Clarification on storage (persistence/volumes) for Helm installs

jmcombs · September 9, 2023, 2:03am

I am using Helm to install Traefik in K8s (specifically RKE2) and have some clarification questions regarding to storage.

In the Helm Chart values.yaml, there are these two sections:

#
# -- Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# `additionalArguments:
# - "--providers.file.filename=/config/dynamic.toml"
# - "--ping"
# - "--ping.entrypoint=web"`
volumes: []
# - name: public-cert
#   mountPath: "/certs"
#   type: secret
# - name: '{{ printf "%s-configs" .Release.Name }}'
#   mountPath: "/config"
#   type: configMap

persistence:
  # -- Enable persistence using Persistent Volume Claims
  # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
  # It can be used to store TLS certificates, see `storage` in certResolvers
  enabled: false
  name: data
#  existingClaim: ""
  accessMode: ReadWriteOnce
  size: 128Mi
  # storageClass: ""
  # volumeName: ""
  path: /data
  annotations: {}
  # -- Only mount a subpath of the Volume into the pod
  # subPath: ""

My questions are as follows:

I migrated over from Docker Swarm and in Docker Swarm I mounted an NFS volume for my traefik-dynamic-configuration.yaml and traefik-static-configuration.yaml files and assumed that I could do the same in Kubernetes. I set up the csi-driver-nfs Storage Class and then configured a PersistentVolumeClaim (which uses said Storage Class). When I try to specify that PVC in my Helm values.yaml file the container never mounts or uses it. In fact, when I run a kubectl describe pod it shows the config mount as an EmptyDir.

extraArgs:
  - --providers.file.filename=/config/traefik-dynamic-config.yaml
volumes:
  - name: nfs-traefik-config
    mountPath: /config
    type: persistentVolumeClaim

So, my question is, are the only supported types of volumes configMap and secret for volumes or am I doing something wrong? My hope was to be able to mount the NFS share and use the --providers.file.folder=/config and --providers.file.watch=true options.

With regards to persistence, is this only for certificate storage or is this what I would use to store static and dynamic configuration files and certificates?

persistence:
  enabled: true
  existingClaim: nfs-traefik-certs

Your help is greatly appreciated.