From 4255645aab76922299313000a3ecdec3319a293a Mon Sep 17 00:00:00 2001
From: yasuk <30585565+ShuheiYsk@users.noreply.github.com>
Date: Mon, 19 Aug 2019 15:37:32 +0900
Subject: [PATCH 1/2] Update usage.md
Editing restricted SCC is not recommended.
In case adding hostpath to restricted SCC, and then rebooting OS, critical pods such as "apiserver [namespace: kube-servivce-catalogue]" and "kube-state-metrics [namespace: openshift-monitoring]" don't be able to run anymore.
So workaround is creating new SCC to allow hostpath as I modified.
---
docs/usage.md | 45 ++++++++++++++++++++++++++++++++++++++-------
1 file changed, 38 insertions(+), 7 deletions(-)
diff --git a/docs/usage.md b/docs/usage.md
index 918f5131..eb22abec 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -283,16 +283,47 @@ https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-vo
To get started, in an OpenShift environment, we need to relax the security of your cluster, so pods are allowed to
use the **hostPath** volume plugin without granting everyone access to the privileged **SCC**:
-1. Edit the restricted SCC:
+1. Create new SCC to allow hostpath:
```
-$ oc edit scc restricted
+$ oc create -f - << EOF
+---
+allowHostDirVolumePlugin: true
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegeEscalation: true
+allowPrivilegedContainer: false
+allowedCapabilities: null
+apiVersion: security.openshift.io/v1
+defaultAddCapabilities: null
+fsGroup:
+ type: MustRunAs
+groups:
+- system:authenticated
+kind: SecurityContextConstraints
+metadata:
+ name: hostpath
+priority: null
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+- KILL
+- MKNOD
+- SETUID
+- SETGID
+runAsUser:
+ type: MustRunAsRange
+seLinuxContext:
+ type: MustRunAs
+supplementalGroups:
+ type: RunAsAny
+users: []
+volumes:
+- hostPath
+EOF
```
-2. Add `allowHostDirVolumePlugin: true`
-
-3. Save the changes
-
-4. Restart node service (master node).
+2. Restart node service (master node).
```
$ sudo systemctl restart origin-node.service
```
From 33b96b1803554df05525af851ddd3b9e32936b11 Mon Sep 17 00:00:00 2001
From: yasuk <30585565+ShuheiYsk@users.noreply.github.com>
Date: Mon, 19 Aug 2019 16:09:32 +0900
Subject: [PATCH 2/2] Update usage.md , add storage class options.
Add StorageClass Options.
- cpg
- snapcpg
- backend
- fsOwner
Modify Storage Class Optiion.
- provisioning parameter 'thick' to 'full'
---
docs/usage.md | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/docs/usage.md b/docs/usage.md
index eb22abec..d7a1814e 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -357,7 +357,7 @@ EOF
| StorageClass Options | Type | Parameters | Example |
|----------------------|---------|--------------------------------------------|----------------------------------|
| size | integer | - | size: "10" |
-| provisioning | String | thin, thick | provisioning: "thin" |
+| provisioning | String | thin, full | provisioning: "thin" |
| flash-cache | String | true, false | flash-cache: "true" |
| compression | boolean | true, false | compression: "true" |
| MountConflictDelay | integer | - | MountConflictDelay: "30" |
@@ -368,6 +368,10 @@ EOF
| retentionHours | integer | option of virtualCopyOf | retentionHours: "10" |
| accessModes | String | ReadWriteOnce | accessModes:
- ReadWriteOnce |
| replicationGroup | String | 3PAR RCG name | replicationGroup: "Test-RCG" |
+| cpg | String | 3PAR CPG name | cpg: 'SSD_r6' |
+| snapcpg | String | 3PAR snapCPG name | cpg: 'FC_r6' |
+| backend | String | 3PAR name which defined in hpe.conf | bankend: '3PAR1' |
+| fsOwner | String | User ID and Group ID | fsOwner: '1001:1001' |
### Persistent Volume Claim Example