Verify that the storage exists in the underlying infrastructure before mounting
it as a volume in OpenShift Container Platform. All that is required for the iSCSI is the
iSCSI target portal, a valid iSCSI Qualified Name (IQN), a valid LUN number, the
filesystem type, and the PersistentVolume
API.
Optionally, multipath portals and Challenge Handshake Authentication Protocol (CHAP)
configuration can be provided.
|
iSCSI does not support the 'Recycle' reclaim policy.
|
example 1. Persistent Volume Object Definition
apiVersion: v1
kind: PersistentVolume
metadata:
name: iscsi-pv
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
iscsi:
targetPortal: 10.16.154.81
iqn: iqn.2014-12.example.server:storage.target00
lun: 0
fsType: 'ext4'
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: chap-secret
enforcing Disk Quotas
Use LUN partitions to enforce disk quotas and size constraints. each LUN is one persistent volume. Kubernetes enforces
unique names for persistent volumes.
enforcing quotas in this way allows the end user to request persistent storage
by a specific amount (e.g, 10Gi) and be matched with a corresponding volume of
equal or greater capacity.
iSCSI Volume Security
Users request storage with a PersistentVolumeClaim
. This claim only lives in
the user’s namespace and can only be referenced by a pod within that same
namespace. Any attempt to access a persistent volume across a namespace causes
the pod to fail.
each iSCSI LUN must be accessible by all nodes in the cluster.