Branch: master
Find file History
Bruceforce [Cephfs] Improved docs
Added information about environment variables and
added PROVISIONER_SECRET_NAMESPACE rbac/deployment.yaml to put
the created secrets in the same namespace as the deployment.
Latest commit 1e28f53 Feb 12, 2019

CephFS Volume Provisioner for Kubernetes 1.5+

Docker Repository on Quay

Using Ceph volume client


Compile the provisioner


Make the container image and push to the registry

make push

Test instruction

  • Start Kubernetes local cluster


  • Create a Ceph admin secret
ceph auth get-key client.admin > /tmp/secret
kubectl create ns cephfs
kubectl create secret generic ceph-secret-admin --from-file=/tmp/secret --namespace=cephfs
  • Start CephFS provisioner

The following example uses cephfs-provisioner-1 as the identity for the instance and assumes kubeconfig is at /root/.kube. The identity should remain the same if the provisioner restarts. If there are multiple provisioners, each should have a different identity.

docker run -ti -v /root/.kube:/kube -v /var/run/kubernetes:/var/run/kubernetes --privileged --net=host /usr/local/bin/cephfs-provisioner -master= -kubeconfig=/kube/config -id=cephfs-provisioner-1

Alternatively, deploy it in kubernetes, see deployment.

  • Create a CephFS Storage Class

Replace Ceph monitor's IP in example/class.yaml with your own and create storage class:

kubectl create -f example/class.yaml
  • Create a claim
kubectl create -f example/claim.yaml
  • Create a Pod using the claim
kubectl create -f example/test-pod.yaml

Known limitations

  • Kernel CephFS doesn't work with SELinux, setting SELinux label in Pod's securityContext will not work.
  • Kernel CephFS doesn't support quota or capacity, capacity requested by PVC is not enforced or validated.
  • Currently each Ceph user created by the provisioner has allow r MDS cap to permit CephFS mount.


Inspired by CephFS Manila provisioner and conversation with John Spray