Deploying the Platform UI with RWO storage

By default, the PlatformNavigator custom resource (IBM Cloud Pak Platform UI) only supports RWX storage classes. However, you can configure a custom storage class in your cluster that supports RWX access mode and is backed up by an RWO storage class.

You must be a cluster administrator to perform this task. See Roles and permissions if you need more information.

Follow all of these procedures, in the order given:

Troubleshooting: For a list of possible errors and solutions when performing the steps in this section, see Troubleshooting Platform UI deployment.

Deploying Rook NFS

  1. Clone the NFS Git repository at version 1.7.3:

    git clone --single-branch --branch v1.7.3 https://github.com/rook/nfs.git
  2. Navigate to this directory:

    cd nfs/cluster/examples/kubernetes/nfs
  3. Open the operator.yaml file and change the Deployment image field from rook/nfs:v1.7.3 to icr.io/cpopen/cpd/rook-nfs:kz-220512.

  4. Log into your cluster using the oc login command and your user credentials. For example:

    oc login <openshift_url> -u <username> -p <password> -n <namespace>
  5. Apply the CustomResourceDefinitions to the cluster:

    oc apply -f crds.yaml
  6. Create the operator deployment:

    oc apply -f operator.yaml
  7. Verify that the operator is running:

    oc get pod -n rook-nfs-system

    You should get a message similar to the following:

    NAME                                 READY   STATUS    RESTARTS   AGE
    rook-nfs-operator-6d4b6db545-l8k7d   1/1     Running   0          102s
  8. Grant the Rook NFS service account access to the privileged SecurityContextConstraints (SCC) resources:

    oc adm policy add-scc-to-user privileged system:serviceaccount:rook-nfs:rook-nfs-server

Deploying the Rook NFS server

  1. Create RBAC objects for the NFS server by applying the YAML to the cluster. You can either:

    • Save the YAML into a file (for example, server.yaml) and apply:

      oc apply -f server.yaml
    • Copy the following YAML and apply it using the OpenShift web console.

      ---
      apiVersion: v1
      kind: Namespace
      metadata:
        name:  rook-nfs
      ---
      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: rook-nfs-server
        namespace: rook-nfs
      ---
      kind: ClusterRole
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: rook-nfs-provisioner-runner
      rules:
        - apiGroups: [""]
          resources: ["persistentvolumes"]
          verbs: ["get", "list", "watch", "create", "delete"]
        - apiGroups: [""]
          resources: ["persistentvolumeclaims"]
          verbs: ["get", "list", "watch", "update"]
        - apiGroups: ["storage.k8s.io"]
          resources: ["storageclasses"]
          verbs: ["get", "list", "watch"]
        - apiGroups: [""]
          resources: ["events"]
          verbs: ["create", "update", "patch"]
        - apiGroups: [""]
          resources: ["services", "endpoints"]
          verbs: ["get"]
        - apiGroups: ["policy"]
          resources: ["podsecuritypolicies"]
          resourceNames: ["rook-nfs-policy"]
          verbs: ["use"]
        - apiGroups: [""]
          resources: ["endpoints"]
          verbs: ["get", "list", "watch", "create", "update", "patch"]
        - apiGroups:
          - nfs.rook.io
          resources:
          - "*"
          verbs:
          - "*"
      ---
      kind: ClusterRoleBinding
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: rook-nfs-provisioner-runner
      subjects:
        - kind: ServiceAccount
          name: rook-nfs-server
          namespace: rook-nfs
      roleRef:
        kind: ClusterRole
        name: rook-nfs-provisioner-runner
        apiGroup: rbac.authorization.k8s.io
  2. Apply this YAML to create a PersistentVolumeClaim (PVC) for the NFS server. Make sure the PVC size is large enough to support all future volumes requested from this server; a size of 200Gi is recommended. You must replace the value of <rwo-storage-class> with the RWO storage class you intend to use.

    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: nfs-pwx-claim
      namespace: rook-nfs
    spec:
      storageClassName: <rwo-storage-class>
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 200Gi
  3. Apply this YAML to deploy the NFS server:

    apiVersion: nfs.rook.io/v1alpha1
    kind: NFSServer
    metadata:
      name: rook-nfs
      namespace: rook-nfs
    spec:
      replicas: 1
      exports:
      - name: share1
        server:
          accessMode: ReadWrite
          squash: "none"
        # A Persistent Volume Claim must be created before creating NFS CRD instance.
        persistentVolumeClaim:
          claimName: nfs-pwx-claim
      # A key/value list of annotations
      annotations:
        rook: nfs
  4. Verify that the server pod is running:

    oc get pods -n rook-nfs

    You should get a message similar to the following:

    NAME         READY   STATUS    RESTARTS   AGE
    rook-nfs-0   2/2     Running   0          55s

Creating the storage class

Create a storage class for the Platform UI to use by applying this YAML:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  labels:
    app: rook-nfs
  name: integration-storage
parameters:
  exportName: share1
  nfsServerName: rook-nfs
  nfsServerNamespace: rook-nfs
provisioner: nfs.rook.io/rook-nfs-provisioner
reclaimPolicy: Delete
volumeBindingMode: Immediate