$ sudo yum install samba-client samba-common cifs-utils- Documentation
- OKD
- Installation and Configuration
- Configuring Persistent Storage
- Using Azure File
You are viewing documentation for a release that is no longer maintained. To view the documentation for the most recent version, see the latest OKD docs.
- About
- What's New?
- Getting Started
- Architecture
- Container Security Guide
- Installation and Configuration
- Overview
- Installing a Cluster
- Setting up the Registry
- Setting up a Router
- Master and Node Configuration
- OpenShift Ansible Broker Configuration
- Adding Hosts to an Existing Cluster
- Loading the Default Image Streams and Templates
- Configuring Custom Certificates
- Redeploying Certificates
- Configuring Authentication and User Agent
- Syncing Groups With LDAP
- Configuring LDAP failover
- Configuring the SDN
- Configuring Nuage SDN
- Configuring for AWS
- Configuring for OpenStack
- Configuring for GCE
- Configuring for Azure
- Configuring for VMWare vSphere
- Configuring for local Volume
- Configuring Persistent Storage
- Overview
- Using NFS
- Using GlusterFS
- Using OpenStack Cinder
- Using Ceph RBD
- Using AWS Elastic Block Store
- Using GCE Persistent Disk
- Using iSCSI
- Using Fibre Channel
- Using Azure Disk
- Using Azure File
- Using FlexVolume
- Using VMware vSphere volumes for persistent storage
- Using Local Volume
- Dynamic Provisioning and Creating Storage Classes
- Volume Security
- Selector-Label Volume Binding
- Enabling Controller-managed Attachment and Detachment
- Persistent Storage Examples
- Overview
- Sharing an NFS PV Across Two Pods
- Using Ceph RBD for persistent storage
- Using Ceph RBD for dynamic provisioning
- Complete Example Using GlusterFS
- Dynamic Provisioning Example Using Containerized GlusterFS
- Dynamic Provisioning Example Using Dedicated GlusterFS
- Containerized Heketi for Managing Dedicated GlusterFS
- Mounting Volumes To Privileged Pods
- Backing Docker Registry with GlusterFS Storage
- Binding Persistent Volumes by Label
- Using StorageClasses for Dynamic Provisioning
- Using StorageClasses for Existing Legacy Storage
- Configuring Azure Blob Storage for Integrated Docker Registry
- Working with HTTP Proxies
- Configuring Global Build Defaults and Overrides
- Configuring Pipeline Execution
- Configuring Route Timeouts
- Configuring Native Container Routing
- Routing from Edge Load Balancers
- Aggregating Container Logs
- Aggregate Logging Sizing Guidelines
- Enabling Cluster Metrics
- Customizing the Web Console
- Deploying External Persistent Volume Provisioners
- Upgrading Clusters
- Day Two Operations Guide
- Cluster Administration
- Overview
- Managing Nodes
- Restoring your cluster
- Replacing a master host
- Managing Users
- Managing Projects
- Managing Pods
- Managing Networking
- Configuring Service Accounts
- Managing Role-based Access Control
- Image Policy
- Image Signatures
- Scoped Tokens
- Monitoring Images
- Managing Security Context Constraints
- Scheduling
- Setting Quotas
- Setting Multi-Project Quotas
- Setting Limit Ranges
- Pruning Objects
- Extending the Kubernetes API with Custom Resources
- Garbage Collection
- Allocating Node Resources
- Opaque Integer Resources
- Overcommitting
- Assigning Unique External IPs for Ingress Traffic
- Out of Resource Handling
- Monitoring and Debugging Routers
- High Availability
- IPtables
- Securing Builds by Strategy
- Restricting Application Capabilities Using Seccomp
- Sysctls
- Encrypting Data at Datastore Layer
- Encrypting Hosts with IPsec
- Building Dependency Trees
- Replacing a failed etcd member
- Restoring etcd quorum
- Troubleshooting Networking
- Diagnostics Tool
- Idling Applications
- Analyzing Cluster Capacity
- Scaling and Performance Guide
- CLI Reference
- Developer Guide
- Overview
- Application Life Cycle Management
- Authentication
- Authorization
- Projects
- Migrating Applications
- Tutorials
- Builds
- Deployments
- Templates
- Opening a Remote Shell to Containers
- Service Accounts
- Managing Images
- Quotas and Limit Ranges
- Injecting Information into Pods Using Pod Presets
- Getting Traffic into a Cluster
- Routes
- Integrating External Services
- Secrets
- ConfigMaps
- Downward API
- Projected Volumes
- Using Daemonsets
- Pod Autoscaling
- Managing Volumes
- Using Persistent Volumes
- Executing Remote Commands
- Copying Files
- Port Forwarding
- Shared Memory
- Application Health
- Events
- Managing Environment Variables
- Jobs
- OpenShift Pipeline
- Cron Jobs
- Create from URL
- Creating Images
- Using Images
- Ansible Playbook Bundle Development Guide
- REST API Reference
- Overview
- Examples
- /api/v1
- v1.APIResourceList
- v1.APIVersions
- v1.Binding
- v1.ComponentStatus
- v1.ConfigMap
- v1.Endpoints
- v1.Event
- v1.LimitRange
- v1.Namespace
- v1.Node
- v1.PersistentVolume
- v1.PersistentVolumeClaim
- v1.Pod
- v1.PodTemplate
- v1.ReplicationController
- v1.ResourceQuota
- v1.Secret
- v1.SecurityContextConstraints
- v1.Service
- v1.ServiceAccount
- /apis/v1
- /apis/apps/v1beta1
- /apis/autoscaling/v1
- /apis/batch/v1
- /apis/batch/v2alpha1
- /apis/extensions/v1beta1
- /apis/policy/v1beta1
- /apis/authentication.k8s.io/v1
- /apis/authentication.k8s.io/v1beta1
- /apis/authorization.k8s.io/v1
- /apis/authorization.k8s.io/v1beta1
- /apis/rbac.authorization.k8s.io/v1beta1
- /apis/certificates.k8s.io/v1beta1
- /apis/networking.k8s.io/v1
- /apis/storage.k8s.io/v1
- /apis/storage.k8s.io/v1beta1
- /apis/apps.openshift.io/v1
- /apis/authorization.openshift.io/v1
- /apis/build.openshift.io/v1
- /apis/image.openshift.io/v1
- /apis/network.openshift.io/v1
- /apis/oauth.openshift.io/v1
- /apis/project.openshift.io/v1
- /apis/quota.openshift.io/v1
- /apis/route.openshift.io/v1
- /apis/security.openshift.io/v1
- /apis/template.openshift.io/v1
- /apis/user.openshift.io/v1
- /oapi/v1
- v1.AppliedClusterResourceQuota
- v1.Build
- v1.BuildConfig
- v1.ClusterNetwork
- v1.ClusterResourceQuota
- v1.ClusterRole
- v1.ClusterRoleBinding
- v1.DeploymentConfig
- v1.DeploymentConfigRollback
- v1.EgressNetworkPolicy
- v1.Group
- v1.HostSubnet
- v1.Identity
- v1.Image
- v1.ImageSignature
- v1.ImageStream
- v1.ImageStreamImage
- v1.ImageStreamImport
- v1.ImageStreamMapping
- v1.ImageStreamTag
- v1.LocalResourceAccessReview
- v1.LocalSubjectAccessReview
- v1.NetNamespace
- v1.OAuthAccessToken
- v1.OAuthAuthorizeToken
- v1.OAuthClient
- v1.OAuthClientAuthorization
- v1.PodSecurityPolicyReview
- v1.PodSecurityPolicySelfSubjectReview
- v1.PodSecurityPolicySubjectReview
- v1.ProcessedTemplate
- v1.Project
- v1.ProjectRequest
- v1.ResourceAccessReview
- v1.Role
- v1.RoleBinding
- v1.RoleBindingRestriction
- v1.Route
- v1.SelfSubjectRulesReview
- v1.SubjectAccessReview
- v1.SubjectRulesReview
- v1.Template
- v1.User
- v1.UserIdentityMapping
×
Persistent Storage Using Azure File
Overview
OKD supports Microsoft Azure File volumes. You can provision your OKD cluster with persistent storage using Azure. Some familiarity with Kubernetes and Azure is assumed.
|
High availability of storage in the infrastructure is left to the underlying storage provider. |
Before you begin
-
Install
samba-client,samba-common, andcifs-utilson all nodes: -
Enable SELinux booleans on all nodes:
$ /usr/sbin/setsebool -P virt_use_samba on $ /usr/sbin/setsebool -P virt_sandbox_use_samba on
|
Mount options are not available in OKD 3.7.43. You cannot use Azure File in OKD 3.7.43. To use Azure file, upgrade to OKD 3.7.46. |
Configuring Azure File for regional cloud
While Azure Disk is compatible with multiple regional clouds, Azure File supports only the Azure public cloud, because the endpoint is hard-coded.
Creating the Azure Storage Account secret
Define the Azure Storage Account name and key in a secret configuration, which is then converted to base64 for use by OKD.
-
Obtain an Azure Storage Account name and key and encode to base64:
apiVersion: v1 kind: Secret metadata: name: azure-secret type: Opaque data: azurestorageaccountname: azhzdGVzdA== azurestorageaccountkey: eElGMXpKYm5ub2pGTE1Ta0JwNTBteDAyckhzTUsyc2pVN21GdDRMMTNob0I3ZHJBYUo4akQ2K0E0NDNqSm9nVjd5MkZVT2hRQ1dQbU02WWFOSHk3cWc9PQ== -
Save the secret definition to a file, for example azure-secret.yaml, then create the secret:
$ oc create -f azure-secret.yaml -
Verify that the secret was created:
$ oc get secret azure-secret NAME TYPE DATA AGE azure-secret Opaque 1 23d -
Define the PV in an object definition before creating it in OKD:
PV object definition using Azure File exampleapiVersion: "v1" kind: "PersistentVolume" metadata: name: "pv0001" (1) spec: capacity: storage: "5Gi" (2) accessModes: - "ReadWriteMany" azureFile: (3) secretName: azure-secret (4) shareName: example (5) readOnly: false (6)1 The name of the volume. This is how it is identified via PV claims or from pods. 2 The amount of storage allocated to this volume. 3 This defines the volume type being used: azureFile plug-in. 4 The name of the secret used. 5 The name of the file share. 6 Defaults to false(read/write).ReadOnlyhere forces theReadOnlysetting inVolumeMounts. -
Save the definition to a file, for example azure-file-pv.yaml, and create the PV:
$ oc create -f azure-file-pv.yaml persistentvolume "pv0001" created -
Verify that the PV was created:
$ oc get pv NAME LABELS CAPACITY ACCESSMODES STATUS CLAIM REASON AGE pv0001 <none> 5Gi RWM Available 2s
Now you can request storage using PV claims, which can now use your new PV.
|
PV claims only exist in the user’s namespace and can only be referenced by a pod within that same namespace. Any attempt to access a PV from a different namespace causes the pod to fail. |