Content Management and Capture

Content Management and Capture

Come for answers. Stay for best practices. All we’re missing is you.

 View Only

FNCM on Containers: GCS Fuse Storage on GKE

By Jason Kahn posted Fri February 13, 2026 09:46 AM

  

FNCM on Containers: GCS Fuse Storage on GKE

Introduction

Welcome to another installment in our FNCM on Containers series!

This guide provides step-by-step instructions on how to set up Google Cloud Storage (GCS) Fuse on Google Kubernetes Engine (GKE) for FileNet Content Manager deployments. By leveraging GCS Fuse, you can mount GCS buckets for Persistent Storage in your FileNet environment, enabling scalable and cost-effective storage solutions.

This guide will cover the following topics and features:

  • Overview of GCS Fuse and its benefits for FileNet deployments.

  • Create a GCS bucket for FileNet storage.

  • Configure GKE to use GCS Fuse for Persistent Volumes.

  • Step-by-step instructions to install and configure GCS Fuse on GKE.

Prerequisites:

  • A Google Cloud Platform account

  • Basic knowledge of GCP and IBM FileNet

  • Familiarity with command-line tools and terminal commands

  • Bastion host with access to GKE

  • GKE cluster setup and running, using version 1.25 or later

  • You are using FileNet Content Manager 5.7.0IF3 or later, which includes support for GCS Fuse as a storage option.

GCS Fuse does not support Dynamic Provisioning of Persistent Volumes. All Persistent Volumes must be pre-created and bound to Persistent Volume Claims before they can be used by FileNet pods. 

Environment Setup

Before we begin, make sure you have the following tools installed on your Bastion host:

  1. Install Google Cloud SDK
    Follow the instructions in the official documentation to install the Google Cloud SDK: https://cloud.google.com/sdk/docs/install
  2. Install kubectl
    Follow the instructions in the official documentation to install kubectl: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl

We will be defining the following session variables:

export PROJECT_ID=<your-gcp-project-id>
export REGION=us-central1
export ZONE=us-central1-a
export GKE_CLUSTER_NAME=fncm-cluster

Configure gcloud CLI:

gcloud config set project $PROJECT_ID
gcloud config set compute/region $REGION
gcloud config set compute/zone $ZONE
gcloud config set container/cluster $GKE_CLUSTER_NAME
Configure Access and Workload Identity

Google Cloud Workload Identity (specifically for GKE) allows Kubernetes service accounts in GKE pods to directly impersonate Google Cloud IAM service accounts, enabling secure access to GCS buckets without managing long-lived JSON keys. This keyless approach enhances security by enforcing least privilege and reducing credential exposure.

  1. Enable GKE and Cloud Storage APIs:

    gcloud services enable container.googleapis.com
gcloud services enable storage.googleapis.com

  2. Make sure you have the following role or roles on the Project level:

    roles/kubernetes.engine.admin
roles/storage.admin
roles/storage.objectviewer

  3. Enable Workload Identity on your GKE cluster:

    gcloud container clusters update $GKE_CLUSTER_NAME \
    --workload-pool=$PROJECT_ID.svc.id.goog

  4. Update your node pool to allow metadata access for GKE Metadata Server:

    gcloud container node-pools list

export NODEPOOL_NAME=<NodePoolName>

gcloud container node-pools update $NODEPOOL_NAME --workload-metadata=GKE_METADATA

Updating an existing node pool will cause the nodes to be re-created, which may briefly disrupt running workloads on those nodes.

  1. Verify that the node pool has been updated:

    gcloud container node-pools describe $NODEPOOL_NAME --format="value(config.workloadMetadataConfig.mode)"

For more information on Workload Identity and setting up access to GCS buckets, refer to the official documentation: https://docs.cloud.google.com/kubernetes-engine/docs/how-to/workload-identity

Enable GCS Fuse CSI Driver

The GCS Fuse CSI Driver allows GKE workloads to mount GCS buckets as persistent volumes using the Container Storage Interface (CSI). If you GKE cluster is created with autopilot enabled, the GCS Fuse CSI Driver will already be installed.

  1. If you are creating a new standard GKE cluster, you can enable the GCS Fuse CSI Driver during cluster creation:

    gcloud container clusters create $GKE_CLUSTER_NAME \
  --addons GcsFuseCsiDriver \
  --cluster-version=VERSION \
  --location=LOCATION
  --workload-pool=$PROJECT_ID.svc.id.goog

  2. If you have an existing standard GKE cluster, you can enable the GCS Fuse CSI Driver using the following command:

    gcloud container clusters update $GKE_CLUSTER_NAME \
  --update-addons GcsFuseCsiDriver=ENABLED

  3. Verify that the GCS Fuse CSI Driver is enabled:

    gcloud container clusters describe $GKE_CLUSTER_NAME \
  --format="value(addonsConfig.gcsFuseCsiDriverConfig.enabled)"

For more information on the GCS Fuse CSI Driver, refer to the official documentation: https://docs.cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/cloud-storage-fuse-csi-driver

Create GCS Bucket

Our next step is to create a GCS bucket that will be used to store FileNet Content Manager data. GSC buckets used for persistent volumes require "Uniform bucket-level access" for the CSI driver to function properly. The below command will create the bucket in the same region as our GKE cluster, as defined in the environment setup section.
  1. Create a GCS bucket with uniform bucket-level access: 
    export BUCKET_NAME=fncm-gcs-fuse-bucket

gcloud storage buckets create gs://$BUCKET_NAME \
  --uniform-bucket-level-access

  2. Verify the bucket has been created:

    gcloud storage buckets list --filter="name:$BUCKET_NAME"

For more information on creating GCS buckets, refer to the official documentation: https://docs.cloud.google.com/storage/docs/creating-buckets

Creating the namespace and persistent volumes and claims

Next, we will create a Kubernetes namespace for FileNet Content Manager and define the Persistent Volumes (PVs) that will use GCS Fuse to mount the GCS bucket we created earlier.

  1. Create a namespace for FileNet Content Manager:

    export NAMESPACE=fncm
kubectl create namespace $NAMESPACE

The below YAML manifest defines a Persistent Volume (PV) and Persistent Volume Claim (PVC) using GCS Fuse. This is a template, for a full example please refer to the end of the blog for all PV / PVC definitions.

We will using 1 GCS bucket for all the PVs, but you can create multiple buckets if desired.

  1. Create Persistent Volumes using GCS Fuse - gfuse-pv.yaml:

    ---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: operator-shared-pvc
  namespace: <namespace>
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: <size>
  volumeName: <persistent-volume-name>
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: <persistent-volume-name>
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: <bucketname>:<foldername>
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=<foldername>
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

There are some important parameters to note in the above manifest:

  • volumeHandle: This is a required parameter that specifies the GCS bucket and folder to mount in the format <bucketname>:<foldername>. The folder name is optional, but it is recommended to use a separate folder for each PV to avoid conflicts. Specifying a folder allows for multiple PVs to use the same bucket while keeping their data organized and separated.

  • mountOptions:

    • implicit-dirs: This option allows GCS Fuse to treat directories in the bucket as actual directories in the file system, which is important for FileNet Content Manager to function properly.

    • gid=1000: This option sets the group ID of the mounted volume to 1000, you can choose any GID for your mounted volume. We will adjust the pod security to use fsGroup: 1000 in the FileNet custom resource definition to ensure proper access to the mounted volumes.

    • only-dir=<foldername>: This option restricts access to only the specified folder within the bucket, providing an additional layer of security.

  • storageClassName: This can be any name you choose, but it must match the storageClassName defined in the PVC.

  • persistentVolumeReclaimPolicy: This can be set to Retain or Retain depending on whether you want the PV to be deleted when the PVC is deleted. For GCS Fuse, it is recommended to use Retain to prevent accidental deletion of data in the GCS bucket.

  • name of the pvc: These are the default names that the FileNet Content Manager operator will look for when mounting volumes. If you choose to use different names, you will need to update the custom resource accordingly.

For all templates and examples, refer to the end of the blog for the full PV and PVC definitions.

  1. Apply the PV and PVC manifests:

    kubectl apply -f gfuse-pv.yaml

  2. Confirm that the PVs and PVCs have been created and are in the correct state:

    kubectl get pv -n $NAMESPACE
kubectl get pvc -n $NAMESPACE

You should see that the PVs and PVCs are in the Bound state, indicating that they have been successfully created and are ready to be used by FileNet Content Manager pods.

For more information on the different persistent volume usage modes for GSC Fuse, refer to the official documentation: https://docs.cloud.google.com/kubernetes-engine/docs/how-to/cloud-storage-fuse-csi-driver-pv

Adjusting FileNet Content Manager Operator and Custom Resource for GCS Fuse

There are some additional parameters that need to be added to the FileNet Content Manager deployment to ensure proper mounting and permissions when using GCS Fuse.

  • fsgroup: This should be set to 1000 to match the gid=1000 mount option specified in the PV definition. This ensures that the FileNet Content Manager pods will have the necessary permissions to read and write to the mounted GCS bucket.

  • custom_annotations: The GCS Fuse CSI driver requires a specific annotation to be added to the pods that will be mounting the GCS bucket. This allows for the CSI driver to properly handle the mounting of the bucket and ensure that the correct permissions are applied.

  1. Add the following section to the FileNet Content Manager Operator deployment YAML:

    apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    gke-gcsfuse/volumes: "true"
...
spec:
  securityContext:
    fsGroup: 1000

  2. Add the following section to the FNCM Custom Resource File:

    spec:
  shared_configuration:
    fsgroup: 1000
    custom_annotations:
        gke-gcsfuse/volumes: "true"

Authentication and Access to GCS Bucket and GCS Fuse CSI Driver

GCS Fuse CSI Driver uses Workload Identity to authenticate and authorize access to GCS buckets. When a pod is created that mounts a GCS bucket using GCS Fuse, the CSI driver will use the Kubernetes service account associated with the pod to impersonate a Google Cloud IAM service account that has the necessary permissions to access the GCS bucket.

There is some matter of timing when it comes when the service account is created. The operator service account is created when the operator is deployed, but the FileNet pods are not created until the custom resource is applied.

To add the necessary IAM roles to the service account, you will need to know the name of the Kubernetes service account that will be used by the FileNet pods. By default, the FileNet Content Manager Service Accounts used are:

  • ibm-fncm-operator for the operator

  • <metaname>-fncm-service-account for the FileNet pods

The <metaname> is the name specified in the custom resource definition.

Apply the IAM role to the K8s Service accounts:

export METANAME=fncmdeploy
export NAMESPACE=fncm570
export BUCKET_NAME=fncm-gcs-fuse-bucket
export ROLE_NAME=roles/storage.objectUser
export PROJECT_ID=$(gcloud config get-value project)
export PROJECT_NUMBER=$(gcloud projects describe $PROJECT_ID --format="value(projectNumber)")

gcloud storage buckets add-iam-policy-binding gs://$BUCKET_NAME \
    --member "principal://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$PROJECT_ID.svc.id.goog/subject/ns/$NAMESPACE/sa/ibm-fncm-operator" \
    --role "$ROLE_NAME"

gcloud storage buckets add-iam-policy-binding gs://$BUCKET_NAME \
    --member "principal://iam.googleapis.com/projects/$PROJECT_NUMBER/locations/global/workloadIdentityPools/$PROJECT_ID.svc.id.goog/subject/ns/$NAMESPACE/sa/$METANAME-fncm-service-account" \
    --role "$ROLE_NAME"

We will using the roles/storage.objectUser role, which allows the service accounts to read and write objects in the GCS bucket, but does not allow them to manage the bucket itself.

For more information on GCS Fuse authentication and access, refer to the official documentation: https://docs.cloud.google.com/kubernetes-engine/docs/how-to/cloud-storage-fuse-csi-driver-setup#authentication

Verification and Testing

Once you have completed the above steps, you can verify that the GCS bucket is properly mounted and accessible by the FileNet Content Manager pods. Your pods should be mounting the GCS bucket at the specified mount points, and you should be able to read and write data to the bucket from within the pods. All pods should be running without any errors related to mounting the volumes, and you should see data being stored in the GCS bucket as you interact with FileNet Content Manager.

You can view the data in the GCS bucket using the Google Cloud Console or the gsutil command-line tool:

export BUCKET_NAME=fncm-gcs-fuse-bucket

gsutil ls -d gs://$BUCKET_NAME

Verify that you see the following folders in the bucket, which correspond to the PVs we defined earlier:

gs://fncm-ce-objectstore-testqa/cmis-cfgstore/
gs://fncm-ce-objectstore-testqa/cmis-logstore/
gs://fncm-ce-objectstore-testqa/cpe-cfgstore/
gs://fncm-ce-objectstore-testqa/cpe-filestore/
gs://fncm-ce-objectstore-testqa/cpe-fnlogstore/
gs://fncm-ce-objectstore-testqa/cpe-logstore/
gs://fncm-ce-objectstore-testqa/css-cfgstore/
gs://fncm-ce-objectstore-testqa/css-customstore/
gs://fncm-ce-objectstore-testqa/css-indexstore/
gs://fncm-ce-objectstore-testqa/css-logstore/
gs://fncm-ce-objectstore-testqa/css-tempstore/
gs://fncm-ce-objectstore-testqa/graphql-cfgstore/
gs://fncm-ce-objectstore-testqa/graphql-logstore/
gs://fncm-ce-objectstore-testqa/icn-cfgstore/
gs://fncm-ce-objectstore-testqa/icn-logstore/
gs://fncm-ce-objectstore-testqa/operator-shared/
gs://fncm-ce-objectstore-testqa/tm-cfgstore/
gs://fncm-ce-objectstore-testqa/tm-logstore/
gs://fncm-ce-objectstore-testqa/vw-cachestore/

For more information on tuning your FileNet Content Manager deployment with GCS Fuse, refer to the official documentation: https://docs.cloud.google.com/kubernetes-engine/docs/how-to/cloud-storage-fuse-csi-driver-perf

All PV and PVC Definitions

Below are the full definitions for all the PVs and PVCs needed for a FileNet Content Manager deployment using GCS Fuse on GKE.

FileNet Content Manager Operator:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: operator-shared-pvc
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-operator-shared-pvc-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-operator-shared-pvc-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:operator-shared
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=operator-shared
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

Content Platform Engine (CPE):

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpe-cfgstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-cpe-cfgstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-cpe-cfgstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:cpe-cfgstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=cpe-cfgstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpe-logstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-cpe-logstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-cpe-logstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:cpe-logstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=cpe-logstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpe-filestore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 3Gi
  volumeName: fncm570-cpe-filestore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-cpe-filestore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 3Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:cpe-filestore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=cpe-filestore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpe-icmrulesstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-cpe-icmrulesstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-cpe-icmrulesstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:cpe-icmrulesstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=cpe-icmrulesstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpe-textextstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-cpe-textextstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-cpe-textextstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:cpe-textextstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=cpe-textextstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpe-bootstrapstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-cpe-bootstrapstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-cpe-bootstrapstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:cpe-bootstrapstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=cpe-bootstrapstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cpe-fnlogstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-cpe-fnlogstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-cpe-fnlogstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:cpe-fnlogstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=cpe-fnlogstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

Content Search Services (CSS):

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: css-cfgstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-css-cfgstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-css-cfgstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:css-cfgstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=css-cfgstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: css-logstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-css-logstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-css-logstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:css-logstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=css-logstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: css-tempstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-css-tempstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-css-tempstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:css-tempstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=css-tempstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: css-indexstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-css-indexstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-css-indexstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:css-indexstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=css-indexstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: css-customstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-css-customstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-css-customstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:css-customstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=css-customstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

Content Service GraphQL:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: graphql-cfgstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-graphql-cfgstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-graphql-cfgstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:graphql-cfgstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=graphql-cfgstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: graphql-logstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-graphql-logstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-graphql-logstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:graphql-logstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=graphql-logstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

IBM Content Navigator (ICN):

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: icn-cfgstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-icn-cfgstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-icn-cfgstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:icn-cfgstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=icn-cfgstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: icn-logstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-icn-logstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-icn-logstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:icn-logstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=icn-logstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: icn-pluginstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-icn-pluginstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-icn-pluginstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:icn-pluginstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=icn-pluginstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: icn-vw-cachestore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-icn-vw-cachestore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-icn-vw-cachestore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:icn-vw-cachestore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=vw-cachestore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: icn-vw-logstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-icn-vw-logstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-icn-vw-logstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:icn-vw-logstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=vw-logstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: icn-asperastore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-icn-asperastore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-icn-asperastore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:icn-asperastore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=icn-asperastore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

Task Manager (TM):

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: tm-cfgstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-tm-cfgstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-tm-cfgstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:tm-cfgstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=tm-cfgstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: tm-logstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-tm-logstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-tm-logstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:tm-logstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=tm-logstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: tm-pluginstore
  namespace: fncm570
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: fncm570-tm-pluginstore-pv
  storageClassName: gcsfuse
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: fncm570-tm-pluginstore-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 1Gi
  csi:
    driver: gcsfuse.csi.storage.gke.io
    volumeHandle: fncm-ce-objectstore-testqa:tm-pluginstore
    volumeAttributes:
      gcsfuseMetadataPrefetchOnMount: "true"
  mountOptions:
  - implicit-dirs
  - gid=1000
  - only-dir=tm-pluginstore
  storageClassName: gcsfuse
  persistentVolumeReclaimPolicy: Retain
You have now successfully deployed FNCM on Container on GKE using GCS Buckets through FuseCSI!

If you have any questions or issues, please feel free to reach out to the FNCM on Container community on GitHub: https://github.com/ibm-ecm/ibm-fncm-containers

You can also find more information on how to deploy FNCM on Container on GKE in the official documentation: https://www.ibm.com/docs/en/filenet-p8-platform/5.7.0?topic=using-containers

Happy Containerizing!

Credits:

  • Author: Jason Kahn, Haresh Gautham S
  • Contributor:  Jesus Rodriguez
0 comments
11 views

Permalink

https://community.ibm.com/community/user/blogs/jason-kahn/2026/02/13/fncm-on-container-gcsfuse