SlideShare a Scribd company logo

Easy multi-tenant-kubernetes-rwx-storage-with-cloud-provider-openstack-and-manila

T
TomBarron

Use the Mania CSI plugin to provide RWX Kubernetes persistent storage from OpenStack

Software
1 of 21
Download to read offline
Easy multi-tenant Kubernetes RWX storage with Cloud Provider OpenStack and Manila CSI Tom Barron tbarron@redhat.com Victoria Martinez de la Cruz victoria@redhat.com
Game plan ● What is Manila CSI? ● Why RWX storage for Kubernetes with Manila CSI ● How to deploy Manila CSI ○ One time task for Kubernetes operators (or for Operators) (demo!) ● How to use Manila CSI ○ Day to day PVC and pod deployment by application developers (demo!) ● Summary and resources WHAT ARE WE GOING TO SEE TODAY
What is the Manila CSI plugin? - External, dynamic provisioner plugin for persistent Kubernetes volumes served up via OpenStack Manila - Conforms to the new Container Storage Interface standard - Code lives in the Kubernetes Cloud Provider Openstack repository WHAT
RWX Storage for Container Orchestrators with CephFS and Manila - slide 49 The author, Robert Vašek, initial work at CERN He recently completed a GSOC project under Red Hat sponsorship to add snapshot capabilities to Manila CSI.
Why use a Cloud Provider OpenStack plugin? ● Why Cloud Provider Openstack rather than vendor-specific or backend-specific plugins? ● No lock in -- abstraction layer over multiple back ends ○ Manila supports ~35 storage back ends ● Keystone-based hard multi-tenant separation for multiple K8s clusters with independent ownership ○ Enables dynamic, elastic sharing of enterprise or public-cloud scale storage resources by multiple K8s clusters ○ OpenStack is IAAS, multiple CAAS clusters are IAAS customers ○ CAAS customers (applications developers/devops) don’t need to know anything about OpenStack WHY
Why use the Manila plugin? ● There’s is a perfectly good Cinder-CSI plugin. ● But the Cinder plugin offers only RWO file mode access, not RWX. ● Kubernetes makes it easy to scale out containerized compute via pods but provisioning consistent persistent storage for replicated pods is tricky.* ● RWX PVCs pointing to Storage Classes from Manila CSI can enable safe multi-writer pod deployments with familiar, straightforward application design. * See Kubernetes Storage 101, David Zhu and Jan Šafránek, especially slides 45ff. WHY
Why use a CSI plugin? ● There’s a nice Manila provisioner already in cloud provider openstack repository ○ It’s already external to the K8s codebase so can be changed on its own life cycle, doesn’t impact K8s core security, etc. (faster bug fixes and features) ○ It already can support both static and dynamic provisioning ● CSI is a standard interface for K8s, docker, Mesos, and other COs ○ But maybe you just care about K8s :) ● Bottom line: this is where the new development is happening ○ New features and developer/testing attention are focused on the CSI plugins rather than the non-CSI external provisioner plugins. WHY
OpenStack Manila CSI for Kubernetes ● K8s nodes are VMs or Bare Metal ● OpenStack Admin is the Storage Admin’s customer (can be same individuals of course) ● K8s Admins are separate OpenStack customers (separate tenants — each with their own OpenStack user privileges) ● K8s users are customers of the K8s Admin. Users don’t need to know anything about Manila or OpenStack Manila Share service K8s cluster BK8s cluster A Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Vendor Storage Control Path (PVCs and Manila CRUD) Data Path (mount PVs) Manila CSI Controller Plugin Manila Scheduler service Manila API service Manila CSI Controller Plugin
Deploying Manila CSI One time task for Kubernetes Administrators
Manifests $ tree admin-manifests admin-manifests ├── 00-nfscsi-nodeplugin ← protocol partner node plugin │ ├── 00-rbac.yaml │ └── 11-daemonset.yaml ├── 11-manilacsi-nodeplugin ← defines forwarding to partner node plugin │ ├── 00-rbac.yaml │ └── 11-daemonset.yaml ├── 22-manilacsi-attacher ← essentially a no-op for manila-csi │ ├── 00-rbac.yaml │ └── 11-stateful-set.yaml ├── 33-manilacsi-provisioner ← fulfills PVCs via Manila API │ ├── 00-rbac.yaml │ └── 11-stateful-set.yaml ├── 44-secrets ← OpenStack user credentials │ └── 00-secrets.yaml for the K8s admin └── 55-storage-class ← Used by PVCs to select the └── 00-storage-class.yaml dynamic external provisioner DEPLOYING MANILA CSI
Admin Manila CSI Deployment Setting up Manila CSI in the K8s cluster (follow link for demo) The manifests used in the demo are available here. ● One time setup by K8s administrator ● Can use the helm chart now provided in the cloud provider openstack repo instead ● In our downstream OCP product we’ll make an Operator to do this as well as manage day2, etc. ● So this will be even easier than what we are demoing here Plugins running post CSI deployment, no storage provisioned DEPLOYING MANILA CSI
Using Manila CSI
Using Manila CSI Application developers can dynamically provision RWX storage and deploy pods with applications that safely consume it using yaml manifests that are themselves completely decoupled from Manila and from its CSI plugin. - Use the same pod and pvc definitions on premises that you use with OpenShift on AWS, GCP, Azure, etc except for the storage class reference in the PVC USING MANILA CSI
Simple Multi-Writer scenario $ cat 00-writer-pod.yaml apiVersion: v1 kind: Pod metadata: name: writer-one spec: restartPolicy: Never containers: - image: gcr.io/google_containers/busybox command: - "/bin/sh" - "-c" - "while true; do echo $(date) >> /mnt/test/$(hostname); sleep 10; done" name: busybox volumeMounts: - name: mypvc mountPath: /mnt/test Volumes: - name: mypvc persistentVolumeClaim: claimName: myclaim readOnly: false $ diff 00-writer-pod.yaml 11-writer-pod.yaml 4c4 < name: writer-one --- > name: writer-two ● 00-writer and 11-writer differ only in their names ● They mount the same volume via mypvc at /mnt/test ● They write to different files at /mnt/test/$hostname ● The name of the PVC used USING MANILA CSI
PVC definition $ cat rwx-persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myclaim spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi storageClassName: csi-manila-nfs ● K8s administrator created this storage class - csi-manila-nfs ○ End user doesn’t need to know anything about Manila CSI, just needs to refer to this Storage class ● Pod definitions refer to this name to use this PVC ● Use RWX so that the PV that fulfills this PVC will can be mounted to multiple pods on multiple nodes in the cluster USING MANILA CSI
End user deploys multi-writer application with RWX storage Writer-one sees what writer two is writing and vice versa. Easy end-user multi-writer deployment to RWX volume (follow link for demo) The manifests used in the demo are available here. USING MANILA CSI
Manila CSI supports RWO mode too $ cat rwx-persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myclaim spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi storageClassName: csi-manila-nfs $ cat rwo-persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myclaim spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: csi-manila-nfs Just change the accessMode in the PVC manifest USING MANILA CSI
Same applications with RWO PVC multi-writer deployment with RWO PVC (follow link for demo) The manifests used in the demo are available here. Second pod gets stuck and cannot come up -- as it should since RWO mode is being enforced. USING MANILA CSI
Features and Futures ● Share Expand and Shrink ● HA improvements (daemon set for controller with leader election) ● Create volume from snapshot compatibility layer ○ When Manila back ends can’t do this themselves ● Complete OpenLab CI ● Improve concurrency for long-running tasks (like CephFS create from volume) ● Integrated handler for multiple share protocols? ● Topology awareness (AZs) FUTURE
Summary, Resources and Q&A ● Cloud provider openstack code repository (includes manila-csi plugin) ● Kubernetes Storage 101, David Zhu and Jan Šafránek, Kubecon Barcelona 2019. ● Manila-kube repository for deploying Kubernetes cluster on OpenStack with manila-csi ● RWX storage for container orchestrators with CephFS and Manila ● Manila CSI Manifests used in the demo ● GSOC snapshots project SUMMARY + RESOURCES
linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat Reach us out for Q&A: tbarron@redhat.com vkmc@redhat.com Thank you!

Recommended

Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
Phil Estes
 
FOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project UpdateFOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project Update
Phil Estes
 
Extended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use casesExtended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use cases
Phil Estes
 
Container Landscape in 2019
Container Landscape in 2019Container Landscape in 2019
Container Landscape in 2019
Anusha Ragunathan
 
Persistent Storage in Docker Platform
Persistent Storage in Docker PlatformPersistent Storage in Docker Platform
Persistent Storage in Docker Platform
Anusha Ragunathan
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registry
HungWei Chiu
 
How to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetesHow to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetes
Meng-Ze Lee
 
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaSPrivate PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Imesh Gunaratne
 

Recommended

Docker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine EvolutionDocker London Meetup: Docker Engine Evolution
Docker London Meetup: Docker Engine Evolution
Phil Estes
 
FOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project UpdateFOSDEM 2019: A containerd Project Update
FOSDEM 2019: A containerd Project Update
Phil Estes
 
Extended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use casesExtended and embedding: containerd update & project use cases
Extended and embedding: containerd update & project use cases
Phil Estes
 
Container Landscape in 2019
Container Landscape in 2019Container Landscape in 2019
Container Landscape in 2019
Anusha Ragunathan
 
Persistent Storage in Docker Platform
Persistent Storage in Docker PlatformPersistent Storage in Docker Platform
Persistent Storage in Docker Platform
Anusha Ragunathan
 
Integration kubernetes with docker private registry
Integration kubernetes with docker private registryIntegration kubernetes with docker private registry
Integration kubernetes with docker private registry
HungWei Chiu
 
How to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetesHow to deal second interface service discovery and load balancer in kubernetes
How to deal second interface service discovery and load balancer in kubernetes
Meng-Ze Lee
 
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaSPrivate PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Imesh Gunaratne
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
Phil Estes
 
Secure container: Kata container and gVisor
Secure container: Kata container and gVisorSecure container: Kata container and gVisor
Secure container: Kata container and gVisor
Ching-Hsuan Yen
 
Docker open stack boston
Docker open stack bostonDocker open stack boston
Docker open stack boston
dotCloud
 
Docker and OpenStack Boston Meetup
Docker and OpenStack Boston MeetupDocker and OpenStack Boston Meetup
Docker and OpenStack Boston Meetup
Kamesh Pemmaraju
 
(Open)Stacking Containers
(Open)Stacking Containers(Open)Stacking Containers
(Open)Stacking Containers
Ken Thompson
 
CNCF Projects Overview
CNCF Projects OverviewCNCF Projects Overview
CNCF Projects Overview
Neependra Khare
 
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott DeegExploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
VMware Tanzu
 
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
Docker, Inc.
 
Storage for Windows workloads in Kubernetes
Storage for Windows workloads in KubernetesStorage for Windows workloads in Kubernetes
Storage for Windows workloads in Kubernetes
Anusha Ragunathan
 
Raspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflowRaspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflow
霈萱 蔡
 
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the UglyKubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
smalltown
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
kanedafromparis
 
Whats New with Kata Containers
Whats New with Kata ContainersWhats New with Kata Containers
Whats New with Kata Containers
Liz Warner
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerD
Docker, Inc.
 
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
Yusuf Hadiwinata Sutandar
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
DevOps.com
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
LinuxCon ContainerCon CloudOpen China
 
Designing Cloud Native Applications with Kubernetes
Designing Cloud Native Applications with KubernetesDesigning Cloud Native Applications with Kubernetes
Designing Cloud Native Applications with Kubernetes
Bilgin Ibryam
 
11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group Meetup11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group Meetup
Philipp Grossenbacher
 
K8S_Learning_Notebook_01
K8S_Learning_Notebook_01K8S_Learning_Notebook_01
K8S_Learning_Notebook_01
Yen Hsien Chen
 
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB
 
Docker enterprise Technologies
Docker enterprise TechnologiesDocker enterprise Technologies
Docker enterprise Technologies
strikr .
 

More Related Content

What's hot

Docker and OpenStack Boston Meetup
Docker and OpenStack Boston MeetupDocker and OpenStack Boston Meetup
Docker and OpenStack Boston Meetup
Kamesh Pemmaraju
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
DevOps.com
 

What's hot (20)

Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
 
Secure container: Kata container and gVisor
Secure container: Kata container and gVisorSecure container: Kata container and gVisor
Secure container: Kata container and gVisor
 
Docker open stack boston
Docker open stack bostonDocker open stack boston
Docker open stack boston
 
Docker and OpenStack Boston Meetup
Docker and OpenStack Boston MeetupDocker and OpenStack Boston Meetup
Docker and OpenStack Boston Meetup
 
(Open)Stacking Containers
(Open)Stacking Containers(Open)Stacking Containers
(Open)Stacking Containers
 
CNCF Projects Overview
CNCF Projects OverviewCNCF Projects Overview
CNCF Projects Overview
 
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott DeegExploring Next Generation Buildpacks - Anand Rao & Scott Deeg
Exploring Next Generation Buildpacks - Anand Rao & Scott Deeg
 
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
LinuxKit: the first five months by Justin Cormack & Riyaz Faizullabhoy (Docker)
 
Storage for Windows workloads in Kubernetes
Storage for Windows workloads in KubernetesStorage for Windows workloads in Kubernetes
Storage for Windows workloads in Kubernetes
 
Raspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflowRaspberry pi x kubernetes x tensorflow
Raspberry pi x kubernetes x tensorflow
 
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the UglyKubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
Kubernetes Summit 2021: Multi-Cluster - The Good, the Bad and the Ugly
 
Ippevent : openshift Introduction
Ippevent : openshift IntroductionIppevent : openshift Introduction
Ippevent : openshift Introduction
 
Whats New with Kata Containers
Whats New with Kata ContainersWhats New with Kata Containers
Whats New with Kata Containers
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerD
 
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftKubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 
Designing Cloud Native Applications with Kubernetes
Designing Cloud Native Applications with KubernetesDesigning Cloud Native Applications with Kubernetes
Designing Cloud Native Applications with Kubernetes
 
11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group Meetup11th Docker Switzerland User Group Meetup
11th Docker Switzerland User Group Meetup
 
K8S_Learning_Notebook_01
K8S_Learning_Notebook_01K8S_Learning_Notebook_01
K8S_Learning_Notebook_01
 

Similar to Easy multi-tenant-kubernetes-rwx-storage-with-cloud-provider-openstack-and-manila

Workday's Next Generation Private Cloud
Workday's Next Generation Private CloudWorkday's Next Generation Private Cloud
Workday's Next Generation Private Cloud
Silvano Buback
 
OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...
OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...
OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...
OpenNebula Project
 
EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On TutorialEGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
OpenNebula Project
 
How to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephHow to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with Ceph
Sean Cohen
 
Deep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatDeep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red Hat
Sean Cohen
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
Patrick Chanezon
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Ovadiah Myrgorod
 

Similar to Easy multi-tenant-kubernetes-rwx-storage-with-cloud-provider-openstack-and-manila (20)

MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
 
Docker enterprise Technologies
Docker enterprise TechnologiesDocker enterprise Technologies
Docker enterprise Technologies
 
Running Kubernetes on OpenStack
Running Kubernetes on OpenStackRunning Kubernetes on OpenStack
Running Kubernetes on OpenStack
 
Workday's Next Generation Private Cloud
Workday's Next Generation Private CloudWorkday's Next Generation Private Cloud
Workday's Next Generation Private Cloud
 
WebSphere 20th - Application modernization
WebSphere 20th - Application modernizationWebSphere 20th - Application modernization
WebSphere 20th - Application modernization
 
OpenNebula Conf 2014 | Using Ceph to provide scalable storage for OpenNebula ...
OpenNebula Conf 2014 | Using Ceph to provide scalable storage for OpenNebula ...OpenNebula Conf 2014 | Using Ceph to provide scalable storage for OpenNebula ...
OpenNebula Conf 2014 | Using Ceph to provide scalable storage for OpenNebula ...
 
OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...
OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...
OpenNebulaConf 2014 - Using Ceph to provide scalable storage for OpenNebula -...
 
EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On TutorialEGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
EGI TF 2013 / Cloud Interoperability Week – Hands-On Tutorial
 
Hybrid cloud openstack meetup
Hybrid cloud openstack meetupHybrid cloud openstack meetup
Hybrid cloud openstack meetup
 
Kubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOpsKubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOps
 
How to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with CephHow to Survive an OpenStack Cloud Meltdown with Ceph
How to Survive an OpenStack Cloud Meltdown with Ceph
 
Deep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatDeep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red Hat
 
Deep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatDeep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red Hat
 
CD in kubernetes using helm and ksonnet. Stas Kolenkin
CD in kubernetes using helm and ksonnet. Stas KolenkinCD in kubernetes using helm and ksonnet. Stas Kolenkin
CD in kubernetes using helm and ksonnet. Stas Kolenkin
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
 
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
GCP - Continuous Integration and Delivery into Kubernetes with GitHub, Travis...
 
VSphere Integrated Containers v3.0
VSphere Integrated Containers v3.0VSphere Integrated Containers v3.0
VSphere Integrated Containers v3.0
 
Halifax DevOps - Meet-up - July.19 2017
Halifax DevOps - Meet-up - July.19 2017Halifax DevOps - Meet-up - July.19 2017
Halifax DevOps - Meet-up - July.19 2017
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_Dev opsec dockerimage_patch_n_lifecyclemanagement_
Dev opsec dockerimage_patch_n_lifecyclemanagement_
 
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
 

More from TomBarron

More from TomBarron (7)

Manila project update_train_shanghai
Manila project update_train_shanghaiManila project update_train_shanghai
Manila project update_train_shanghai
 
Manila Project Update - Denver Open Infrastructure Summit - May 2019
Manila Project Update - Denver Open Infrastructure Summit - May 2019Manila Project Update - Denver Open Infrastructure Summit - May 2019
Manila Project Update - Denver Open Infrastructure Summit - May 2019
 
Manila Project Onboarding - Denver Open Infrastructure Summit - May 2019
Manila Project Onboarding - Denver Open Infrastructure Summit - May 2019Manila Project Onboarding - Denver Open Infrastructure Summit - May 2019
Manila Project Onboarding - Denver Open Infrastructure Summit - May 2019
 
Manila Project Onboarding - openstack-berlin-summit-2018
Manila Project Onboarding - openstack-berlin-summit-2018Manila Project Onboarding - openstack-berlin-summit-2018
Manila Project Onboarding - openstack-berlin-summit-2018
 
Manila Project Onboarding openstack-berlin-summit-2018
Manila Project Onboarding openstack-berlin-summit-2018Manila Project Onboarding openstack-berlin-summit-2018
Manila Project Onboarding openstack-berlin-summit-2018
 
Manila project update openstack-berlin-summit-2018
Manila project update openstack-berlin-summit-2018Manila project update openstack-berlin-summit-2018
Manila project update openstack-berlin-summit-2018
 
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
Practical CephFS with nfs today using OpenStack Manila - Ceph Day Berlin - 12...
 

Recently uploaded

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 

Recently uploaded (20)

%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
%in Lydenburg+277-882-255-28 abortion pills for sale in Lydenburg
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 

Easy multi-tenant-kubernetes-rwx-storage-with-cloud-provider-openstack-and-manila

  • 1. Easy multi-tenant Kubernetes RWX storage with Cloud Provider OpenStack and Manila CSI Tom Barron tbarron@redhat.com Victoria Martinez de la Cruz victoria@redhat.com
  • 2. Game plan ● What is Manila CSI? ● Why RWX storage for Kubernetes with Manila CSI ● How to deploy Manila CSI ○ One time task for Kubernetes operators (or for Operators) (demo!) ● How to use Manila CSI ○ Day to day PVC and pod deployment by application developers (demo!) ● Summary and resources WHAT ARE WE GOING TO SEE TODAY
  • 3. What is the Manila CSI plugin? - External, dynamic provisioner plugin for persistent Kubernetes volumes served up via OpenStack Manila - Conforms to the new Container Storage Interface standard - Code lives in the Kubernetes Cloud Provider Openstack repository WHAT
  • 4. RWX Storage for Container Orchestrators with CephFS and Manila - slide 49 The author, Robert Vašek, initial work at CERN He recently completed a GSOC project under Red Hat sponsorship to add snapshot capabilities to Manila CSI.
  • 5. Why use a Cloud Provider OpenStack plugin? ● Why Cloud Provider Openstack rather than vendor-specific or backend-specific plugins? ● No lock in -- abstraction layer over multiple back ends ○ Manila supports ~35 storage back ends ● Keystone-based hard multi-tenant separation for multiple K8s clusters with independent ownership ○ Enables dynamic, elastic sharing of enterprise or public-cloud scale storage resources by multiple K8s clusters ○ OpenStack is IAAS, multiple CAAS clusters are IAAS customers ○ CAAS customers (applications developers/devops) don’t need to know anything about OpenStack WHY
  • 6. Why use the Manila plugin? ● There’s is a perfectly good Cinder-CSI plugin. ● But the Cinder plugin offers only RWO file mode access, not RWX. ● Kubernetes makes it easy to scale out containerized compute via pods but provisioning consistent persistent storage for replicated pods is tricky.* ● RWX PVCs pointing to Storage Classes from Manila CSI can enable safe multi-writer pod deployments with familiar, straightforward application design. * See Kubernetes Storage 101, David Zhu and Jan Šafránek, especially slides 45ff. WHY
  • 7. Why use a CSI plugin? ● There’s a nice Manila provisioner already in cloud provider openstack repository ○ It’s already external to the K8s codebase so can be changed on its own life cycle, doesn’t impact K8s core security, etc. (faster bug fixes and features) ○ It already can support both static and dynamic provisioning ● CSI is a standard interface for K8s, docker, Mesos, and other COs ○ But maybe you just care about K8s :) ● Bottom line: this is where the new development is happening ○ New features and developer/testing attention are focused on the CSI plugins rather than the non-CSI external provisioner plugins. WHY
  • 8. OpenStack Manila CSI for Kubernetes ● K8s nodes are VMs or Bare Metal ● OpenStack Admin is the Storage Admin’s customer (can be same individuals of course) ● K8s Admins are separate OpenStack customers (separate tenants — each with their own OpenStack user privileges) ● K8s users are customers of the K8s Admin. Users don’t need to know anything about Manila or OpenStack Manila Share service K8s cluster BK8s cluster A Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Manila CSI Node Plugin Vendor Storage Control Path (PVCs and Manila CRUD) Data Path (mount PVs) Manila CSI Controller Plugin Manila Scheduler service Manila API service Manila CSI Controller Plugin
  • 9. Deploying Manila CSI One time task for Kubernetes Administrators
  • 10. Manifests $ tree admin-manifests admin-manifests ├── 00-nfscsi-nodeplugin ← protocol partner node plugin │ ├── 00-rbac.yaml │ └── 11-daemonset.yaml ├── 11-manilacsi-nodeplugin ← defines forwarding to partner node plugin │ ├── 00-rbac.yaml │ └── 11-daemonset.yaml ├── 22-manilacsi-attacher ← essentially a no-op for manila-csi │ ├── 00-rbac.yaml │ └── 11-stateful-set.yaml ├── 33-manilacsi-provisioner ← fulfills PVCs via Manila API │ ├── 00-rbac.yaml │ └── 11-stateful-set.yaml ├── 44-secrets ← OpenStack user credentials │ └── 00-secrets.yaml for the K8s admin └── 55-storage-class ← Used by PVCs to select the └── 00-storage-class.yaml dynamic external provisioner DEPLOYING MANILA CSI
  • 11. Admin Manila CSI Deployment Setting up Manila CSI in the K8s cluster (follow link for demo) The manifests used in the demo are available here. ● One time setup by K8s administrator ● Can use the helm chart now provided in the cloud provider openstack repo instead ● In our downstream OCP product we’ll make an Operator to do this as well as manage day2, etc. ● So this will be even easier than what we are demoing here Plugins running post CSI deployment, no storage provisioned DEPLOYING MANILA CSI
  • 13. Using Manila CSI Application developers can dynamically provision RWX storage and deploy pods with applications that safely consume it using yaml manifests that are themselves completely decoupled from Manila and from its CSI plugin. - Use the same pod and pvc definitions on premises that you use with OpenShift on AWS, GCP, Azure, etc except for the storage class reference in the PVC USING MANILA CSI
  • 14. Simple Multi-Writer scenario $ cat 00-writer-pod.yaml apiVersion: v1 kind: Pod metadata: name: writer-one spec: restartPolicy: Never containers: - image: gcr.io/google_containers/busybox command: - "/bin/sh" - "-c" - "while true; do echo $(date) >> /mnt/test/$(hostname); sleep 10; done" name: busybox volumeMounts: - name: mypvc mountPath: /mnt/test Volumes: - name: mypvc persistentVolumeClaim: claimName: myclaim readOnly: false $ diff 00-writer-pod.yaml 11-writer-pod.yaml 4c4 < name: writer-one --- > name: writer-two ● 00-writer and 11-writer differ only in their names ● They mount the same volume via mypvc at /mnt/test ● They write to different files at /mnt/test/$hostname ● The name of the PVC used USING MANILA CSI
  • 15. PVC definition $ cat rwx-persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myclaim spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi storageClassName: csi-manila-nfs ● K8s administrator created this storage class - csi-manila-nfs ○ End user doesn’t need to know anything about Manila CSI, just needs to refer to this Storage class ● Pod definitions refer to this name to use this PVC ● Use RWX so that the PV that fulfills this PVC will can be mounted to multiple pods on multiple nodes in the cluster USING MANILA CSI
  • 16. End user deploys multi-writer application with RWX storage Writer-one sees what writer two is writing and vice versa. Easy end-user multi-writer deployment to RWX volume (follow link for demo) The manifests used in the demo are available here. USING MANILA CSI
  • 17. Manila CSI supports RWO mode too $ cat rwx-persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myclaim spec: accessModes: - ReadWriteMany resources: requests: storage: 10Gi storageClassName: csi-manila-nfs $ cat rwo-persistent-volume-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: myclaim spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: csi-manila-nfs Just change the accessMode in the PVC manifest USING MANILA CSI
  • 18. Same applications with RWO PVC multi-writer deployment with RWO PVC (follow link for demo) The manifests used in the demo are available here. Second pod gets stuck and cannot come up -- as it should since RWO mode is being enforced. USING MANILA CSI
  • 19. Features and Futures ● Share Expand and Shrink ● HA improvements (daemon set for controller with leader election) ● Create volume from snapshot compatibility layer ○ When Manila back ends can’t do this themselves ● Complete OpenLab CI ● Improve concurrency for long-running tasks (like CephFS create from volume) ● Integrated handler for multiple share protocols? ● Topology awareness (AZs) FUTURE
  • 20. Summary, Resources and Q&A ● Cloud provider openstack code repository (includes manila-csi plugin) ● Kubernetes Storage 101, David Zhu and Jan Šafránek, Kubecon Barcelona 2019. ● Manila-kube repository for deploying Kubernetes cluster on OpenStack with manila-csi ● RWX storage for container orchestrators with CephFS and Manila ● Manila CSI Manifests used in the demo ● GSOC snapshots project SUMMARY + RESOURCES