1、权限设置
隔间policy中加下面策略:
ALLOW any-user to manage file-family in compartment where request.principal.type = 'cluster'
ALLOW any-user to use virtual-network-family in compartment where request.principal.type = 'cluster'
root tanancy policy加下面策略:
ALLOW any-user to manage file-family in TENANCY where request.principal.type = 'cluster'
ALLOW any-user to use virtual-network-family in TENANCY where request.principal.type = 'cluster'
2. 新增storageclass oke-fss-storageclass.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: oci-fss-storage
provisioner: fss.csi.oraclecloud.com
parameters:
availabilityDomain: AP-TOKYO-1-AD-1
mountTargetSubnetOcid: ocid1.mounttarget.oc1.ap_tokyo_1.aaaaaa4np2tzbxc4nzzhillqojxwiotboawxi33lpfxs2mjnmfsc2mia
compartmentOcid: ocid1.compartment.oc1..aaaaaaaa4kdyji4aquduhlggreitukbe6vveavmnjc5dszi5eim3m22qnpuq
exportPath: /oke-fss
encryptInTransit: "false"
kubectl apply -f oke-fss-storageclass.yaml
3、开通OKE Work node subnet子网安全组列表权限:允许Work node subnet子网所有协议内部开放。
4、测试PVC oke-fss-pvc.yaml
kind: PersistentVolumeClaim
metadata:
name: pvc-oke-fss
spec:
accessModes:
- ReadWriteMany
storageClassName: "oci-fss-storage"
resources:
requests:
storage: 50Gi
kubectl apply -f oke-fss-pvc.yaml