3.7. Persistent Storage

The firewall pod needs persistent storage to function properly. This storage will be used for configuration, diagnostic console logs, to store crashdumps and other persistent states. The example here is the simplest possible where storage provided by a hostPath volume. This only works reliably with a single worker node cluster or if the pod is pinned to a specific worker node by some other means, so, basically only for initial tests.

For production use a more advanced storage solution is needed. There are more examples distributed with the software using local storage or NFS to provide storage for the firewall, see netshield-ls-statefulset.yaml and netshield-nfs-statefulset.yaml, and associated files. From the firewall's perspective the important part is that storage exists and is mounted at this mountPath:

/mnt/storage.

[Note] Note: The .yaml files

The .yaml files referred above are provided in a separate file included in every release. The file name is typically named :

clavister-cos-stream-4.00.01.34-cnf-x64-generic-deploy.tar.gz

apiVersion: v1
kind: Pod
spec:
 containers:
  - name: netshield
    volumeMounts:

# The system expects persistent storage to be
# mounted/available at /mnt/storage.

  - mountPath: /mnt/storage
    name: storage
 volumes:
  - name: storage
    hostPath:
     path: /opt/netshield/storage/pod1
     type: Directory