Enabling users to connect to external SMB storage volumes
To enable users to connect to remote SMB storage volumes from IBM® Cloud Pak for Data a cluster administrator must install the
SMB CSI Driver for Kubernetes to enable the
cluster to communicate with your remote SMB volumes. Then the administrator must create a cluster
role and cluster role binding to grant the
meta-api the appropriate permissions to
provision persistent volumes.
About this task
- Permissions you need for this task
- You must be a cluster administrator.
- When you need to complete this task
- Complete this task only if you want to enable Cloud Pak for Data users to connect to storage volumes on an SMB
file share server.Note: The External SMB option is always visible on the New storage volume page. However, if you do not complete this task, users cannot connect to SMB storage volumes from the New storage volume page or through the Volumes API.
To enable users to connect to a remote SMB storage volume:
- Log on to Red Hat® OpenShift® Container Platform as a
user with sufficient permissions to complete this task:
oc login OpenShift_URL:port
- Install the SMB CSI Driver for Kubernetes (
csi-smb-driver) on the cluster. For details, see the readme for the driver.
csi-smb-driveris provided by the Kubernetes CSI organization, which provides Kubernetes specific Constainer-Storage-Interface (CSI) components.
- Run the following command to create the required cluster role and cluster role binding
meta-api.Tip: The same role binding is required to use external NFS storage volumes. If you already completed Enabling users to create NFS storage volumes, this role binding already exists.
cat <<EOF | oc apply -f - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: # "namespace" omitted. ClusterRoles are not scoped to a namespace. name: ibm-zen-volumes-cluster-role rules: - apiGroups: [""] # # at the HTTP level, the name of the resource for accessing Secret # objects is "secrets" resources: ["persistentvolumes"] verbs: ["create", "get", "list", "patch", "update", "watch", "delete", "use"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ibm-zen-volumes-cluster-role-binding subjects: - kind: ServiceAccount name: ibm-zen-operator-serviceaccount namespace: ibm-common-services # The namespace where the IBM Cloud Pak foundational services are installed roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ibm-zen-volumes-cluster-role EOF