777 parameters: storageAccount: ocp39str location: centralus
While Azure Disk is compatible with multiple regional clouds, Azure File supports only the Azure public cloud, because the endpoint is hard-coded.
Define the Azure Storage Account name and key in a secret configuration, which is then converted to base64 for use by OKD.
Obtain an Azure Storage Account name and key and encode to base64:
apiVersion: v1 kind: Secret metadata: name: azure-secret type: Opaque data: azurestorageaccountname: azhzdGVzdA== azurestorageaccountkey: eElGMXpKYm5ub2pGTE1Ta0JwNTBteDAyckhzTUsyc2pVN21GdDRMMTNob0I3ZHJBYUo4akQ2K0E0NDNqSm9nVjd5MkZVT2hRQ1dQbU02WWFOSHk3cWc9PQ==
Save the secret definition to a file, for example azure-secret.yaml, then create the secret:
$ oc create -f azure-secret.yaml
Verify that the secret was created:
$ oc get secret azure-secret NAME TYPE DATA AGE azure-secret Opaque 1 23d
Define the PV in an object definition before creating it in OKD:PV object definition using Azure File example
apiVersion: "v1" kind: "PersistentVolume" metadata: name: "pv0001" (1) spec: capacity: storage: "5Gi" (2) accessModes: - "ReadWriteMany" azureFile: (3) secretName: azure-secret (4) shareName: example (5) readOnly: false (6)
1 The name of the volume. This is how it is identified via PV claims or from pods. 2 The amount of storage allocated to this volume. 3 This defines the volume type being used: azureFile plug-in. 4 The name of the secret used. 5 The name of the file share. 6 Defaults to
ReadOnlyhere forces the
Save your definition to a file, for example azure-file-pv.yaml, and create the PV:
$ oc create -f azure-file-pv.yaml persistentvolume "pv0001" created
Verify that the PV was created:
$ oc get pv NAME LABELS CAPACITY ACCESSMODES STATUS CLAIM REASON AGE pv0001 <none> 5Gi RWM Available 2s
You can now request storage using PV claims, which can now use your new PV.
PV claims only exist in the user’s namespace and can only be referenced by a pod within that same namespace. Any attempt to access a PV from a different namespace causes the pod to fail.