Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 6. Configure storage for OpenShift Container Platform services

You can use OpenShift Data Foundation to provide storage for OpenShift Container Platform services such as the following:

  • OpenShift image registry
  • OpenShift monitoring
  • OpenShift logging (Loki)

The process for configuring storage for these services depends on the infrastructure used in your OpenShift Data Foundation deployment.

Warning

Always ensure that you have a plenty of storage capacity for the following OpenShift services that you configure:

  • OpenShift image registry
  • OpenShift monitoring
  • OpenShift logging (Loki)
  • OpenShift tracing platform (Tempo)

If the storage for these critical services runs out of space, the OpenShift cluster becomes inoperable and very difficult to recover.

Red Hat recommends configuring shorter curation and retention intervals for these services. See Configuring the Curator schedule and the Modifying retention time for Prometheus metrics data of Monitoring guide in the OpenShift Container Platform documentation for details.

If you do run out of storage space for these services, contact Red Hat Customer Support.

OpenShift Container Platform provides a built in Container Image Registry which runs as a standard workload on the cluster. A registry is typically used as a publication target for images built on the cluster as well as a source of images for workloads running on the cluster.

Follow the instructions in this section to configure OpenShift Data Foundation as storage for the Container Image Registry. On AWS, it is not required to change the storage for the registry. However, it is recommended to change the storage to OpenShift Data Foundation Persistent Volume for vSphere and Bare metal platforms.

Warning

This process does not migrate data from an existing image registry to the new image registry. If you already have container images in your existing registry, back up your registry before you complete this process, and re-register your images when this process is complete.

Prerequisites

  • Administrative access to OpenShift Web Console.
  • OpenShift Data Foundation Operator is installed and running in the openshift-storage namespace. In OpenShift Web Console, click Operators Installed Operators to view installed operators.
  • Image Registry Operator is installed and running in the openshift-image-registry namespace. In OpenShift Web Console, click Administration Cluster Settings Cluster Operators to view cluster operators.
  • A storage class with provisioner openshift-storage.cephfs.csi.ceph.com is available. In OpenShift Web Console, click Storage StorageClasses to view available storage classes.

Procedure

  1. Create a Persistent Volume Claim for the Image Registry to use.

    1. In the OpenShift Web Console, click Storage Persistent Volume Claims.
    2. Set the Project to openshift-image-registry.

    3. Click Create Persistent Volume Claim.

      1. From the list of available storage classes retrieved above, specify the Storage Class with the provisioner openshift-storage.cephfs.csi.ceph.com.
      2. Specify the Persistent Volume Claim Name, for example, ocs4registry.
      3. Specify an Access Mode of Shared Access (RWX).
      4. Specify a Size of at least 100 GB.

      5. Click Create.

        Wait until the status of the new Persistent Volume Claim is listed as Bound.

  2. Configure the cluster’s Image Registry to use the new Persistent Volume Claim.

    1. Click Administration Custom Resource Definitions.
    2. Click the Config custom resource definition associated with the imageregistry.operator.openshift.io group.
    3. Click the Instances tab.
    4. Beside the cluster instance, click the Action Menu (⋮) Edit Config.

    5. Add the new Persistent Volume Claim as persistent storage for the Image Registry.

      1. Add the following under spec:, replacing the existing storage: section if necessary. 

          storage:
    pvc:
      claim: <new-pvc-name>

        For example: 

          storage:
    pvc:
      claim: ocs4registry
      2. Click Save.

  3. Verify that the new configuration is being used.

    1. Click Workloads Pods.
    2. Set the Project to openshift-image-registry.
    3. Verify that the new image-registry-* pod appears with a status of Running, and that the previous image-registry-* pod terminates.
    4. Click the new image-registry-* pod to view pod details.
    5. Scroll down to Volumes and verify that the registry-storage volume has a Type that matches your new Persistent Volume Claim, for example, ocs4registry.

You can use Multicloud Object Gateway (MCG) as OpenShift Container Platform (OCP) Image Registry backend storage in an on-prem OpenShift deployment.

To configure MCG as a backend storage for the OCP image registry, follow the steps mentioned in the procedure.

Prerequisites

  • Administrative access to OCP Web Console.
  • A running OpenShift Data Foundation cluster with MCG.

Procedure

  1. Create ObjectBucketClaim by following the steps in Creating Object Bucket Claim.

  2. Create an image-registry-private-configuration-user secret.

    1. Go to the OpenShift web-console.
    2. Click ObjectBucketClaim -→ ObjectBucketClaim Data.
    3. In the ObjectBucketClaim data, look for MCG access key and MCG secret key in the openshift-image-registry namespace.

    4. Create the secret using the following command: 

      $ oc create secret generic image-registry-private-configuration-user --from-literal=REGISTRY_STORAGE_S3_ACCESSKEY=<MCG Accesskey> --from-literal=REGISTRY_STORAGE_S3_SECRETKEY=<MCG Secretkey> --namespace openshift-image-registry

  3. Change the status of managementState of Image Registry Operator to Managed. 

    $ oc patch configs.imageregistry.operator.openshift.io/cluster --type merge -p '{"spec": {"managementState": "Managed"}}'

  4. Edit the spec.storage section of Image Registry Operator configuration file:

    1. Get the unique-bucket-name and regionEndpoint under the Object Bucket Claim Data section from the Web Console OR you can also get the information on regionEndpoint and unique-bucket-name from the command: 

       $ oc describe  noobaa

    2. Add regionEndpoint as http://<Endpoint-name>:<port> if the

      • storageclass is ceph-rgw storageclass and the
      • endpoint points to the internal SVC from the openshift-storage namespace.

    3. An image-registry pod spawns after you make the changes to the Operator registry configuration file. 

      $ oc edit configs.imageregistry.operator.openshift.io -n openshift-image-registry
apiVersion: imageregistry.operator.openshift.io/v1
kind: Config
metadata:
[..]
name: cluster
spec:
[..]
storage:
s3:

  bucket: <Unique-bucket-name>

  region: us-east-1 (Use this region as default)

  regionEndpoint: https://<Endpoint-name>:<port>

  virtualHostedStyle: false

  5. Reset the image registry settings to default. 

    $ oc get pods -n openshift-image-registry

Verification steps

  • Run the following command to check if you have configured the MCG as OpenShift Image Registry backend storage successfully. 

    $ oc get pods -n openshift-image-registry

    Example output

    $ oc get pods -n openshift-image-registry

NAME        	                                   READY   STATUS     RESTARTS    AGE

cluster-image-registry-operator-56d78bc5fb-bxcgv   2/2 	   Running 	    0         44d
image-pruner-1605830400-29r7k                  	   0/1 	   Completed    0         10h
image-registry-b6c8f4596-ln88h                 	   1/1 	   Running 	    0         17d
node-ca-2nxvz                                  	   1/1 	   Running    	0         44d
node-ca-dtwjd                                  	   1/1 	   Running 	    0         44d
node-ca-h92rj                                  	   1/1 	   Running 	    0         44d
node-ca-k9bkd                                  	   1/1 	   Running 	    0         44d
node-ca-stkzc                                  	   1/1 	   Running 	    0         44d
node-ca-xn8h4                                  	   1/1 	   Running 	    0         44d

  • (Optional) You can also the run the following command to verify if you have configured the MCG as OpenShift Image Registry backend storage successfully. 

    $ oc describe pod <image-registry-name>

    Example output

    $ oc describe pod image-registry-b6c8f4596-ln88h

Environment:

      REGISTRY_STORAGE_S3_REGIONENDPOINT:      http://s3.openshift-storage.svc

      REGISTRY_STORAGE:                        s3

      REGISTRY_STORAGE_S3_BUCKET:              bucket-registry-mcg

      REGISTRY_STORAGE_S3_REGION:              us-east-1

      REGISTRY_STORAGE_S3_ENCRYPT:             true

      REGISTRY_STORAGE_S3_VIRTUALHOSTEDSTYLE:  false

      REGISTRY_STORAGE_S3_USEDUALSTACK:        true

      REGISTRY_STORAGE_S3_ACCESSKEY:           <set to the key 'REGISTRY_STORAGE_S3_ACCESSKEY' in secret 'image-registry-private-configuration'> Optional: false

      REGISTRY_STORAGE_S3_SECRETKEY:           <set to the key 'REGISTRY_STORAGE_S3_SECRETKEY' in secret 'image-registry-private-configuration'> Optional: false

      REGISTRY_HTTP_ADDR:                      :5000

      REGISTRY_HTTP_NET:                       tcp

      REGISTRY_HTTP_SECRET:                    57b943f691c878e342bac34e657b702bd6ca5488d51f839fecafa918a79a5fc6ed70184cab047601403c1f383e54d458744062dcaaa483816d82408bb56e686f

      REGISTRY_LOG_LEVEL:                      info

      REGISTRY_OPENSHIFT_QUOTA_ENABLED:        true

      REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR:   inmemory

      REGISTRY_STORAGE_DELETE_ENABLED:         true

      REGISTRY_OPENSHIFT_METRICS_ENABLED:      true

      REGISTRY_OPENSHIFT_SERVER_ADDR:          image-registry.openshift-image-registry.svc:5000

      REGISTRY_HTTP_TLS_CERTIFICATE:           /etc/secrets/tls.crt

      REGISTRY_HTTP_TLS_KEY:                   /etc/secrets/tls.key

6.3. Configuring monitoring to use OpenShift Data Foundation
Copier lien

OpenShift Data Foundation provides a monitoring stack that comprises of Prometheus and Alert Manager.

Follow the instructions in this section to configure OpenShift Data Foundation as storage for the monitoring stack.

Important

Monitoring will not function if it runs out of storage space. Always ensure that you have plenty of storage capacity for monitoring.

Red Hat recommends configuring a short retention interval for this service. See the Modifying retention time for Prometheus metrics data of Monitoring guide in the OpenShift Container Platform documentation for details.

Prerequisites

  • Administrative access to OpenShift Web Console.
  • OpenShift Data Foundation Operator is installed and running in the openshift-storage namespace. In the OpenShift Web Console, click Operators Installed Operators to view installed operators.
  • Monitoring Operator is installed and running in the openshift-monitoring namespace. In the OpenShift Web Console, click Administration Cluster Settings Cluster Operators to view cluster operators.
  • A storage class with provisioner openshift-storage.rbd.csi.ceph.com is available. In the OpenShift Web Console, click Storage StorageClasses to view available storage classes.

Procedure

  1. In the OpenShift Web Console, go to Workloads Config Maps.
  2. Set the Project dropdown to openshift-monitoring.
  3. Click Create Config Map.

  4. Define a new cluster-monitoring-config Config Map using the following example.

    Replace the content in angle brackets (<, >) with your own values, for example, retention: 24h or storage: 40Gi.

    Replace the storageClassName with the storageclass that uses the provisioner openshift-storage.rbd.csi.ceph.com. In the example given below the name of the storageclass is ocs-storagecluster-ceph-rbd.

    Example cluster-monitoring-config Config Map

    apiVersion: v1
kind: ConfigMap
metadata:
  name: cluster-monitoring-config
  namespace: openshift-monitoring
data:
  config.yaml: |
      prometheusK8s:
        retention: <time to retain monitoring files, for example 24h>
        volumeClaimTemplate:
          metadata:
            name: ocs-prometheus-claim
          spec:
            storageClassName: ocs-storagecluster-ceph-rbd
            resources:
              requests:
                storage: <size of claim, e.g. 40Gi>
      alertmanagerMain:
        volumeClaimTemplate:
          metadata:
            name: ocs-alertmanager-claim
          spec:
            storageClassName: ocs-storagecluster-ceph-rbd
            resources:
              requests:
                storage: <size of claim, e.g. 40Gi>

  5. Click Create to save and create the Config Map.

Verification steps

  1. Verify that the Persistent Volume Claims are bound to the pods.

    1. Go to Storage Persistent Volume Claims.
    2. Set the Project dropdown to openshift-monitoring.

    3. Verify that 5 Persistent Volume Claims are visible with a state of Bound, attached to three alertmanager-main-* pods, and two prometheus-k8s-* pods.

      Figure 6.1. Monitoring storage created and bound

      Screenshot of OpenShift Web Console showing five pods with persistent volume claims bound in the openshift-monitoring project

  2. Verify that the new alertmanager-main-* pods appear with a state of Running.

    1. Go to Workloads Pods.
    2. Click the new alertmanager-main-* pods to view the pod details.

    3. Scroll down to Volumes and verify that the volume has a Type, ocs-alertmanager-claim that matches one of your new Persistent Volume Claims, for example, ocs-alertmanager-claim-alertmanager-main-0.

      Figure 6.2. Persistent Volume Claims attached to alertmanager-main-* pod

      Screenshot of OpenShift Web Console showing persistent volume claim attached to the altermanager pod

  3. Verify that the new prometheus-k8s-* pods appear with a state of Running.

    1. Click the new prometheus-k8s-* pods to view the pod details.

    2. Scroll down to Volumes and verify that the volume has a Type, ocs-prometheus-claim that matches one of your new Persistent Volume Claims, for example, ocs-prometheus-claim-prometheus-k8s-0.

      Figure 6.3. Persistent Volume Claims attached to prometheus-k8s-* pod

      Screenshot of OpenShift Web Console showing persistent volume claim attached to the prometheus pod

6.4. Overprovision level policy control
Copier lien

Overprovision control is a mechanism that enables you to define a quota on the amount of Persistent Volume Claims (PVCs) consumed from a storage cluster, based on the specific application namespace.

When you enable the overprovision control mechanism, it prevents you from overprovisioning the PVCs consumed from the storage cluster. OpenShift provides flexibility for defining constraints that limit the aggregated resource consumption at cluster scope with the help of ClusterResourceQuota. For more information see, OpenShift ClusterResourceQuota.

With overprovision control, a ClusteResourceQuota is initiated, and you can set the storage capacity limit for each storage class.

For more information about OpenShift Data Foundation deployment, refer to Product Documentation and select the deployment procedure according to the platform.

Prerequisites

  • Ensure that the OpenShift Data Foundation cluster is created.

Procedure

  1. Deploy storagecluster either from the command line interface or the user interface.

  2. Label the application namespace. 

    apiVersion: v1
kind: Namespace
metadata:
     name: <desired_name>
     labels:
          storagequota: <desired_label>
    <desired_name>
    Specify a name for the application namespace, for example, quota-rbd.
    <desired_label>
    Specify a label for the storage quota, for example, storagequota1.

  3. Edit the storagecluster to set the quota limit on the storage class. 

    $ oc edit storagecluster -n openshift-storage <ocs_storagecluster_name>
    <ocs_storagecluster_name>
    Specify the name of the storage cluster.

  4. Add an entry for Overprovision Control with the desired hard limit into the StorageCluster.Spec: 

    apiVersion: ocs.openshift.io/v1
kind: StorageCluster
spec:
 [...]
     overprovisionControl:
     - capacity: <desired_quota_limit>
          storageClassName: <storage_class_name>
          quotaName: <desired_quota_name>
          selector:
            labels:
                   matchLabels:
                    storagequota: <desired_label>
[...]
    <desired_quota_limit>
    Specify a desired quota limit for the storage class, for example, 27Ti.
    <storage_class_name>
    Specify the name of the storage class for which you want to set the quota limit, for example, ocs-storagecluster-ceph-rbd.
    <desired_quota_name>
    Specify a name for the storage quota, for example, quota1.
    <desired_label>
    Specify a label for the storage quota, for example, storagequota1.
  5. Save the modified storagecluster.

  6. Verify that the clusterresourcequota is defined.

    Note

    Expect the clusterresourcequota with the quotaName that you defined in the previous step, for example, quota1. 

    $ oc get clusterresourcequota -A

$ oc describe clusterresourcequota -A

6.5. Cluster logging for OpenShift Data Foundation
Copier lien

You can deploy cluster logging to aggregate logs for a range of OpenShift Container Platform services.

For information about how to install and configure the cluster logging operator, see Installing Red Hat OpenShift Logging Operator and Loki object storage.

Important

If there is no retention period defined on the s3 bucket or in the LokiStack custom resource (CR), then the logs are not pruned and they stay in the s3 bucket forever, which might fill up the s3 storage. For directions to configure retention policies, see Enabling stream-based retention with Loki.

Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2026 Red HatRetour au début