DirectPV runs under project directpv in Red Hat OpenShift. Project directpv is automatically created after successful DirectPV installation.
directpv namespace and DirectPV service account by adding system:serviceaccount:directpv:directpv-min-io to users section of YAML generated by command $ oc edit scc privilegedReadWriteMany volume access mode. The workloads using DirectPV run local to the node and are provisioned from local storage drives in the node. This allows the workloads to directly access data without any additional network hops, unlike remote volumes, network PVs, etc. The additional network hops may lead to poor performance and increases the complexity. With ReadWriteOnce access mode, DirectPV provides high performance storage for Pods.In a SELinux enabled system, pod may fail to start due to relabel failed error on suspended volume. As the suspended volumes are read-only, Kublet tries to do SELinux relabeling by lsetxattr system call to write extended attributes. This issue is fixable by adding spec.securityContext.seLinuxOptions.type: spc_t at pod level or container level along with appropriate Security Context Constraints (SCCs) in place. A complete detail is available at https://access.redhat.com/solutions/7025337. The following example shows how to set spc_t SELinux settings at pod level:
apiVersion: v1
kind: Pod
metadata:
name: sleep-pod
spec:
securityContext:
seLinuxOptions:
type: "spc_t" # Setting to fix the issue
volumes:
- name: sleep-volume
persistentVolumeClaim:
claimName: sleep-pvc
containers:
- name: sleep-container
image: example.org/test/sleep:v0.0.1
volumeMounts:
- mountPath: "/mnt"
name: sleep-volume