You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: day_two_guide/topics/node_maintenance.adoc
+5-4
Original file line number
Diff line number
Diff line change
@@ -260,9 +260,10 @@ is lost. The location of the data in the *{rhocp}* node is located in
260
260
be configured:
261
261
262
262
NOTE: If the XFS filesystem hosting that folder is mounted with the
263
-
`gquota` option in the `/etc/fstab`
264
-
* the matching security context contraint’s `fsGroup` type set to `MustRunAs`
265
-
* The `/etc/origin/node/node-config.yml` is configured as:
263
+
`grpquota` option in the `/etc/fstab` file:
264
+
265
+
* Set the matching security context contraint’s `fsGroup` type set to `MustRunAs`
266
+
* xref:../install_config/master_node_configuration.adoc#node-config-volume-config[Configure the volume] using the node-config-compute configuration map in the openshift-node project.:
266
267
267
268
[subs=+quotes]
268
269
----
@@ -335,4 +336,4 @@ allowed to be "disrupted".
335
336
====
336
337
`PodDisruptionBudget` objects cannot be edited. In the event of any changes then
337
338
it is required to deploy a new `PodDisruptionBudget` object should be created.
Copy file name to clipboardexpand all lines: install_config/master_node_configuration.adoc
+33-13
Original file line number
Diff line number
Diff line change
@@ -1078,14 +1078,11 @@ If -1, there is no limit on requests.
1078
1078
|`*DynamicProvisioningEnabled*`
1079
1079
|A boolean to enable or disable dynamic provisioning. Default is *true*.
1080
1080
1081
-
|FSGroup
1082
-
|Can be specified to enable a quota on local storage use per unique FSGroup ID.
1081
+
|*FSGroup*
1082
+
|Enables xref:node-config-volume-config[local storage quotas] on each node for each FSGroup.
1083
1083
At present this is only implemented for emptyDir volumes, and if the underlying
1084
1084
`*volumeDirectory*` is on an XFS filesystem.
1085
1085
1086
-
|`*LocalQuota*`
1087
-
|Contains options for controlling local volume quota on the node.
1088
-
1089
1086
|`*MasterVolumeConfig*`
1090
1087
|Contains options for configuring volume plug-ins in the master node.
1091
1088
@@ -1343,9 +1340,6 @@ podManifestConfig: <2>
1343
1340
proxyArguments:
1344
1341
proxy-mode:
1345
1342
- iptables <5>
1346
-
volumeConfig:
1347
-
localQuota:
1348
-
perFSGroup: null<6>
1349
1343
servingInfo:
1350
1344
bindAddress: 0.0.0.0:10250
1351
1345
bindNetwork: tcp4
@@ -1367,11 +1361,6 @@ manifest files. This is used by the Kubelet to create pods on the node.
1367
1361
data. The interval must be a positive value.
1368
1362
<5> The xref:../architecture/core_concepts/pods_and_services.adoc#service-proxy-mode[service
1369
1363
proxy implementation] to use.
1370
-
<6> Preliminary support for local emptyDir volume quotas, set this value to a resource
1371
-
quantity representing the desired quota per FSGroup, per node. (i.e. 1Gi, 512Mi, etc)
1372
-
Currently requires that the *_volumeDirectory_* be on an XFS filesystem mounted
1373
-
with the 'gquota' option, and the matching security context contraint's fsGroup
1374
-
type set to 'MustRunAs'.
1375
1364
====
1376
1365
1377
1366
The node configuration file determines the resources of a node. See the
@@ -1431,6 +1420,37 @@ start on a machine that does not have docker started.
1431
1420
1432
1421
|===
1433
1422
1423
+
[[node-config-volume-config]]
1424
+
=== Local Storage Configuration
1425
+
1426
+
You can use the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/storage_administration_guide/ch-xfs[XFS quota subsystem]
1427
+
to limit the size of `emptyDir` volumes and volumes based on an `emptyDir` volume, such as secrets and configuration maps, on each node.
1428
+
1429
+
To limit the size of `emptyDir` volumes in an XFS filesystem, configure local volume quota for each unique
1430
+
xref:../install_config/persistent_storage/pod_security_context.adoc#fsgroup[FSGroup] using the *_node-config-compute_* configuration map in the *openshift-node* project.
1431
+
1432
+
----
1433
+
apiVersion: kubelet.config.openshift.io/v1
1434
+
kind: VolumeConfig
1435
+
localQuota: <1>
1436
+
perFSGroup: 1Gi <2>
1437
+
----
1438
+
1439
+
<1> Contains options for controlling local volume quota on the node.
1440
+
<2> Set this value to a resource quantity representing the desired quota per
1441
+
[FSGroup], per node, such as `1Gi`, `512Mi`, and so forth.
1442
+
Requires the *volumeDirectory* to be on an XFS filesystem mounted with the `grpquota` option. The matching security context constraint *fsGroup* type must be
1443
+
xref:../architecture/additional_concepts/authorization.adoc#authorization-FSGroup[set to `MustRunAs`].
1444
+
1445
+
If no FSGroup is specified, indicating the request matched an SCC with `RunAsAny`, the quota
1446
+
application is skipped.
1447
+
1448
+
[NOTE]
1449
+
====
1450
+
Do not edit the *_/etc/origin/node/volume-config.yaml_* file directly. The file is created from the *_node-config-compute_* configuration map.
1451
+
Use the *_node-config-compute_* configuration map to create or edit the paramaters in the *_volume-config.yaml_* file.
0 commit comments