To enable users to connect to remote SMB storage volumes from IBM Cloud Pak® for Data a cluster administrator must install the
SMB CSI Driver for Kubernetes to enable the
cluster to communicate with your remote SMB volumes. Then the administrator must create a cluster
role and cluster role binding to grant the meta-api
the appropriate permissions to
provision persistent volumes.
Before you begin
This feature requires SMB Version 3.0 or later.
About this task
- Permissions you need for this task
- You must be a cluster administrator.
- When you need to complete this task
- Complete this task only if you want to enable Cloud Pak for Data users to connect to storage volumes on an SMB
file share server.
Note: The External SMB option is always visible on the
New storage volume page. However, if you do not complete this task, users
cannot connect to SMB storage volumes from the New storage volume page or
through the Volumes API.
Procedure
To enable users to connect to a remote SMB storage volume:
- Log on to Red Hat®
OpenShift® Container Platform as a
user with sufficient permissions to complete this task:
oc login OpenShift_URL:port
- Install the SMB CSI Driver for Kubernetes (
csi-smb-driver
) on the cluster. For details, see the readme for the driver.
The csi-smb-driver
is provided by the Kubernetes CSI organization, which provides Kubernetes specific Constainer-Storage-Interface (CSI)
components.
- Run the following command to create the required cluster role and cluster role binding
for the
meta-api
.
cat <<EOF | oc apply -f -
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
# "namespace" omitted. ClusterRoles are not scoped to a namespace.
name: ibm-zen-volumes-cluster-role
rules:
- apiGroups: [""]
#
# at the HTTP level, the name of the resource for accessing Secret
# objects is "secrets"
resources: ["persistentvolumes"]
verbs: ["create", "get", "list", "patch", "update", "watch", "delete", "use"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ibm-zen-volumes-cluster-role-binding
subjects:
- kind: ServiceAccount
name: ibm-zen-operator-serviceaccount
namespace: ibm-common-services # The namespace where the IBM Cloud Pak foundational services are installed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ibm-zen-volumes-cluster-role
EOF