Advanced Gateway Configuration

Overview

CloudCasa starts a pod on the cluster where NFS and SMB storage is being accessed for backups and other operations. Some sites have complex requirements regarding labels, annotations, requests, limits, etc. that must be applied to this pod. The Customize gateway parameters section under Advanced options in the Edit Storage page allows administrators to configure these properties using YAML.

The YAML document for this has the following schema:

# This section applies a common label and annotation to ALL resources
# created for this specific gateway.
common:
  annotations:
    contact-person:
  labels:

# ===================================================================
# FS S3 Gateway Specific Customizations
# ===================================================================
fs:
  # --- Customizations for the PersistentVolume ---
  pv:
    labels:
    annotations:

  # --- Customizations for the PersistentVolumeClaim ---
  pvc:
    labels:
    annotations:

  # --- Customizations for the Secret ---
  secret:
    labels:
    annotations:

  # --- Customizations for the NetworkPolicy ---
  network-policy:
    labels:
    annotations:

  # --- Customizations for the Service ---
  service:
    labels:
    annotations:
    # Test changing the port name.
    portName:

  # --- Customizations for the Deployment object itself ---
  deployment:
    labels:
    annotations:

  # --- Customizations for the Pod template within the Deployment ---
  pod:
    labels:
    annotations:
    # Test adding a toleration to allow scheduling on specific nodes.
    tolerations:
      - key:
        operator:
        effect:
    # Test setting a specific Pod-level security context.
    securityContext:
      fsGroup:
      runAsUser:
      runAsGroup:
      runAsNonRoot:

  # --- Customizations for the main Container within the Pod ---
  container:
    # Test overriding default resource requests and limits.
    requests:
      cpu:
      memory:
    limits:
      cpu:
      memory:
    # Test adding a new environment variable.
    env:
      - name:
        value:
    # Test setting a restrictive container-level security context.
    securityContext:
      allowPrivilegeEscalation:
      readOnlyRootFilesystem:
      capabilities:

Example

Here is an example that configures CPU and memory requests and limits for the gateway pod:

fs:
  container:
    requests:
      cpu: "250m"
      memory: "350Mi"
    limits:
      cpu: "550m"
      memory: "650Mi"

Notes

  • Users must provide the entire securityContext section.

  • Annotations and labels set in the common section will be overwritten by the values set at the resource level.