You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: day_two_guide/topics/node_maintenance.adoc
+5-4
Original file line number
Diff line number
Diff line change
@@ -260,9 +260,10 @@ is lost. The location of the data in the *{rhocp}* node is located in
260
260
be configured:
261
261
262
262
NOTE: If the XFS filesystem hosting that folder is mounted with the
263
-
`gquota` option in the `/etc/fstab`
264
-
* the matching security context contraint’s `fsGroup` type set to `MustRunAs`
265
-
* The `/etc/origin/node/node-config.yml` is configured as:
263
+
`grpquota` option in the `/etc/fstab` file:
264
+
265
+
* Set the matching security context contraint’s `fsGroup` type set to `MustRunAs`
266
+
* xref:../install_config/master_node_configuration.adoc#node-config-volume-config[Configure the volume] using the node-config-compute configuration map in the openshift-node project.:
266
267
267
268
[subs=+quotes]
268
269
----
@@ -335,4 +336,4 @@ allowed to be "disrupted".
335
336
====
336
337
`PodDisruptionBudget` objects cannot be edited. In the event of any changes then
337
338
it is required to deploy a new `PodDisruptionBudget` object should be created.
Copy file name to clipboardExpand all lines: install_config/master_node_configuration.adoc
+33-13
Original file line number
Diff line number
Diff line change
@@ -1081,14 +1081,11 @@ If -1, there is no limit on requests.
1081
1081
|`*DynamicProvisioningEnabled*`
1082
1082
|A boolean to enable or disable dynamic provisioning. Default is *true*.
1083
1083
1084
-
|FSGroup
1085
-
|Can be specified to enable a quota on local storage use per unique FSGroup ID.
1084
+
|*FSGroup*
1085
+
|Enables xref:node-config-volume-config[local storage quotas] on each node for each FSGroup.
1086
1086
At present this is only implemented for emptyDir volumes, and if the underlying
1087
1087
`*volumeDirectory*` is on an XFS filesystem.
1088
1088
1089
-
|`*LocalQuota*`
1090
-
|Contains options for controlling local volume quota on the node.
1091
-
1092
1089
|`*MasterVolumeConfig*`
1093
1090
|Contains options for configuring volume plug-ins in the master node.
1094
1091
@@ -1346,9 +1343,6 @@ podManifestConfig: <2>
1346
1343
proxyArguments:
1347
1344
proxy-mode:
1348
1345
- iptables <5>
1349
-
volumeConfig:
1350
-
localQuota:
1351
-
perFSGroup: null<6>
1352
1346
servingInfo:
1353
1347
bindAddress: 0.0.0.0:10250
1354
1348
bindNetwork: tcp4
@@ -1370,11 +1364,6 @@ manifest files. This is used by the Kubelet to create pods on the node.
1370
1364
data. The interval must be a positive value.
1371
1365
<5> The xref:../architecture/core_concepts/pods_and_services.adoc#service-proxy-mode[service
1372
1366
proxy implementation] to use.
1373
-
<6> Preliminary support for local emptyDir volume quotas, set this value to a resource
1374
-
quantity representing the desired quota per FSGroup, per node. (i.e. 1Gi, 512Mi, etc)
1375
-
Currently requires that the *_volumeDirectory_* be on an XFS filesystem mounted
1376
-
with the 'gquota' option, and the matching security context contraint's fsGroup
1377
-
type set to 'MustRunAs'.
1378
1367
====
1379
1368
1380
1369
The node configuration file determines the resources of a node. See the
@@ -1434,6 +1423,37 @@ start on a machine that does not have docker started.
1434
1423
1435
1424
|===
1436
1425
1426
+
[[node-config-volume-config]]
1427
+
=== Local Storage Configuration
1428
+
1429
+
You can use the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/storage_administration_guide/ch-xfs[XFS quota subsystem]
1430
+
to limit the size of `emptyDir` volumes and volumes based on an `emptyDir` volume, such as secrets and configuration maps, on each node.
1431
+
1432
+
To limit the size of `emptyDir` volumes in an XFS filesystem, configure local volume quota for each unique
1433
+
xref:../install_config/persistent_storage/pod_security_context.adoc#fsgroup[FSGroup] using the *_node-config-compute_* configuration map in the *openshift-node* project.
1434
+
1435
+
----
1436
+
apiVersion: kubelet.config.openshift.io/v1
1437
+
kind: VolumeConfig
1438
+
localQuota: <1>
1439
+
perFSGroup: 1Gi <2>
1440
+
----
1441
+
1442
+
<1> Contains options for controlling local volume quota on the node.
1443
+
<2> Set this value to a resource quantity representing the desired quota per
1444
+
[FSGroup], per node, such as `1Gi`, `512Mi`, and so forth.
1445
+
Requires the *volumeDirectory* to be on an XFS filesystem mounted with the `grpquota` option. The matching security context constraint *fsGroup* type must be
1446
+
xref:../architecture/additional_concepts/authorization.adoc#authorization-FSGroup[set to `MustRunAs`].
1447
+
1448
+
If no FSGroup is specified, indicating the request matched an SCC with `RunAsAny`, the quota
1449
+
application is skipped.
1450
+
1451
+
[NOTE]
1452
+
====
1453
+
Do not edit the *_/etc/origin/node/volume-config.yaml_* file directly. The file is created from the *_node-config-compute_* configuration map.
1454
+
Use the *_node-config-compute_* configuration map to create or edit the paramaters in the *_volume-config.yaml_* file.
0 commit comments