Setting up storage environment

Edit online

This step must be performed by the Environment Operator.

About storage setup

To use encrypted storage with IBM Confidential Computing Containers contracts, you must install a storage operator to manage persistent block volumes (for example, Red Hat OpenShift Data Foundation (ODF) or Fusion Data Foundation (FDF)). The storage operator manages storage clusters in your OpenShift cluster and automatically creates storage classes for provisioning persistent volumes.

Prerequisites

  • You have cluster administrator access to the OpenShift cluster.
  • Dedicated secondary block storage devices are available for OpenShift compute nodes (recommended for production).
  • Sufficient resources are available for the ODF operator and storage cluster.

Procedure

  1. Install a storage operator in your OpenShift cluster (for example, Red Hat OpenShift Data Foundation (ODF) or Fusion Data Foundation (FDF)).
    Note: For detailed installation instructions, see the OpenShift Data Foundation documentation or the IBM Storage Fusion documentation.
  2. Create a storage cluster managed by the storage operator.

    After successful creation, the storage operator automatically creates multiple storage classes in your cluster.

  3. Verify the storage classes by running the following command: 
    oc get sc

    Example output:

    NAME                                PROVISIONER                             RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
ocs-storagecluster-odf-ceph-rbd     openshift-storage.rbd.csi.ceph.com      Delete          Immediate              true                   40d
ocs-storagecluster-odf-cephfs       openshift-storage.cephfs.csi.ceph.com   Delete          Immediate              true                   40d
  4. Identify the storage class for block volumes.

    For storage encryption with IBM Confidential Computing Containers contracts, use a storage class that provisions persistent block volumes. For example:

    • ODF: ocs-storagecluster-odf-ceph-rbd
    • FDF: ocs-storagecluster-ceph-rbd
  5. Share the storage class name with the Data Owner to create persistent block volumes for workloads.

Next steps

After the storage environment is set up, the Data Owner can proceed to create PersistentVolumeClaims for the workload.