Dynamic Provisioning

StorageOS volumes can be created on-demand through dynamic provisioning.

  1. Create the secret needed to authenticate against the StorageOS API.
  2. Adminstrators create storage classes to define different types of storage.
  3. Users create a persistent volume claim (PVC).
  4. The user references the PVC in a pod.

The StorageOS Helm chart includes the secret and storage class, so you may skip to step 3 to provision volumes.

1. Create secret

You need to provide the correct credentials to authenticate against the StorageOS API using Kubernetes secrets. The configuration secret supports the following parameters:

  • apiAddress: The address of the StorageOS API. Defaults to tcp://localhost:5705.
  • apiUsername: The username to authenticate to the StorageOS API with.
  • apiPassword: The password to authenticate to the StorageOS API with.
  • apiVersion: The API version. Defaults to 1.

The StorageOS provider has been pre-configured to use the StorageOS API defaults. If you have changed the API port, removed the default account or changed its password (recommended), you must specify the new settings in apiAddress, apiUsername and apiPassword, encoded as base64 strings.

echo -n "tcp://" | base64

Create the secret:

cat > storageos-secret.yaml <<EOF
apiVersion: v1
kind: Secret
  name: storageos-secret
type: "kubernetes.io/storageos"
  apiAddress: dGNwOi8vMTI3LjAuMC4xOjU3MDU=
  apiUsername: c3RvcmFnZW9z
  apiPassword: c3RvcmFnZW9z
kubectl create -f storageos-secret.yaml
secret "storageos-secret" created

Verify the secret:

kubectl describe secret storageos-secret
Name:		storageos-secret
Namespace:	default
Labels:		<none>
Annotations:	<none>

Type:	kubernetes.io/storageos

apiAddress:	20 bytes
apiPassword:	8 bytes
apiUsername:	8 bytes

For dynamically provisioned volumes using storage classes, the secret can be created in any namespace. Note that you would want this to be an admin-controlled namespace with restricted access to users. Specify the secret namespace as parameter adminSecretNamespace and name as parameter adminSecretName in storage classes.

For Persistent Volumes, secrets must be created in the Pod namespace. Specify the secret name using the secretName parameter when attaching existing volumes in Pods or creating new persistent volumes.

Mutiple credentials can be used by creating different secrets.

The Kubernetes master needs to be able to access the api, so if the master doesn’t run the storageos container then a LoadBalancer ip may be needed.

2. Create storage class

StorageOS supports the following storage class parameters:

  • pool: The name of the StorageOS distributed capacity pool to provision the volume from; defaults to default.
  • description: The description to assign to volumes that were created dynamically. All volume descriptions will be the same for the storage class, but different storage classes can be used to allow descriptions for different use cases. Defaults to Kubernetes volume.
  • fsType: The default filesystem type to request. Note that user-defined rules within StorageOS may override this value. Defaults to ext4.
  • adminSecretNamespace: The namespace where the API configuration secret is located. Required if adminSecretName set.
  • adminSecretName: The name of the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

Create a fast storage class backed by StorageOS:

cat > storageos-sc.yaml <<EOF
kind: StorageClass
apiVersion: storage.k8s.io/v1beta1
  name: fast
provisioner: kubernetes.io/storageos
  pool: default
  description: Kubernetes volume
  fsType: ext4
  adminSecretNamespace: default
  adminSecretName: storageos-secret
kubectl create -f storageos-sc.yaml

Verify the storage class has been created:

kubectl describe storageclass fast
Name:           fast
IsDefaultClass: No
Annotations:    <none>
Provisioner:    kubernetes.io/storageos
Parameters:     description=Kubernetes volume,fsType=ext4,pool=default
No events.

3. Create persistent volume claim

Create the PVC which uses the fast storage class:

cat > storageos-sc-pvc.yaml <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
  name: fast0001
    volume.beta.kubernetes.io/storage-class: fast
     - ReadWriteOnce
     storage: 5Gi
kubectl create -f storageos-sc-pvc.yaml

Verify the pvc has been created:

kubectl describe pvc fast0001
Name:         fast0001
Namespace:    default
StorageClass: fast
Status:       Bound
Volume:       pvc-480952e7-f8e0-11e6-af8c-08002736b526
Labels:       <none>
Capacity:     5Gi
Access Modes: RWO

A new persistent volume will also be created and bound to the pvc:

kubectl describe pv pvc-480952e7-f8e0-11e6-af8c-08002736b526
Name:            pvc-480952e7-f8e0-11e6-af8c-08002736b526
Labels:          storageos.driver=filesystem
StorageClass:    fast
Status:          Bound
Claim:           default/fast0001
Reclaim Policy:  Delete
Access Modes:    RWO
Capacity:        5Gi
   Type:            StorageOS (a StorageOS Persistent Disk resource)
   VolumeName:      pvc-480952e7-f8e0-11e6-af8c-08002736b526
   VolumeNamespace: default
   FSType:          ext4
   ReadOnly:        false
No events.

4. Create pod

Create the pod which uses the PVC:

cat > storageos-sc-pvcpod.yaml <<EOF
apiVersion: v1
kind: Pod
   name: redis
   role: master
 name: test-storageos-redis-sc-pvc
   - name: master
     image: kubernetes/redis:v1
       - name: MASTER
         value: "true"
       - containerPort: 6379
         cpu: "0.1"
       - mountPath: /redis-master-data
         name: redis-data
   - name: redis-data
       claimName: fast0001
kubectl create -f storageos-sc-pvcpod.yaml

Verify that the pod has been created:

kubectl get pods
NAME                          READY     STATUS    RESTARTS   AGE
test-storageos-redis-sc-pvc   1/1       Running   0          44s