The firewall pod needs persistent storage to function properly. This storage will be used for configuration, diagnostic console logs, to store crashdumps and other persistent states. The example here is the simplest possible where storage provided by a hostPath volume. This only works reliably with a single worker node cluster or if the pod is pinned to a specific worker node by some other means, so, basically only for initial tests.
For production use a more advanced storage solution is needed. There are more examples distributed with the software using local storage or NFS to provide storage for the firewall, see netshield-ls-statefulset.yaml and netshield-nfs-statefulset.yaml, and associated files. From the firewall's perspective the important part is that storage exists and is mounted at this mountPath:
/mnt/storage.
![]() |
Note: The .yaml files |
---|---|
The .yaml files referred above are provided in a separate file included in every release. The file name is typically named : clavister-cos-stream-4.00.01.34-cnf-x64-generic-deploy.tar.gz |
apiVersion: v1 kind: Pod spec: containers: - name: netshield volumeMounts: # The system expects persistent storage to be # mounted/available at /mnt/storage. - mountPath: /mnt/storage name: storage volumes: - name: storage hostPath: path: /opt/netshield/storage/pod1 type: Directory