Consuming NFS exports externally from the cluster

NFS clients outside of the cluster can mount NFS exports created by a previously-created PVC.

Procedure

  1. After the nfs flag is enabled, singe-server CephNFS is deployed by Rook. You need to fetch the value of the ceph_nfs field for the nfs-ganesha server.
    The ceph_nfs field for the nfs-ganesha server are used in step 2.
    oc get pods -n openshift-storage | grep rook-ceph-nfs
    oc describe pod  <name of the rook-ceph-nfs pod> | grep ceph_nfs
    For example:
    oc describe pod rook-ceph-nfs-ocs-storagecluster-cephnfs-a-7bb484b4bf-bbdhs | grep ceph_nfs
      ceph_nfs=my-nfs
  2. Expose the NFS server outside of the Fusion Data Foundation cluster by creating a Kubernetes LoadBalancer Service.
    This example creates a LoadBalancer Service and references the NFS server created by Fusion Data Foundation.

    Replace <my-nfs> with the value you got in step 1.

    apiVersion: v1
    kind: Service
    metadata:
     name: rook-ceph-nfs-ocs-storagecluster-cephnfs-load-balancer
     namespace: openshift-storage
    spec:
     ports:
       - name: nfs
         port: 2049
     type: LoadBalancer
     externalTrafficPolicy: Local
     selector:
       app: rook-ceph-nfs
       ceph_nfs: <my-nfs>
       instance: a
  3. Collect connection information.

    The information external clients need to connect to an export comes from the Persistent Volume (PV) created for the PVC, and the status of the LoadBalancer Service created in step 2.

    1. Get the share path from the PV.
      1. Get the name of the PV associated with the NFS export’s PVC:
        oc get pvc <pvc_name> --output jsonpath='{.spec.volumeName}'
        pvc-39c5c467-d9d3-4898-84f7-936ea52fd99d
        Replace <pvc_name> with your own PVC name. For example:
        oc get pvc pvc-39c5c467-d9d3-4898-84f7-936ea52fd99d --output jsonpath='{.spec.volumeName}'
        pvc-39c5c467-d9d3-4898-84f7-936ea52fd99d
      2. Use the PV name obtained previously to get the NFS export’s share path:
        oc get pv pvc-39c5c467-d9d3-4898-84f7-936ea52fd99d --output jsonpath='{.spec.csi.volumeAttributes.share}'
        /0001-0011-openshift-storage-0000000000000001-ba9426ab-d61b-11ec-9ffd-0a580a800215
    2. Get an ingress address for the NFS server.
      A service’s ingress status may have multiple addresses. Choose the one desired to use for external clients. In the following example, there is only a single address: the host name ingress-id.somedomain.com.
      oc -n openshift-storage get service rook-ceph-nfs-ocs-storagecluster-cephnfs-load-balancer --output jsonpath='{.status.loadBalancer.ingress}'
      [{"hostname":"ingress-id.somedomain.com"}]
  4. Connect the external client using the share path and ingress address from the previous steps.
    The following example mounts the export to the client’s directory path /export/mount/path:
    mount -t nfs4 -o proto=tcp ingress-id.somedomain.com:/0001-0011-openshift-storage-0000000000000001-ba9426ab-d61b-11ec-9ffd-0a580a800215 /export/mount/path

    If this does not work immediately, it could be that the Kubernetes environment is still taking time to configure the network resources to allow ingress to the NFS server.