Statically Provisioning a MapR Volume Using the FlexVolume Plug-in ( Secure Cluster)

Statically Provisioning a MapR Volume Using the FlexVolume Plug-in (Secure Cluster)

You can designate a pre-created MapR volume for use with Kubernetes by specifying the MapR FlexVolume parameters directly inside the Pod spec. In the Pod spec, you define a Kubernetes volume and add the MapR FlexVolume information to it. You can supply path information by using the volumePath parameter.

For static provisioning, configuring a PersistentVolume has some advantages over Kubernetes volume in a Pod:

• The configuration file can be shared for use by multiple Pod specs.
• The configuration file enables the PersistentVolume to be mounted and available even when the Pod spec that references it is removed.

This blog assumes you have secure MapR cluster (running) and separate K8S cluster. 

1) Below is sample yaml file to statically provision MapR Flex volume to K8S .

[root@tssperf09 abizerwork]# cat static-secure.yaml 

apiVersion: v1

kind: Pod

metadata:

  name: test-secure

  namespace: mapr-system

spec:

  containers:

  - name: mycontainer

    image: docker.io/maprtech/kdf-plugin:1.0.0_029_centos7

    args:

    - sleep

    - "1000000"

    imagePullPolicy: Always

    resources:

      requests:

        memory: "2Gi"

        cpu: "500m"

    volumeMounts:

    - mountPath: /maprvolume1

      name: maprvolume

  volumes:

    - name: maprvolume

      flexVolume:

        driver: "mapr.com/maprfs"

        readOnly: true

        options:

          volumePath: "/maprvolume"

          cluster: "cluster4"

          cldbHosts: "10.10.102.95"

          securityType: "secure"

          ticketSecretName: "dlpocid-mapr6-ticket-secret"

          ticketSecretNamespace: "mapr-system"

---

apiVersion: v1

kind: Secret

metadata:

  name: dlpocid-mapr6-ticket-secret

  namespace: mapr-system

type: Opaque

data:

  CONTAINER_TICKET: Y2x1c3RlcjQgRGZQSVZHNmxTeXREeGI0OG9SM0RPTTNLQ0tWdG0vS0FWejB5QzFncTVlR01uS2lTRFlZZ1k1b2cxVFlFMHZ4VmczUnVyYlNXazJ0RUVHYjBrWWNLVnQ3L0xlNzJnUGZ3dzYxUWtBYmNHR2xodmpMQXo2ZlFKN1lCN3gzVGJJbzJYeHR0akVuZm1XcFFXNlNwckxMenJKa3d0VlFFZC9CMXg0amN2SlpUTytsOGdnYkJjSHpNN3dHSEFlRFowRHl3akhnMHBtNlA2WTYwRG5HS3dCMVRPd05KWlNJV1hsTGZqblhKdk5jYXpUSGlPNVo2eVhvRldQbTVZMHJndjZNUG5OT0VyekFLcDIzcmY1NUI5eGpSR0IrRmVzUXQycVZMVG45WjVDekNkQT09

[root@tssperf09 abizerwork]#

Note : In above yaml CONTAINER_TICKET is base64 format . You simple cat the user ticket and get the Encoded output.

https://www.base64encode.org/ 

On the cluster side its assumed "maprvolume" is already created and mounted on /maprvolume.

[root@qa102-95 ~]# maprcli volume info -name maprvolume -json

{

"timestamp":1524856259216,

"timeofday":"2018-04-27 12:10:59.216 GMT-0700 PM",

"status":"OK",

"total":1,

"data":[

{

"acl":{

"Principal":"User root",

"Allowed actions":"[dump, restore, m, a, d, fc]"

},

"creator":"root",

"aename":"root",

"aetype":"0",

"numreplicas":"3",

"minreplicas":"2",

"nsNumReplicas":"3",

"nsMinReplicas":"2",

"enforceMinReplicationForIO":"false",

"containerAllocationFactor":"0",

"reReplTimeOutSec":"0",

"criticalReReplTimeOutSec":"0",

"replicationtype":"high_throughput",

"rackpath":"/data",

"mirrorthrottle":"1",

"accesstime":"April 27, 2018",

"readonly":"0",

"mountdir":"/maprvolume",

"volumename":"maprvolume",

"mounted":1,

2)  Use the kubectl create command with the -f option to install static provisioner on  Kubernetes cluster

[root@tssperf09 abizerwork]# kubectl create -f static-secure.yaml 

pod "test-secure" created

secret "dlpocid-mapr6-ticket-secret" created

[root@tssperf09 abizerwork]#

3) To check the status and step the pod is currently executing while coming up below command can be executed.

[root@tssperf09 abizerwork]# kubectl describe pod test-secure  -n mapr-system

Name:         test-secure

Namespace:    mapr-system

Node:         tssperf10.lab/10.10.72.250

Start Time:   Fri, 27 Apr 2018 12:39:26 -0600

Labels:       <none>

Annotations:  <none>

Status:       Running

IP:           192.168.61.81

Containers:

  mycontainer:

    Container ID:  docker://20b580111a9b3427ef005f9cbd4ec82af4f76974a36b611a93b1ed3f7659b14b

    Image:         docker.io/maprtech/kdf-plugin:1.0.0_029_centos7

    Image ID:      docker-pullable://docker.io/maprtech/kdf-plugin@sha256:eecb2d64ede9b9232b6eebf5d0cc59fe769d16aeb56467d0a00489ce7224278d

    Port:          <none>

    Args:

      sleep

      1000000

    State:          Running

      Started:      Fri, 27 Apr 2018 12:39:33 -0600

    Ready:          True

    Restart Count:  0

    Requests:

      cpu:        500m

      memory:     2Gi

    Environment:  <none>

    Mounts:

      /maprvolume1 from maprvolume (rw)

      /var/run/secrets/kubernetes.io/serviceaccount from default-token-9g8tq (ro)

Conditions:

  Type           Status

  Initialized    True 

  Ready          True 

  PodScheduled   True 

Volumes:

  maprvolume:

    Type:    FlexVolume (a generic volume resource that is provisioned/attached using an exec based plugin)

    Driver:      Options:  %v

    FSType:     mapr.com/maprfs

    SecretRef:  

    ReadOnly:   <nil>

%!(EXTRA bool=true, map[string]string=map[volumePath:/maprvolume cldbHosts:10.10.102.95 cluster:cluster4 securityType:secure ticketSecretName:dlpocid-mapr6-ticket-secret ticketSecretNamespace:mapr-system])  default-token-9g8tq:

    Type:        Secret (a volume populated by a Secret)

    SecretName:  default-token-9g8tq

    Optional:    false

QoS Class:       Burstable

Node-Selectors:  <none>

Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s

                 node.kubernetes.io/unreachable:NoExecute for 300s

Events:

  Type    Reason                 Age   From                    Message

  ----    ------                 ----  ----                    -------

  Normal  Scheduled              1m    default-scheduler       Successfully assigned test-secure to tssperf10.lab

  Normal  SuccessfulMountVolume  1m    kubelet, tssperf10.lab  MountVolume.SetUp succeeded for volume "default-token-9g8tq"

  Normal  SuccessfulMountVolume  1m    kubelet, tssperf10.lab  MountVolume.SetUp succeeded for volume "maprvolume"

  Normal  Pulling                1m    kubelet, tssperf10.lab  pulling image "docker.io/maprtech/kdf-plugin:1.0.0_029_centos7"

  Normal  Pulled                 1m    kubelet, tssperf10.lab  Successfully pulled image "docker.io/maprtech/kdf-plugin:1.0.0_029_centos7"

  Normal  Created                1m    kubelet, tssperf10.lab  Created container

  Normal  Started                1m    kubelet, tssperf10.lab  Started container

4) Once the POD is up you can login into the POD via below command.

[root@tssperf09 abizerwork]# kubectl exec -it  test-secure  -n mapr-system -- bash

bash-4.4# df -hP /maprvolume1     

Filesystem                Size      Used Available Capacity Mounted on

posix-client-basic        4.3T    126.6G      4.2T   3% /maprvolume1

bash-4.4# 

Note : To get more details on the logs journals has collected for the Kubelet service, run below command.

journalctl -u kubelet