To enable users to connect to remote NFS storage volumes from Cloud Pak for Data, a cluster administrator must create a cluster
role and cluster role binding to grant the meta-api
the appropriate permissions to
provision persistent volumes.
About this task
- Permissions you need for this task
- You must be a cluster administrator.
- When you need to complete this task
- Complete this task only if you want to enable Cloud Pak for Data users to connect to storage volumes on a remote
NFS server.
Note: The External
NFS option is always visible on the New storage volume page.
However, if you do not complete this task, users cannot connect to NFS storage volumes from the New storage
volume page or through the Volumes API.
Procedure
To enable users to connect to a remote NFS storage volume:
- Log on to Red Hat® OpenShift® Container Platform as a
user with sufficient permissions to complete this task:
oc login OpenShift_URL:port
- Run the following command to create the required cluster role and cluster role binding
for the
meta-api
:
cat <<EOF | oc apply -f -
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
# "namespace" omitted. ClusterRoles are not scoped to a namespace.
name: ibm-zen-volumes-cluster-role
rules:
- apiGroups: [""]
#
# at the HTTP level, the name of the resource for accessing Secret
# objects is "secrets"
resources: ["persistentvolumes"]
verbs: ["create", "get", "list", "patch", "update", "watch", "delete", "use"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ibm-zen-volumes-cluster-role-binding
subjects:
- kind: ServiceAccount
name: ibm-zen-operator-serviceaccount
namespace: ibm-common-services # The namespace where the IBM Cloud Pak foundational services are installed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ibm-zen-volumes-cluster-role
EOF