Skip to content

Setting up with limited Kubernetes cluster level access

NOTE: This only concerns very specific customer installations with a special license agreement.

The IFS remote installer might in some cases have limited access to k8s resources, it may not be possible to create persistent volumes. Therefore, the cluster administrator needs to pre-configure the persistent volumes before running the IFS remote installer.


Before creating the persistent volume, it is necessary to configure a secret that contains the SMB credentials for the remote SMB share. To create the secret, cluster administrators should use the following template.

apiVersion: v1
kind: Secret
metadata:
  name: ifs-storage-smb-credentials
  namespace: <application-namespace>
type: kubernetes.io/Opaque
data:
  username: <base64-encoded-username>
  password: <base64-encoded-password>
  domain: <base64-encoded-domain>

To create the persistent volumes, cluster administrators should use the following template.

apiVersion: v1
kind: PersistentVolume
metadata:
  name: ifs-fss-pv-smb-<application-namespace>-<sha256sum value of smb sharepath>
spec:
  capacity:
    storage: <volume-size>
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: smb
  mountOptions:
    - dir_mode=0777
    - file_mode=0777
  csi:
    driver: smb.csi.k8s.io
    readOnly: false
    volumeHandle: ifs-fss-pv-smb-<application-namespace>-<sha256sum value of smb sharepath>
    volumeAttributes:
      source: //<smb-hostname>/<share-name>
    nodeStageSecretRef:
      name: ifs-storage-smb-credentials
      namespace: <application-namespace>

If the persistent volume and credentials secret are created manually, then the SMB credentials secret configuration (ifscore.secret.ifsStorageSmbCredentials) should be removed from the 'custom_values.yaml' file. The 'ifsfilestorage.fssPvCreationEnabled' variable in the 'custom_values.yaml' file should be set to 'false' to prevent Persistent Volume creation when running the IFS installer to install the middle tier.

ifsfilestorage:
  ...
  ...
  fssPvCreationEnabled: false