Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XFS quota for emptyDir volumes #9261

Merged
merged 1 commit into from
Jun 7, 2018
Merged

XFS quota for emptyDir volumes #9261

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions day_two_guide/topics/node_maintenance.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,9 +260,10 @@ is lost. The location of the data in the *{rhocp}* node is located in
be configured:

NOTE: If the XFS filesystem hosting that folder is mounted with the
`gquota` option in the `/etc/fstab`
* the matching security context contraint’s `fsGroup` type set to `MustRunAs`
* The `/etc/origin/node/node-config.yml` is configured as:
`grpquota` option in the `/etc/fstab` file:

* Set the matching security context contraint’s `fsGroup` type set to `MustRunAs`
* xref:../install_config/master_node_configuration.adoc#node-config-volume-config[Configure the volume] using the node-config-compute configuration map in the openshift-node project.:

[subs=+quotes]
----
Expand Down Expand Up @@ -335,4 +336,4 @@ allowed to be "disrupted".
====
`PodDisruptionBudget` objects cannot be edited. In the event of any changes then
it is required to deploy a new `PodDisruptionBudget` object should be created.
====
====
46 changes: 33 additions & 13 deletions install_config/master_node_configuration.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1081,14 +1081,11 @@ If -1, there is no limit on requests.
|`*DynamicProvisioningEnabled*`
|A boolean to enable or disable dynamic provisioning. Default is *true*.

|FSGroup
|Can be specified to enable a quota on local storage use per unique FSGroup ID.
|*FSGroup*
|Enables xref:node-config-volume-config[local storage quotas] on each node for each FSGroup.
At present this is only implemented for emptyDir volumes, and if the underlying
`*volumeDirectory*` is on an XFS filesystem.

|`*LocalQuota*`
|Contains options for controlling local volume quota on the node.

|`*MasterVolumeConfig*`
|Contains options for configuring volume plug-ins in the master node.

Expand Down Expand Up @@ -1346,9 +1343,6 @@ podManifestConfig: <2>
proxyArguments:
proxy-mode:
- iptables <5>
volumeConfig:
localQuota:
perFSGroup: null<6>
servingInfo:
bindAddress: 0.0.0.0:10250
bindNetwork: tcp4
Expand All @@ -1370,11 +1364,6 @@ manifest files. This is used by the Kubelet to create pods on the node.
data. The interval must be a positive value.
<5> The xref:../architecture/core_concepts/pods_and_services.adoc#service-proxy-mode[service
proxy implementation] to use.
<6> Preliminary support for local emptyDir volume quotas, set this value to a resource
quantity representing the desired quota per FSGroup, per node. (i.e. 1Gi, 512Mi, etc)
Currently requires that the *_volumeDirectory_* be on an XFS filesystem mounted
with the 'gquota' option, and the matching security context contraint's fsGroup
type set to 'MustRunAs'.
====

The node configuration file determines the resources of a node. See the
Expand Down Expand Up @@ -1434,6 +1423,37 @@ start on a machine that does not have docker started.

|===

[[node-config-volume-config]]
=== Local Storage Configuration

You can use the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/storage_administration_guide/ch-xfs[XFS quota subsystem]
to limit the size of `emptyDir` volumes and volumes based on an `emptyDir` volume, such as secrets and configuration maps, on each node.

To limit the size of `emptyDir` volumes in an XFS filesystem, configure local volume quota for each unique
xref:../install_config/persistent_storage/pod_security_context.adoc#fsgroup[FSGroup] using the *_node-config-compute_* configuration map in the *openshift-node* project.

----
apiVersion: kubelet.config.openshift.io/v1
kind: VolumeConfig
localQuota: <1>
perFSGroup: 1Gi <2>
----

<1> Contains options for controlling local volume quota on the node.
<2> Set this value to a resource quantity representing the desired quota per
[FSGroup], per node, such as `1Gi`, `512Mi`, and so forth.
Requires the *volumeDirectory* to be on an XFS filesystem mounted with the `grpquota` option. The matching security context constraint *fsGroup* type must be
xref:../architecture/additional_concepts/authorization.adoc#authorization-FSGroup[set to `MustRunAs`].

If no FSGroup is specified, indicating the request matched an SCC with `RunAsAny`, the quota
application is skipped.

[NOTE]
====
Do not edit the *_/etc/origin/node/volume-config.yaml_* file directly. The file is created from the *_node-config-compute_* configuration map.
Use the *_node-config-compute_* configuration map to create or edit the paramaters in the *_volume-config.yaml_* file.
====

[[master-node-configuration-parallel-image-pulls-with-docker]]
=== Parallel Image Pulls with Docker 1.9+

Expand Down