Verify that the storage exists in the underlying infrastructure before mounting
it as a volume in OpenShift Container Platform. All that is required for the iSCSI is the
iSCSI target portal, a valid iSCSI Qualified Name (IQN), a valid LUN number, the
filesystem type, and the PersistentVolume
API.
Optionally, multipath portals and Challenge Handshake Authentication Protocol (CHAP)
configuration can be provided.
Example 1. Persistent Volume Object Definition
apiVersion: v1
kind: PersistentVolume
metadata:
name: iscsi-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
iscsi:
targetPortal: 10.16.154.81:3260
portals: ['10.16.154.82:3260', '10.16.154.83:3260']
iqn: iqn.2014-12.example.server:storage.target00
lun: 0
fsType: 'ext4'
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: chap-secret
Enforcing Disk Quotas
Use LUN partitions to enforce disk quotas and size constraints. Each LUN is one persistent volume. Kubernetes enforces
unique names for persistent volumes.
Enforcing quotas in this way allows the end user to request persistent storage
by a specific amount (e.g, 10Gi) and be matched with a corresponding volume of
equal or greater capacity.
iSCSI Volume Security
Users request storage with a PersistentVolumeClaim
. This claim only lives in
the user’s namespace and can only be referenced by a pod within that same
namespace. Any attempt to access a persistent volume across a namespace causes
the pod to fail.
Each iSCSI LUN must be accessible by all nodes in the cluster.
iSCSI Multipathing
For iSCSI-based storage, you can configure multiple paths by using the same IQN for more than one target portal IP address. Multipathing ensures access to the persistent volume when one or more of the components in a path fail.
To specify multi-paths in pod specification use the portals
field. For example:
apiVersion: v1
kind: PersistentVolume
metadata:
name: iscsi-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
iscsi:
targetPortal: 10.0.0.1:3260
portals: ['10.0.2.16:3260', '10.0.2.17:3260', '10.0.2.18:3260'] (1)
iqn: iqn.2016-04.test.com:storage.target00
lun: 0
fsType: ext4
readOnly: false
1 |
Add additional target portals using the portals field. |
iSCSI Custom Initiator IQN
Configure the custom initiator iSCSI Qualified Name (IQN) if the iSCSI targets are restricted to certain IQNs, but the nodes that the iSCSI PVs are attached to are not guaranteed to have these IQNs.
To specify custom initiator IQN, use initiatorName
field.
apiVersion: v1
kind: PersistentVolume
metadata:
name: iscsi-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
iscsi:
targetPortal: 10.0.0.1:3260
portals: ['10.0.2.16:3260', '10.0.2.17:3260', '10.0.2.18:3260']
iqn: iqn.2016-04.test.com:storage.target00
lun: 0
initiatorName: iqn.2016-04.test.com:custom.iqn (1)
fsType: ext4
readOnly: false
1 |
To add an additional custom initiator IQN, use initiatorName field. |