Fencing

For information regarding the fencing feature please see our Fencing concepts page.

Enabling Ondat to fence a pod

In order to allow Ondat to fence a pod scheduled on an unavailable node, a pod must have the following:

  • storageos.com/fenced=true label
  • At least one Ondat volume mounted
  • Each Ondat volume the pod mounts must have at least one healthy replica.
  • Fencing is not disabled across the Ondat cluster - DISABLE_FENCING environment variable is not set to true

N.B. Any pod that is to be fenced must meet the criteria above

A pod created by the StatefulSet manifest below would be able to be fenced. The pod has the storageos.com/fenced=true label, mounts a Ondat volume - vol and the Ondat volume has a replica. Note that volumeClaimTemplates inherit labels from the StatefulSet i.e. the replica label.

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: debian-stateful
spec:
  selector:
    matchLabels:
      app: "debian-stateful"
      storageos.com/fenced: "true"
      storageos.com/replicas: "1"
  serviceName: "default"
  replicas: 1
  template:
    metadata:
      labels:
        app: "debian-stateful"
        storageos.com/fenced: "true"
        storageos.com/replicas: "1"
    spec:
      containers:
      - name: debian
        image: debian:9-slim
        command: ["/bin/sleep"]
        args: [ "3600" ]
        volumeMounts:
        - name: vol
          mountPath: /mnt
  volumeClaimTemplates:
  - metadata:
      name: vol
    spec:
      accessModes: ["ReadWriteOnce"]
      storageClassName: "fast" # Ondat storageClass
      resources:
        requests:
          storage: 1Gi

Disable Fencing

Although fencing is enabled in a Ondat cluster by default, pods will not be fenced unless the conditions above are met.

However, to completely disable fencing in an Ondat cluster the environment variable DISABLE_FENCING=true can be set.