An external provisioner is an application that enables dynamic provisioning for a particular storage provider. External provisioners can run alongside the provisioner plug-ins provided by {product-title} and are configured in a similar way as the StorageClass objects are configured, as described in the Dynamic Provisioning and Creating Storage Classes section. Since these provisioners are external, you can deploy and update them independently of {product-title}.
An Ansible Playbook is also available to deploy and upgrade external provisioners.
|
Note
|
Before proceeding, familiarize yourself with the Configuring Cluster Metrics and the Configuring Cluster Logging sections. |
The OpenShift Ansible openshift_provisioners role configures and deploys
external provisioners using the variables from the
Ansible
inventory file. You must specify which provisioners to install by overriding
their respective install variables to true.
Following is a list of role variables that apply to all provisioners for
which the install variable is true.
| Variable | Description |
|---|---|
|
If |
|
The prefix for the component images. For example, with |
|
The version for the component images. For example, with |
|
The project to deploy provisioners in. Defaults to |
The AWS EFS provisioner dynamically provisions NFS PVs backed by dynamically created directories in a given EFS file system’s directory. You must satisfy the following requirements before the AWS EFS Provisioner Ansible variables can be configured:
-
An IAM user assigned with the AmazonElasticFileSystemReadOnlyAccess policy (or better).
-
An EFS file system in your cluster’s region.
-
Mount targets and security groups such that any node (in any zone in the cluster’s region) can mount the EFS file system by its File system DNS name.
| Variable | Description |
|---|---|
|
The File system ID of the EFS file system, for example: |
|
The Amazon EC2 region for the EFS file system. |
|
The AWS access key of the IAM user (to check that the specified EFS file system exists). |
|
The AWS secret access key of the IAM user (to check that the specified EFS file system exists). |
| Variable | Description |
|---|---|
|
If |
|
The path of the directory in the EFS file
system, in which the EFS provisioner will create a directory to back each PV it
creates. It must exist and be mountable by the EFS provisioner. Defaults to
|
|
The |
|
A map of labels to select the nodes
where the pod will land. For example: |
|
The supplemental group to give
the pod, in case it is needed for permission to write to the EFS file system.
Defaults to |
You can deploy all provisioners at once or one provisioner at a time according to the configuration specified in the OpenShift Ansible variables. The following example shows you how to deploy a given provisioner and then create and configure a corresponding StorageClass.
The following command sets the directory in the EFS volume to
/data/persistentvolumes. This directory must exist in the file system and must
be mountable and writeable by the provisioner pod.
$ ansible-playbook <OPENSHIFT_ANSIBLE_DIR>/playbooks/openshift-provisioners/config.yml \ -e openshift_provisioners_install_provisioners=True \ -e openshift_provisioners_efs=True \ -e openshift_provisioners_efs_fsid=fs-47a2c22e \ -e openshift_provisioners_efs_region=us-west-2 \ -e openshift_provisioners_efs_aws_access_key_id=AKIAIOSFODNN7EXAMPLE \ -e openshift_provisioners_efs_aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \ -e openshift_provisioners_efs_path=/data/persistentvolumes
For information on allowing the provisioner pod to write to EFS directory (which is a remote NFS directory), see the SELinux section of NFS Volume Security topic. The same information applies for allowing other pods to consume the NFS volumes provisioned by the provisioner pod.
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
metadata:
name: slow
provisioner: openshift.org/aws-efs (1)
parameters:
gidMin: "40000" (2)
gidMax: "50000" (3)-
Set this value same as the value of
openshift_provisioners_efs_namevariable, which defaults toopenshift.org/aws-efs. -
The minimum value of GID range for the StorageClass. (Optional)
-
The maximum value of GID range for the StorageClass. (Optional)
Each dynamically provisioned volume’s corresponding NFS directory is assigned a
unique GID owner from the range gidMin-gidMax. If it is not specified,
gidMin defaults to 2000 and gidMax defaults to 2147483647. Any pod that
consumes a provisioned volume via a claim automatically runs with the needed GID
as a supplemental group and is able to read & write to the volume. Other
mounters that do not have the supplemental group (and are not running as root)
will not be able to read or write to the volume. For more information on using
the supplemental groups to manage NFS access, see the Group IDs section of NFS Volume Security topic.