Skip to content

Setting up with limited Kubernetes cluster level accessΒΆ

In certain clusters where the IFS remote installer has limited access, it may not be possible to create persistent volumes. Therefore, the cluster administrator needs to pre-configure the persistent volumes before running the IFS remote installer.

Before creating the persistent volume, it is necessary to configure a secret that contains the SMB credentials for the remote SMB share. To create the secret, cluster administrators should use the following template. 

apiVersion: v1
kind: Secret
metadata:
  name: ifs-storage-smb-credentials
  namespace: <application-namespace>
type: kubernetes.io/Opaque
data:
  username: <base64-encoded-username>
  password: <base64-encoded-password>
  domain: <base64-encoded-domain>

To create the persistent volumes, cluster administrators should use the following template.

apiVersion: v1
kind: PersistentVolume
metadata:
  name: ifs-fss-pv-smb-<application-namespace>-<sha256sum value of smb sharepath>
spec:
  capacity:
    storage: <volume-size>
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: smb
  mountOptions:
    - dir_mode=0777
    - file_mode=0777
  csi:
    driver: smb.csi.k8s.io
    readOnly: false
    volumeHandle: ifs-fss-pv-smb-<application-namespace>-<sha256sum value of smb sharepath>
    volumeAttributes:
      source: //<smb-hostname>/<share-name>
    nodeStageSecretRef:
      name: ifs-storage-smb-credentials
      namespace: <application-namespace>

If the persistent volume and credentials secret are created manually, then the SMB credentials secret configuration (ifscore.secret.ifsStorageSmbCredentials) should be removed from the 'custom_values.yaml' file. The 'ifsfilestorage.fssPvCreationEnabled' variable in the 'custom_values.yaml' file should be set to 'false' to prevent Persistent Volume creation when running the IFS installer to install the middle tier.

ifsfilestorage:
  ...
  ...
  fssPvCreationEnabled: false