Skip to main content
A newer release of this product is available.

Prepare the worker node

Contributors juliantap

All of the worker nodes in the Kubernetes cluster need to be able to mount the volumes that you have provisioned for your pods. If you are using the ontap-nas, ontap-nas-economy, or ontap-nas-flexgroup driver for one of your backends, your worker nodes need the NFS tools. Otherwise they require the iSCSI tools.

Recent versions of RedHat CoreOS have both NFS and iSCSI installed by default.

Warning You should always reboot your worker nodes after installing the NFS or iSCSI tools, or else attaching volumes to containers might fail.

Node service discovery

Beginning in 22.07, Astra Trident attempts to automatically detect if the node is capable of running iSCSI or NFS services. Astra Trident creates events for the node to identify the services discovered. You can review these events using the command:

kubectl get event -A --field-selector involvedObject.name=<Kubernetes node name>

Trident also identifies services enabled for each node on the Trident node CR. To view the discovered services, use the command:

tridentctl get node -o wide -n <Trident namespace>
Note Node service discovery identifies discovered services but does not guarantee services are properly configured. Conversely, the absence of a discovered service does not guarantee the volume mount will fail.

NFS volumes

Protocol Operating system Commands

NFS

RHEL/CentOS 7

sudo yum install -y nfs-utils

NFS

Ubuntu

sudo apt-get install -y nfs-common

Note You should ensure that the NFS service is started up during boot time.

iSCSI volumes

Consider the following when using iSCSI volumes:

  • Each node in the Kubernetes cluster must have a unique IQN. This is a necessary prerequisite.

  • If using RHCOS version 4.5 or later, or other RHEL-compatible Linux distribution, with the solidfire-san driver and Element OS 12.5 or earlier, ensure that the CHAP authentication algorithm is set to MD5 in /etc/iscsi/iscsid.conf. Secure FIPS-compliant CHAP algorithms SHA1, SHA-256, and SHA3-256 are available with Element 12.7.

    sudo sed -i 's/^\(node.session.auth.chap_algs\).*/\1 = MD5/' /etc/iscsi/iscsid.conf
  • When using worker nodes that run RHEL/RedHat CoreOS with iSCSI PVs, make sure to specify the discard mountOption in the StorageClass to perform inline space reclamation. See RedHat’s documentation.

Protocol Operating system Commands

iSCSI

RHEL/CentOS

  1. Install the following system packages:

    sudo yum install -y lsscsi iscsi-initiator-utils sg3_utils device-mapper-multipath

  2. Check that iscsi-initiator-utils version is 6.2.0.874-2.el7 or later:

    rpm -q iscsi-initiator-utils

  3. Set scanning to manual:

    sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf

  4. Enable multipathing:

    sudo mpathconf --enable --with_multipathd y --find_multipaths n

    Note Ensure etc/multipath.conf contains find_multipaths no under defaults.
  5. Ensure that iscsid and multipathd are running:

    sudo systemctl enable --now iscsid multipathd

  6. Enable and start iscsi:

    sudo systemctl enable --now iscsi

iSCSI

Ubuntu

  1. Install the following system packages:

    sudo apt-get install -y open-iscsi lsscsi sg3-utils multipath-tools scsitools

  2. Check that open-iscsi version is 2.0.874-5ubuntu2.10 or later (for bionic) or 2.0.874-7.1ubuntu6.1 or later (for focal):

    dpkg -l open-iscsi

  3. Set scanning to manual:

    sudo sed -i 's/^\(node.session.scan\).*/\1 = manual/' /etc/iscsi/iscsid.conf

  4. Enable multipathing:

    sudo tee /etc/multipath.conf <←'EOF'
    defaults {
    user_friendly_names yes
    find_multipaths no
    }
    EOF
    sudo systemctl enable --now multipath-tools.service
    sudo service multipath-tools restart

    Note Ensure etc/multipath.conf contains find_multipaths no under defaults.
  5. Ensure that open-iscsi and multipath-tools are enabled and running:

    sudo systemctl status multipath-tools
    sudo systemctl enable --now open-iscsi.service
    sudo systemctl status open-iscsi

Note For Ubuntu 18.04, you must discover target ports with iscsiadm before starting open-iscsi for the iSCSI daemon to start. You can alternatively modify the iscsi service to start iscsid automatically.