apiVersion: v1
kind: Secret
metadata:
name: endpoint-secret (1)
labels:
app: containerized-data-importer
type: Opaque
data:
accessKeyId: "" (2)
secretKey: "" (3)
Use the Containerized Data Importer (CDI) to import a virtual machine image into a persistent volume claim (PVC) by using a data volume. You can attach a data volume to a virtual machine for persistent storage.
The virtual machine image can be hosted at an HTTP or HTTPS endpoint, or built into a container disk and stored in a container registry.
When you import a disk image into a PVC, the disk image is expanded to use the full storage capacity that is requested in the PVC. To use this space, the disk partitions and file system(s) in the virtual machine might need to be expanded. The resizing procedure varies based on the operating system installed on the virtual machine. See the operating system documentation for details. |
If the endpoint requires a TLS certificate, the certificate must be included in a config map in the same namespace as the data volume and referenced in the data volume configuration.
To import a container disk:
You might need to prepare a container disk from a virtual machine image and store it in your container registry before importing it.
If the container registry does not have TLS, you must add the registry to the insecureRegistries
field of the HyperConverged
custom resource before you can import a container disk from it.
You might need to define a storage class or prepare CDI scratch space for this operation to complete successfully.
This matrix shows the supported CDI operations for content types against endpoints, and which of these operations requires scratch space.
Content types | HTTP | HTTPS | HTTP basic auth | registry | Upload |
---|---|---|---|---|---|
KubeVirt (QCOW2) |
✓ QCOW2 |
✓ QCOW2** |
✓ QCOW2 |
✓ QCOW2* |
✓ QCOW2* |
KubeVirt (RAW) |
✓ RAW |
✓ RAW |
✓ RAW |
✓ RAW* |
✓ RAW* |
✓ Supported operation
□ Unsupported operation
* Requires scratch space
** Requires scratch space if a custom certificate authority is required
CDI now uses the OpenShift Container Platform cluster-wide proxy configuration. |
DataVolume
objects are custom resources that are provided by the Containerized
Data Importer (CDI) project. Data volumes orchestrate import, clone, and upload
operations that are associated with an underlying persistent volume claim (PVC).
Data volumes are integrated with OpenShift Virtualization, and they prevent a virtual machine
from being started before the PVC has been prepared.
You can import a virtual machine image into storage by using a data volume.
The virtual machine image can be hosted at an HTTP or HTTPS endpoint or the image can be built into a container disk and stored in a container registry.
You specify the data source for the image in a VirtualMachine
configuration file. When the virtual machine is created, the data volume with the virtual machine image is imported into storage.
To import a virtual machine image you must have the following:
A virtual machine disk image in RAW, ISO, or QCOW2 format, optionally compressed by using xz
or gz
.
An HTTP or HTTPS endpoint where the image is hosted, along with any authentication credentials needed to access the data source.
To import a container disk, you must have a virtual machine image built into a container disk and stored in a container registry, along with any authentication credentials needed to access the data source.
If the virtual machine must communicate with servers that use self-signed certificates or certificates not signed by the system CA bundle, you must create a config map in the same namespace as the data volume.
If your data source requires authentication, create a Secret
manifest, specifying the data source credentials, and save it as endpoint-secret.yaml
:
apiVersion: v1
kind: Secret
metadata:
name: endpoint-secret (1)
labels:
app: containerized-data-importer
type: Opaque
data:
accessKeyId: "" (2)
secretKey: "" (3)
1 | Specify the name of the Secret . |
2 | Specify the Base64-encoded key ID or user name. |
3 | Specify the Base64-encoded secret key or password. |
Apply the Secret
manifest:
$ oc apply -f endpoint-secret.yaml
Edit the VirtualMachine
manifest, specifying the data source for the virtual machine image you want to import, and save it as vm-fedora-datavolume.yaml
:
apiVersion: kubevirt.io/v1 kind: VirtualMachine metadata: creationTimestamp: null labels: kubevirt.io/vm: vm-fedora-datavolume name: vm-fedora-datavolume (1) spec: dataVolumeTemplates: - metadata: creationTimestamp: null name: fedora-dv (2) spec: storage: resources: requests: storage: 10Gi storageClassName: local source: http: (3) url: "https://mirror.arizona.edu/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" (4) secretRef: endpoint-secret (5) certConfigMap: "" (6) status: {} running: true template: metadata: creationTimestamp: null labels: kubevirt.io/vm: vm-fedora-datavolume spec: domain: devices: disks: - disk: bus: virtio name: datavolumedisk1 machine: type: "" resources: requests: memory: 1.5Gi terminationGracePeriodSeconds: 180 volumes: - dataVolume: name: fedora-dv name: datavolumedisk1 status: {}
1 | Specify the name of the virtual machine. |
2 | Specify the name of the data volume. |
3 | Specify http for an HTTP or HTTPS endpoint. Specify registry for a container disk image imported from a registry. |
4 | Specify the URL or registry endpoint of the virtual machine image you want to import. This example references a virtual machine image at an HTTPS endpoint. An example of a container registry endpoint is url: "docker://kubevirt/fedora-cloud-container-disk-demo:latest" . |
5 | Specify the Secret name if you created a Secret for the data source. |
6 | Optional: Specify a CA certificate config map. |
Create the virtual machine:
$ oc create -f vm-fedora-datavolume.yaml
The Data volume provisioning happens in the background, so there is no need to monitor the process. |
The importer pod downloads the virtual machine image or container disk from the specified URL and stores it on the provisioned PV. View the status of the importer pod by running the following command:
$ oc get pods
Monitor the data volume until its status is Succeeded
by running the following command:
$ oc describe dv fedora-dv (1)
1 | Specify the data volume name that you defined in the VirtualMachine manifest. |
Verify that provisioning is complete and that the virtual machine has started by accessing its serial console:
$ virtctl console vm-fedora-datavolume
Configure preallocation mode to improve write performance for data volume operations.