Setting up dynamic provisioning

NFS does not support dynamic storage provisioning by default, and Red Hat® OpenShift® does not include a provisioner plug-in to create an NFS storage class. Therefore, you must set up dynamic storage provisioning on your NFS server.

Installation phase: Setting up a client workstation; Setting up a cluster; Collecting required information; Preparing to run installs in a restricted network; Preparing to run installs from a private container registry; Preparing the cluster for Cloud Pak for Data; Preparing to install an instance of Cloud Pak for Data; Installing an instance of Cloud Pak for Data
Who needs to complete this task?: A cluster administrator must complete this task.
When do you need to complete this task?: If you plan to use NFS storage, you must set up dynamic provisioning before you install Cloud Pak for Data.

Before you begin

Best practice: You can run many of the commands in this task exactly as written if you set up environment variables for your installation. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

If you are installing any of the following services on Cloud Pak for Data, ensure your NFS server is configured before you set up dynamic provisioning:

DataStage®
Db2®
Db2 Warehouse
IBM® Knowledge Catalog
OpenPages®
Big SQL
Watson™ Query

About this task

The steps in this procedure use the Kubernetes NFS-Client Provisioner (from the Kubernetes SIGs organization) to set up dynamic provisioning with NFS storage.

Important: You must have an existing NFS server to complete this task. Ensure that you know how to connect to your NFS server. At a minimum, you must have the hostname of the server.

Your NFS server must be accessible from your Red Hat OpenShift Container Platform cluster.

Mirroring the provisioner images to a private container registry

If you pull images from a private container registry, mirror the images for the Kubernetes NFS-Client Provisioner to your private container registry. Complete the appropriate task for your environment:

If your client workstation can connect to the internet and to the private container registry, you can mirror the images directly to your private container registry.
If your client workstation cannot connect to the internet and to the private container registry, you must mirror images to an intermediary container registry before you can mirror the images to your private container registry.

Mirroring the provisioner images directly to a private container registry

To mirror the images for the Kubernetes NFS-Client Provisioner to your private container registry:

Log in to your private container registry:
```
cpd-cli manage login-private-registry \
${PRIVATE_REGISTRY_LOCATION} \
${PRIVATE_REGISTRY_PUSH_USER} \
${PRIVATE_REGISTRY_PUSH_PASSWORD}
```
If your private registry is not secured, omit the following arguments:
- ${PRIVATE_REGISTRY_PUSH_USER}
- ${PRIVATE_REGISTRY_PUSH_PASSWORD}

Mirror the images to the private container registry:

cpd-cli manage mirror-nfs-provisioner \
--target_registry=${PRIVATE_REGISTRY_LOCATION} \
--source_registry=registry.k8s.io/sig-storage

Mirroring the provisioner images using an intermediary container registry

To mirror the images for the Kubernetes NFS-Client Provisioner to your private container registry:

Mirror the images to the intermediary container registry:

cpd-cli manage mirror-nfs-provisioner \
--target_registry=127.0.0.1:12443 \
--source_registry=registry.k8s.io/sig-storage

Move the intermediary container registry behind the firewall.
Log in to your private container registry:
```
cpd-cli manage login-private-registry \
${PRIVATE_REGISTRY_LOCATION} \
${PRIVATE_REGISTRY_PUSH_USER} \
${PRIVATE_REGISTRY_PUSH_PASSWORD}
```
If your private registry is not secured, omit the following arguments:
- ${PRIVATE_REGISTRY_PUSH_USER}
- ${PRIVATE_REGISTRY_PUSH_PASSWORD}

Mirror the images to the private container registry:

cpd-cli manage mirror-nfs-provisioner \
--target_registry=${PRIVATE_REGISTRY_LOCATION} \
--source_registry=127.0.0.1:12443

Configuring dynamic storage

To configure dynamic storage:

Log the cpd-cli in to the Red Hat OpenShift Container Platform cluster:
```
${CPDM_OC_LOGIN}
```
Remember: CPDM_OC_LOGIN is an alias for the cpd-cli manage login-to-ocp command.
If you mirrored the images to a private container registry, update the global image pull secret so that the cluster can access the Kubernetes NFS-Client Provisioner images.
The global image pull secret must contain the credentials of an account that can pull images from the private container registry:
```
cpd-cli manage add-cred-to-global-pull-secret \
--registry=${PRIVATE_REGISTRY_LOCATION} \
--registry_pull_user=${PRIVATE_REGISTRY_PULL_USER} \
--registry_pull_password=${PRIVATE_REGISTRY_PULL_PASSWORD}
```
Set the following environment variables:
1. Set NFS_SERVER_LOCATION environment variable to the IP address or fully qualified domain name (FQDN) of the NFS server:
```
export NFS_SERVER_LOCATION=<server-address>
```
2. Set NFS_PATH environment variable to the exported path where you want the provisioner to create sub-directories. (The default path is /.)
```
export NFS_PATH=<path>
```
3. Set PROJECT_NFS_PROVISIONER environment variable to the project (namespace) where you want to deploy the Kubernetes NFS-Client Provisioner provisioner. The recommended project is nfs-provisioner; however, you can specify any project.
  Important: You must specify an existing project (namespace).
```
export PROJECT_NFS_PROVISIONER=<project-name>
```
4. Set NFS_STORAGE_CLASS environment variable to the name that you want to use for the NFS storage class:
```
export NFS_STORAGE_CLASS=<storage-class-name>
```
  By default, the documentation uses managed-nfs-storage, but you can pick a different storage class name.
5. Set the NFS_IMAGE environment variable to the location and name of the nfs-subdir-external-provisioner image to use to set up dynamic provisioning:
  Public registry
```
export NFS_IMAGE=registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
```
  Private container registry
```
export NFS_IMAGE=${PRIVATE_REGISTRY_LOCATION}/nfs-subdir-external-provisioner:v4.0.2
```

Run the following command to set up dynamic provisioning:

cpd-cli manage setup-nfs-provisioner \
--nfs_server=${NFS_SERVER_LOCATION} \
--nfs_path=${NFS_PATH} \
--nfs_provisioner_ns=${PROJECT_NFS_PROVISIONER} \
--nfs_storageclass_name=${NFS_STORAGE_CLASS} \
--nfs_provisioner_image=${NFS_IMAGE}

If the command succeeds, the storage class is ready to use.

Add the mountOptions entry to the storage class.
Important: The nfsvers=3 option is required for the following services:
- DataStage
- Db2
- Db2 Warehouse
- IBM Knowledge Catalog
- OpenPages
- Big SQL
- Watson Query
However, the option is highly recommended for all environments.
Run the following command to update the storage class:
```
oc patch storageclass ${NFS_STORAGE_CLASS} \
--type='json' \
--patch='[{"op": "replace", "path": "/mountOptions", "value": ["nfsvers=3", "nolock"]}]'
```