.. vqw1561030204071 .. _enable-readwriteonce-pvc-support-in-additional-namespaces: ========================================================= Enable ReadWriteOnce PVC Support in Additional Namespaces ========================================================= The default general **rbd-provisioner** storage class is enabled for the default, kube-system, and kube-public namespaces. To enable an additional namespace, for example for an application-specific namespace, a modification to the configuration (helm overrides) of the |RBD| provisioner service is required. .. rubric:: |context| The following example illustrates the configuration of three additional application-specific namespaces to access the |RBD| provisioner's **general storage class**. .. note:: Due to limitations with templating and merging of overrides, the entire storage class must be redefined in the override when updating specific values. .. rubric:: |proc| #. List installed helm chart overrides for the platform-integ-apps. .. code-block:: none ~(keystone_admin)$ system helm-override-list platform-integ-apps +--------------------+----------------------+ | chart name | overrides namespaces | +--------------------+----------------------+ | ceph-pools-audit | ['kube-system'] | | cephfs-provisioner | ['kube-system'] | | rbd-provisioner | ['kube-system'] | +--------------------+----------------------+ #. Review existing overrides for the rbd-provisioner chart. You will refer to this information in the following step. .. code-block:: none ~(keystone_admin)$ system helm-override-show platform-integ-apps rbd-provisioner kube-system +--------------------+------------------------------------------------------+ | Property | Value | +--------------------+------------------------------------------------------+ | attributes | enabled: true | | | | | combined_overrides | classdefaults: | | | adminId: admin | | | adminSecretName: ceph-admin | | | monitors: | | | - 192.168.204.2:6789 | | | storageClass: general | | | csiConfig: | | | - clusterID: 6d273112-f2a6-4aec-8727-76b690274c60 | | | monitors: | | | - 192.168.204.2:6789 | | | provisioner: | | | replicaCount: 1 | | | snapshotter: | | | enabled: true | | | snapshotClass: | | | clusterID: 6d273112-f2a6-4aec-8727-76b690274c60 | | | provisionerSecret: ceph-pool-kube-rbd | | | storageClasses: | | | - additionalNamespaces: | | | - default | | | - kube-public | | | chunk_size: 64 | | | clusterID: 6d273112-f2a6-4aec-8727-76b690274c60 | | | controllerExpandSecret: ceph-pool-kube-rbd | | | crush_rule_name: storage_tier_ruleset | | | name: general | | | nodeStageSecret: ceph-pool-kube-rbd | | | pool_name: kube-rbd | | | provisionerSecret: ceph-pool-kube-rbd | | | replication: 1 | | | userId: ceph-pool-kube-rbd | | | userSecretName: ceph-pool-kube-rbd | | | | | name | rbd-provisioner | | namespace | kube-system | | system_overrides | classdefaults: | | | adminId: admin | | | adminSecretName: ceph-admin | | | monitors: ['192.168.204.2:6789'] | | | storageClass: general | | | csiConfig: | | | - clusterID: !!binary | | | | NmQyNzMxMTItZjJhNi00YWVjLTg3MjctNzZiNjkwMjc0YzYw | | | monitors: ['192.168.204.2:6789'] | | | provisioner: | | | replicaCount: 1 | | | snapshotter: {enabled: true} | | | snapshotClass: | | | clusterID: !!binary | | | | NmQyNzMxMTItZjJhNi00YWVjLTg3MjctNzZiNjkwMjc0YzYw | | | provisionerSecret: ceph-pool-kube-rbd | | | storageClasses: | | | - additionalNamespaces: [default, kube-public] | | | chunk_size: 64 | | | clusterID: !!binary | | | | NmQyNzMxMTItZjJhNi00YWVjLTg3MjctNzZiNjkwMjc0YzYw | | | controllerExpandSecret: ceph-pool-kube-rbd | | | crush_rule_name: storage_tier_ruleset | | | name: general | | | nodeStageSecret: ceph-pool-kube-rbd | | | pool_name: kube-rbd | | | provisionerSecret: ceph-pool-kube-rbd | | | replication: 1 | | | userId: ceph-pool-kube-rbd | | | userSecretName: ceph-pool-kube-rbd | | | | | user_overrides | None | +--------------------+------------------------------------------------------+ #. Create an overrides yaml file defining the new namespaces. In this example we will create the file ``/home/sysadmin/update-namespaces.yaml`` with the following content: .. code-block:: none ~(keystone_admin)]$ cat < ~/update-namespaces.yaml storageClasses: - additionalNamespaces: [default, kube-public, new-app, new-app2, new-app3] chunk_size: 64 crush_rule_name: storage_tier_ruleset name: general pool_name: kube-rbd replication: 2 userId: ceph-pool-kube-rbd userSecretName: ceph-pool-kube-rbd EOF #. Apply the overrides file to the chart. .. code-block:: none ~(keystone_admin)$ system helm-override-update --values /home/sysadmin/update-namespaces.yaml platform-integ-apps rbd-provisioner kube-system +----------------+-----------------------------------------+ | Property | Value | +----------------+-----------------------------------------+ | name | rbd-provisioner | | namespace | kube-system | | user_overrides | storageClasses: | | | - additionalNamespaces: | | | - default | | | - kube-public | | | - new-app | | | - new-app2 | | | - new-app3 | | | chunk_size: 64 | | | crush_rule_name: storage_tier_ruleset | | | name: general | | | pool_name: kube-rbd | | | replication: 2 | | | userId: ceph-pool-kube-rbd | | | userSecretName: ceph-pool-kube-rbd | +----------------+-----------------------------------------+ #. Confirm that the new overrides have been applied to the chart. The following output has been edited for brevity. .. code-block:: none ~(keystone_admin)$ system helm-override-show platform-integ-apps rbd-provisioner kube-system +---------------------+--------------------------------------+ | Property | Value | +--------------------+------------------------------------- --+ | combined_overrides | ... | | | | | name | | | namespace | | | system_overrides | ... | | | | | | | | user_overrides | storageClasses: | | | - additionalNamespaces: | | | - default | | | - kube-public | | | - new-app | | | - new-app2 | | | - new-app3 | | | chunk_size: 64 | | | crush_rule_name: storage_tier_ruleset| | | name: general | | | pool_name: kube-rbd | | | replication: 2 | | | userId: ceph-pool-kube-rbd | | | userSecretName: ceph-pool-kube-rbd | +--------------------+----------------------------------------+ #. Apply the overrides. #. Run the :command:`application-apply` command. .. code-block:: none ~(keystone_admin)$ system application-apply platform-integ-apps +---------------+--------------------------------------+ | Property | Value | +---------------+--------------------------------------+ | active | True | | app_version | 1.0-62 | | created_at | 2022-12-14T04:14:08.878186+00:00 | | manifest_file | fluxcd-manifests | | manifest_name | platform-integ-apps-fluxcd-manifests | | name | platform-integ-apps | | progress | None | | status | applying | | updated_at | 2022-12-14T04:16:33.197301+00:00 | +---------------+--------------------------------------+ #. Monitor progress using the :command:`application-list` command. .. code-block:: none ~(keystone_admin)$ system application-list +--------------------------+---------+-------------------------------------------+------------------+----------+-----------+ | application | version | manifest name | manifest file | status | progress | +--------------------------+---------+-------------------------------------------+------------------+----------+-----------+ | platform-integ-apps | 1.0-62 | platform-integ-apps-fluxcd-manifests | fluxcd-manifests | applied | completed | +--------------------------+---------+-------------------------------------------+------------------+----------+-----------+ You can now create and mount PVCs from the default |RBD| provisioner's **general storage class**, from within these application-specific namespaces. #. Apply the secret to the new rbd-provisioner namespace. Check if the secret has been created in the new namespace by running the following command: .. code-block:: none ~(keystone_admin)$ kubectl get secret ceph-pool-kube-rbd -n If the secret has not been created in the new namespace, create it by running the following command: .. code-block:: none ~(keystone_admin)$ kubectl get secret ceph-pool-kube-rbd -n default -o yaml | grep -v '^\s*namespace:\s' | kubectl apply -n -f -