Storage options

OpenShift Container Platform storage options

For more information about the storage providers that OpenShift Container Platform supports, see the OpenShift documentation:

For OpenShift version 4.17, see Storage.
For OpenShift version 4.16, see Storage.
For OpenShift version 4.14, see Storage.
For OpenShift version 4.12, see Storage.

For the IBM Cloud Pak foundational services installer versions on which these OpenShift Container Platform versions are supported, see Supported OpenShift versions and platforms.

Storage options for IBM Cloud Pak foundational services

Edit online

See the following notes:

The IBM Cloud Pak foundational services requires block storage that is configured to use the XFS or ext4 file system. RWO accessMode is preferred.
The file systems (XFS and ext4) are POSIX-compliant and fully compatible with all supported Red Hat Enterprise Linux releases.
The IBM Cloud Pak foundational services supports the volumeBindingMode with either Immediate or WaitForFirstConsumer values to control volume binding and dynamic provisioning.
Recommend using Storage performance validation playbook and Storage validation tool to measure the performance of the underlying storage with relevant metrics for workloads.

The storage providers that are verified for use with IBM Cloud Pak foundational services are marked in the All foundational services row in Table 1. Storage options. All foundational services, except the ones that have specific requirements or storage options, can use these storage providers. If you plan to use NFS, see NFS support and configuration in IBM Cloud Pak foundational services .

Storage options for foundational services

Edit online

Important: The following table includes storage providers that allow you to provision persistent volumes for use by your product. There is no guarantee that all features of a storage provider, such as snapshot-based backup and restore of the volumes, are supported.

Table 1. Storage options
Service	Amazon FSx for NetApp ONTAP (`backendType: ontap-nas`)	Amazon Elastic Block Store (EBS)	Amazon Elastic File System (EFS)	Azure Disk	Azure NetApp Files	NetApp Trident	GCE Persistent Disk	IBM Cloud Block Storage at Gold level	IBM Cloud File Storage at Gold level	IBM Spectrum Fusion	IBM Spectrum Scale	Network File System (NFS)	Portworx	Red Hat OpenShift Data Foundation	Rook Ceph Block Storage	VMWare vSphere
All foundational services		x	x See Amazon EFS storage support for foundational services and NFS subdir external provisioner on AWS Elastic File System	x	x	x	x	x	x	x	x		x	x	x	x
IM	x	x	x See Amazon EFS storage support for foundational services and NFS subdir external provisioner on AWS Elastic File System	x	x	x	x	x	x	x	x		x	x	x	x
Platform UI (`ibm-platformui-operator`)	x		x		x	x			x	x	x (Container Native)	x	x	x (Red Hat Ceph Storage)
Events	x	x		x	x	x	x	x					x	x (only with Block Storage)	x	x
License Service Reporter		x			x	x		x	x			x		x (Red Hat Ceph Storage)	x

Important: Some foundational services services have specific requirements or storage options. The options are marked in the Table 1. Storage options.

The following foundational services can be used only with specific storage providers as indicated in Table 1. Storage options:

Platform UI (ibm-platformui-operator): Requires a storage class that supports Read, Write, Once (RWO) access mode. Block storage is recommended.
- Following storage classes are verified for use with the zen-metastoredb component:
  - Amazon EBS block If you are using Amazon EBS, see the Storage known issue.
  - ibmc-block-gold
  - Custom Portworx non-shared
  - Red Hat Ceph RBD
Events: Requires block storage. This storage must be formatted to use the XFS or ext4 file system. If you use VMWare vSphere, the accessed storage infrastructure must be block storage.

Note: The Events service, which is based on open source technology, does not encrypt data that is received before it is written to disk. If the data that is received and stored on the persistent storage volumes needs to be encrypted, encrypt your storage system.
IBM License Service Reporter: Requires storage that supports RWO access mode.

The following foundational services can be used with any storage provider that is verified for use with foundational services. However, these services have specific requirements.

PostgreSQL is a database that is used with the Identity Management (IM) service. IM supports both embedded and external PostgreSQL database. By default, IM is configured with the embedded EDB PostgreSQL database. The embedded PostgreSQL database does not encrypt data at rest. To ensure that the stored data is encrypted, choose a storage solution that guarantees data encryption. If you use an external PostgreSQL database, Transparent Data Encryption (TDE) provides encryption of data at rest in EDB Postgres Advanced Server and EDB Postgres Extended Server.
Business Teams Service (ibm-bts-operator): Requires a storage class for dynamic provisioning. Business Teams Service uses the default storage class that you set in your cluster. If you do not set a default storage class, the service uses the first storage class from your list of storage classes in the cluster.

Amazon EFS storage support for foundational services

Edit online

To use Amazon EFS with foundational services, do the following steps:

Create the Amazon EFS storage.
Find the uid and gid on the OpenShift Container Platform (OCP) cluster for the namespace where you deployed the foundational services.
```
oc get project <name of the storageclass> -o yaml
```
See the following sample output:
```
openshift.io/sa.scc.supplemental-groups: 1000770000/10000.
```
Where 1000770000 is the gid range.
```
openshift.io/sa.scc.uid-range: 1000770000/10000.
```
Where 1000770000 is the uid range.

Edit Parameters section in the efs-sc storage class to add the uid and gid values for the namespace where you deployed the foundational services.

For example:

Name:                  efs-sc
IsDefaultClass:        Yes
Annotations:           storageclass.kubernetes.io/is-default-class=true
Provisioner:           efs.csi.aws.com
Parameters:            basePath=/dynamic_provisioning,directoryPerms=777,fileSystemId=fs-0e85126ea1cc0ae5c,gid=1000770000,provisioningMode=efs-ap,uid=1000770000
AllowVolumeExpansion:  <unset>
MountOptions:          <none>
ReclaimPolicy:         Delete
VolumeBindingMode:     Immediate
Events:                <none>

Note: The uid and gid values are different for each namespace where you deployed the foundational services. Ensure that you create a different EFS storage class for each namespace.

NFS subdir external provisioner on Amazon EFS

Edit online

To use Amazon EFS with foundational services, configure NFS subdir external provisioner on your Amazon EFS.

NFS support and configuration in IBM Cloud Pak foundational services

Edit online

You must use one of the following enterprise-grade NFS providers:

IBM Spectrum Scale
NetApp Trident
Dell EMC Powerscale

Note: It is your responsibility to secure the NFS storage.

NFS in non-production environment

Edit online

You can use NFS in production and non-production environments. It is ideal to use a separate NFS server for each environment.

For more information about setting up your OpenShift Container Platform clusters with persistent storage by using NFS, see Kubernetes NFS Subdir External Provisioner Opens in a new tab .

Minimum requirements for NFS configuration in non-production and production environments

Edit online

The following list shows the minimum requirements for the NFS configuration in both non-production and production environments.

Options that are required to export the NFS share to all the NFS clients:
- rw
- sync
- no_root_squash
- no_subtree_check
IMPORTANT: You must export the NFS share to all the NFS clients.
Minimum NFS configuration requirements for optimal performance of the Identity Management (IM) components:
- Minimum input/output operations per second (IOPS): 200
- IOPS per GB: 10