Importing virtual machine images to block storage with data volumes

You can import an existing virtual machine image into your OKD cluster. OKD Virtualization uses data volumes to automate the import of data and the creation of an underlying persistent volume claim (PVC).

When you import a disk image into a PVC, the disk image is expanded to use the full storage capacity that is requested in the PVC. To use this space, the disk partitions and file system(s) in the virtual machine might need to be expanded.

The resizing procedure varies based on the operating system that is installed on the virtual machine. See the operating system documentation for details.

Prerequisites

About data volumes

DataVolume objects are custom resources that are provided by the Containerized Data Importer (CDI) project. Data volumes orchestrate import, clone, and upload operations that are associated with an underlying persistent volume claim (PVC). Data volumes are integrated with OKD Virtualization, and they prevent a virtual machine from being started before the PVC has been prepared.

About block persistent volumes

A block persistent volume (PV) is a PV that is backed by a raw block device. These volumes do not have a file system and can provide performance benefits for virtual machines by reducing overhead.

Raw block volumes are provisioned by specifying volumeMode: Block in the PV and persistent volume claim (PVC) specification.

Creating a local block persistent volume

Create a local block persistent volume (PV) on a node by populating a file and mounting it as a loop device. You can then reference this loop device in a PV manifest as a Block volume and use it as a block device for a virtual machine image.

Procedure

  1. Log in as root to the node on which to create the local PV. This procedure uses node01 for its examples.

  2. Create a file and populate it with null characters so that it can be used as a block device. The following example creates a file loop10 with a size of 2Gb (20 100Mb blocks):

    1. $ dd if=/dev/zero of=<loop10> bs=100M count=20

  3. Mount the loop10 file as a loop device.

    1. $ losetup </dev/loop10>d3 <loop10>  (1) (2)
    1File path where the loop device is mounted.
    2The file created in the previous step to be mounted as the loop device.

  4. Create a PersistentVolume manifest that references the mounted loop device.

    1. kind: PersistentVolume
    2. apiVersion: v1
    3. metadata:
    4.   name: <local-block-pv10>
    5.   annotations:
    6. spec:
    7.   local:
    8.     path: </dev/loop10> (1)
    9.   capacity:
    10.     storage: <2Gi>
    11.   volumeMode: Block (2)
    12.   storageClassName: local (3)
    13.   accessModes:
    14.     - ReadWriteOnce
    15.   persistentVolumeReclaimPolicy: Delete
    16.   nodeAffinity:
    17.     required:
    18.       nodeSelectorTerms:
    19.       - matchExpressions:
    20.         - key: kubernetes.io/hostname
    21.           operator: In
    22.           values:
    23.           - <node01> (4)
    1The path of the loop device on the node.
    2Specifies it is a block PV.
    3Optional: Set a storage class for the PV. If you omit it, the cluster default is used.
    4The node on which the block device was mounted.

  5. Create the block PV.

    1. # oc create -f <local-block-pv10.yaml>(1)
    1The file name of the persistent volume created in the previous step.

Importing a virtual machine image to a block persistent volume using data volumes

You can import an existing virtual machine image into your OKD cluster. OKD Virtualization uses data volumes to automate the importing data and the creation of an underlying persistent volume claim (PVC). You can then reference the data volume in a virtual machine manifest.

Prerequisites

  • A virtual machine disk image, in RAW, ISO, or QCOW2 format, optionally compressed by using xz or gz.

  • An HTTP or s3 endpoint where the image is hosted, along with any authentication credentials needed to access the data source

  • At least one available block PV.

Procedure

  1. If your data source requires authentication credentials, edit the endpoint-secret.yaml file, and apply the updated configuration to the cluster.

    1. Edit the endpoint-secret.yaml file with your preferred text editor:

      1. apiVersion: v1
      2. kind: Secret
      3. metadata:
      4.   name: <endpoint-secret>
      5.   labels:
      6.     app: containerized-data-importer
      7. type: Opaque
      8. data:
      9.   accessKeyId: "" (1)
      10.   secretKey:   "" (2)
      1Optional: your key or user name, base64 encoded
      2Optional: your secret or password, base64 encoded

    2. Update the secret by running the following command:

      1. $ oc apply -f endpoint-secret.yaml

  2. Create a DataVolume manifest that specifies the data source for the image you want to import and volumeMode: Block so that an available block PV is used.

    1. apiVersion: cdi.kubevirt.io/v1beta1
    2. kind: DataVolume
    3. metadata:
    4.   name: <import-pv-datavolume> (1)
    5. spec:
    6.   storageClassName: local (2)
    7.   source:
    8.       http:
    9.          url: <http://download.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-Base-28-1.1.x86_64.qcow2> (3)
    10.          secretRef: <endpoint-secret> (4)
    11.   pvc:
    12.     volumeMode: Block (5)
    13.     accessModes:
    14.       - ReadWriteOnce
    15.     resources:
    16.       requests:
    17.         storage: <2Gi>
    1The name of the data volume.
    2Optional: Set the storage class or omit it to accept the cluster default.
    3The HTTP source of the image to import.
    4Only required if the data source requires authentication.
    5Required for importing to a block PV.

  3. Create the data volume to import the virtual machine image by running the following command:

    1. $ oc create -f <import-pv-datavolume.yaml>(1)
    1The file name of the data volume that you created in the previous step.

CDI supported operations matrix

This matrix shows the supported CDI operations for content types against endpoints, and which of these operations requires scratch space.

Content typesHTTPHTTPSHTTP basic authRegistryUpload

KubeVirt (QCOW2)

✓ QCOW2
✓ GZ
✓ XZ

✓ QCOW2*
✓ GZ
✓ XZ

✓ QCOW2
✓ GZ
✓ XZ

✓ QCOW2
□ GZ
□ XZ

✓ QCOW2
✓ GZ
✓ XZ

KubeVirt (RAW)

✓ RAW
✓ GZ
✓ XZ

✓ RAW
✓ GZ
✓ XZ

✓ RAW
✓ GZ
✓ XZ

✓ RAW
□ GZ
□ XZ

✓ RAW
✓ GZ
✓ XZ*

✓ Supported operation

□ Unsupported operation

* Requires scratch space

** Requires scratch space if a custom certificate authority is required

CDI now uses the OKD cluster-wide proxy configuration.

Additional resources