OpenShift Container Platform is capable of provisioning PVs using the OpenStack Manila shared file system service.

It is assumed the OpenStack Manila service has been correctly set up and is accessible from the OpenShift Container Platform cluster. Only the NFS share type can be provisioned.

OpenStack Manila persistent storage is a Technology Preview release only. Technology Preview releases are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete, and Red Hat does not recommend using them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information see Red Hat Technology Preview Features Support Scope.

Installing the external provisioner

To use OpenStack Manila persistent storage you must install and configure an external provisioner in the OpenShift Container Platform cluster.

The external provisioner is distributed as a container image and can be run in the OpenShift Container Platform cluster as usual.

Procedure
  1. Create a service account:

    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: manila-provisioner-runner
  2. Create a ClusterRole:

    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1
    metadata:
      name: manila-provisioner-role
    rules:
      - apiGroups: [""]
        resources: ["persistentvolumes", "endpoints"]
        verbs: ["get", "list", "watch", "create", "delete", "update"]
      - apiGroups: [""]
        resources: ["persistentvolumeclaims"]
        verbs: ["get", "list", "watch", "update"]
      - apiGroups: ["storage.k8s.io"]
        resources: ["storageclasses"]
        verbs: ["get", "list", "watch"]
      - apiGroups: [""]
        resources: ["events"]
        verbs: ["list", "watch", "create", "update", "patch"]
      - apiGroups: ["v1"]
        resources: ["secrets"]
        verbs: ["get", "list"]
  3. Bind the rules via ClusterRoleBinding:

    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: manila-provisioner
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: manila-provisioner-role
    subjects:
    - kind: ServiceAccount
      name: manila-provisioner-runner
      namespace: default
  4. Create a new secret:

    apiVersion: v1
    kind: Secret
    metadata:
      name: manila-secret (1)
      namespace: default (2)
    data:
      os-authURL: <base64 encoded OpenStack Keystone URL>
      os-userName: <base64 encoded Manila username>
      os-password: <base64 encoded password>
      os-projectName: <base64 encoded OpenStack project (tenant) name>
      os-domainName: <base64 encoded OpenStack Manila service domain>
      os-region: <base64 encoded OpenStack region>
    1 The secret name will be referenced by the Manila volume’s StorageClass.
    2 The secret namespace will be referenced by the Manila volume’s StorageClass.
  5. Create a new StorageClass:

    apiVersion: storage.k8s.io/v1
    kind: StorageClass
    metadata:
      name: "manila-share"
    provisioner: "externalstorage.k8s.io/manila"
    parameters:
      type: "default" (1)
      zones: "nova" (2)
      protocol: "NFS" (3)
      backend: "nfs" (4)
      osSecretName: "manila-secret" (5)
      osSecretNamespace: "default" (6)
      nfs-share-client: "0.0.0.0" (7)
    1 The Manila share type the provisioner will create for the volume. This field is optional, and defaults to default.
    2 Set of Manila availability zones that the volume might be created in. This field is optional, and defaults to nova.
    3 Protocol used when provisioning a share. Valid options are NFS and CEPHFS. This field is required.
    4 Backend share used for granting access and creating the PersistentVolumeSource. Valid options are nfs and cephfs. This field is required.
    5 Name of the secret object containing OpenStack credentials. This field is required.
    6 Namespace of the OpenStack credentials secret object. This field is optional, and defaults to default.
    7 Default NFS client for the share exported. This field is optional, and is only used for the NFS protocol. Defaults to 0.0.0.0.
  6. Start the provisioner itself. The following example uses a Deployment:

    kind: Deployment
    apiVersion: apps/v1
    metadata:
      name: manila-provisioner
    spec:
      replicas: 1
      strategy:
        type: Recreate
      template:
        metadata:
          labels:
            app: manila-provisioner
        spec:
          serviceAccountName: manila-provisioner-runner
          containers:
            - image: "registry.redhat.io/openshift/manila-provisioner:latest"
              imagePullPolicy: "IfNotPresent"
              name: manila-provisioner

Provisioning an OpenStack Manila persistent volume

OpenStack Manila shares are dynamically provisioned as needed. When the PersistentVolumeClaim is deleted the provisioner will automatically delete and unexport the OpenStack Manila share.

Prerequisites
  • The OpenStack Manila external provisioner must be installed.

Procedure
  • Create a PersistentVolumeClaim using the corresponding StorageClass.

    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: manila-nfs-pvc
    spec:
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 2G
      storageClassName: manila-share