SlideShare una empresa de Scribd logo

Introduction to Container Storage Interface (CSI)

Descargar como PPTX, PDF
I
Idan Atias

Among the cool stuff we do at Silk, my colleagues and I develop the Silk CSI Plugin for customers who use our system as the storage layer for their Kubernetes workloads. Before deep diving into the code and as part of my ramp-up on this subject I prepared some slides that cover some basic and important information on this topic. These slides start by recapping some basic storage principals in containers and Kubernetes, continues with some more advanced use cases (including an "offline demo" of persisting Redis data on EBS volumes), and ends with a detailed information on the CSI solution itself. IMHO, reviewing these slides can improve your understanding on this matter and can get you started implementing your own CSI plugin. The main sources of information I used for preparing these slides are: * Official CSI docs * Kubernetes Storage Lingo 101 - Saad Ali, Google * Container Storage Interface: Present and Future - Jie Yu, Mesosphere, Inc.

Software
1 de 37
CSI - Intro Idan Atias
Agenda ● Motivation ● High level overview of spec and architecture
Motivation
Short recap - stateless & stateful apps
Stateless apps ● No need to persist state in order to operate properly ● For example, a web server hosting static content input output
Stateful apps ● Require to persist state for operating consistently ● For example, a Database input output
Containers and stateful apps? ● Containers are ephemeral ○ Data is lost when container is restarted ● Containers are isolated ○ Data cannot be shared with other containers ● Therefore, containers alone are not a good fit for stateful applications
Kubernetes storage solution
Volume plugin ● Kubernetes way for exposing a block device or a mounted file system to all containers in a pod ● It determines: ○ The backing store of the volume (host / remote storage) ○ The lifecycle of the volume (same as pod’s LC / beyond pod’s LC)
Ephemeral storage in k8s ● EmptyDir volume plugin ● Volume allocated on a host machine ● Data exists as long as the pod exists ● Containers in the same pod can share data
Ephemeral storage in k8s ● ConfigMap and Secret are volumes built on top of the EmptyDir volume plugin ● Kubernetes expose these API objects as files in an EmptyDir volume
Deploying Redis ● Redis is an in-memory key- value store that can persist data on disk ● We deploy a cluster of 3 redis nodes - 1 master and 2 replicas ● At first, we use an EmptyDir volume for storage apiVersion: apps/v1 kind: StatefulSet metadata: name: redis … containers: - command: [sh, -c, source /redis- config/init.sh ] image: redis:4.0.11-alpine name: redis ports: - containerPort: 6379 name: redis volumeMounts: - mountPath: /redis-config name: config - mountPath: /redis-data name: data ….. volumes: - configMap: name: redis-config name: config - emptyDir: {} name: data
Deploying Redis
Deploying Redis - adding data persistency
Persisting Redis data with ebs ● EBS - Amazon Elastic Block store ● First we’ll define a StorageClass object ● This object allows K8S to dynamically provision volumes (PersistentVolume or PV) for our application ● It contains the information on which volume plugin to use as well as the set of parameters for provisioning the volume ● So essentially, this is a template for creating a new volume
Persisting Redis data with ebs kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: redis-storage-standard annotations: storageclass.kubernetes.io/is-default-class: "true" provisioner: kubernetes.io/aws-ebs parameters: type: gp2 fsType: ext4
Persisting Redis data with ebs ● Next we’ll need to add a volumeClaimTemplates section in the stateful set definition ● This allows creating a PersistentVolumeClame (PVC) for each pod in the stateful set ○ A PVC is a request for storage ○ It lets Kubernetes know: ■ How much storage the pod needs ■ What is the access mode to the volume (e.g., ReadWriteOnce) ■ What type of storage to use (i.e., StorageClass)
Persisting Redis data with ebs apiVersion: apps/v1 kind: StatefulSet metadata: name: redis ... volumeMounts: - mountPath: /redis-data name: data ... volumeClaimTemplates: - metadata: name: data spec: accessModes: [ "ReadWriteOnce" ] storageClassName: "redis-storage-standard" resources: requests: storage: 1Gi
Persisting Redis data with ebs
Persisting Redis data with ebs PVCs & PVs remain although sts is deleted Our data is back after redeploying the sts
In-tree volume plugins ● EmptyDir and EBS are in-tree volume plugins ● In-tree volume plugins are part of the core Kubernetes and are shipped with its binaries ● Example in-tree volume plugins: ○ EmptyDir ○ AWS EBS ○ Azure Disks ○ GCE pd ○ ScaleIO ○ Vsphere Volume ○ ...
In-tree volume plugins challenges ● Development is tightly coupled with Kubernetes releases. ● Kubernetes community is responsible for testing and maintaining all volume plugins. ● Bugs in volume plugins can crash critical Kubernetes components. (E.g., kubelet) ● Volume plugins are granted the same privileges as the kubernetes component they are part of (E.g., kubelet) ● Forces volume plugin developers to make plugin source code public.
Out-of-tree volume plugins ● Out-of-tree volume plugins are developed independently of the Kubernetes code base, and are deployed on Kubernetes clusters as extensions. ● Kubernetes supports 2 types of out-of-tree volume plugins: ○ FlexVolume Driver (deprecated) ○ CSI Driver (GAed in Kubernetes 1.13)
CSI Overview
Brief history ● Over time, different COs (Container Orchestrators; e.g., Kubernetes, Mesos) developed their own storage interfaces ● It became a nightmare for SPs (storage providers), having to support all of the different specs out there ● Besides that, there were issues with the interfaces themselves ○ 1 of them is their “in-tree” structure ● Somewhere in 2017, some folks from different COs and SPs decided to tackle these issues and formed the Container Storage Interface - CSI
out-of-tree plugin ● Out-of-tree was chosen as per the reasons we mentioned before
Volume Operations ● 2 types of volume operations ● Must be executed on the node (volume’s host) ○ E.g., mount/unmount ● Can be executed on any node ○ E.g., create volume ● This led to the definition of 3 services ○ Identity Service - must run on each node (used for registering the driver with CO node agent) ○ Node Service - must run on each node (used for “on-the-node” operations) ○ Controller Service - single instance the can run on any node (interacts with the API Server and the Storage Provider) ○ CSI Driver needs to implement these services ● Next, we describe these services deeper (focusing on Kubernetes)
Service APIs ● APIs should be: ○ Implemented as gRPC endpoints (over unix domain sockets) ○ Sync ○ Idempotent ■ For failure recovery
Identity Service ● GetPluginInfo ○ Driver metadata ■ Name, Vendor ● GetPluginCapabilities ○ For advertising what “features” the driver supports ○ E.g. CreateVolume ● Probe ○ Driver health check EP
Controller Service ● CreateVolume ● DeleteVolume ● ControllerPublishVolume ○ Attaching volume to node ● ControllerUnpublishVolume ○ Detach ● ValidateVolumeCapabilities ○ Validate requested vol caps match the supported caps ○ Stage/unstage ● ListVolumes ● GetCapacity ● ControllerGetCapabilities
Node Service ● NodeStageVolume ○ Mount volume to a staging path on the node ● NodeUnstageVolume ○ Unmounts from staging path ● NodePublishVolume ○ Mount the volume to the target path on the node (bind-mount) ● NodeUnpublishVolume ○ Unmount from target path ● NodeGetId ○ Node identifier - for iSCSI - IQN ● NodeGetCapabilities
Services diagram
Plugin Deployment ● As long as meets the CSI spec - no restrictions ● However, Kubernetes team has a recommended way ● It involves using a some helper side cars developed by the Kubernetes community ● It also facilitates special CSI objects- CSIDriver, CSINode
Sidecars / Helper containers ● Watch the Kubernetes API server ● Trigger appropriate operations against the CSI Driver container ● Update the Kubernetes API server with returned data from CSI driver ● Available sidecars (partial): ○ Node-driver-registrar: fetch driver info and register with kubelet ○ External-provisioner: more to follow ○ External-attacher: more to follow
external-provisioner
external-attacher
CSI - Intro: The End Idan Atias

Recomendados

The Container Storage Interface (CSI)
The Container Storage Interface (CSI)The Container Storage Interface (CSI)
The Container Storage Interface (CSI)Masiar Ighani
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesThe {code} Team
 
Kubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistenceKubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistenceJanakiram MSV
 
KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101KubeAcademy
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRaffaele Di Fazio
 
Kubernetes #6 advanced scheduling
Kubernetes #6 advanced schedulingKubernetes #6 advanced scheduling
Kubernetes #6 advanced schedulingTerry Cho
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Crevise Technologies
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 

Recomendados

The Container Storage Interface (CSI)
The Container Storage Interface (CSI)The Container Storage Interface (CSI)
The Container Storage Interface (CSI)Masiar Ighani
 
Everything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesEverything You Need To Know About Persistent Storage in Kubernetes
Everything You Need To Know About Persistent Storage in KubernetesThe {code} Team
 
Kubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistenceKubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistenceJanakiram MSV
 
KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101KubeAcademy
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRaffaele Di Fazio
 
Kubernetes #6 advanced scheduling
Kubernetes #6 advanced schedulingKubernetes #6 advanced scheduling
Kubernetes #6 advanced schedulingTerry Cho
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Crevise Technologies
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Imesh Gunaratne
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Persistent Storage with Containers with Kubernetes & OpenShift
Persistent Storage with Containers with Kubernetes & OpenShiftPersistent Storage with Containers with Kubernetes & OpenShift
Persistent Storage with Containers with Kubernetes & OpenShiftRed Hat Events
 
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringBoosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringShapeBlue
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Secure container: Kata container and gVisor
Secure container: Kata container and gVisorSecure container: Kata container and gVisor
Secure container: Kata container and gVisorChing-Hsuan Yen
 
Quick introduction to Kubernetes
Quick introduction to KubernetesQuick introduction to Kubernetes
Quick introduction to KubernetesEduardo Garcia Moyano
 
Intro to Helm for Kubernetes
Intro to Helm for KubernetesIntro to Helm for Kubernetes
Intro to Helm for KubernetesCarlos E. Salazar
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & SecurityVietnam Open Infrastructure User Group
 
Kubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setKubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setTerry Cho
 
Getting started with kubernetes
Getting started with kubernetesGetting started with kubernetes
Getting started with kubernetesJanakiram MSV
 
Scylla on Kubernetes: Introducing the Scylla Operator
Scylla on Kubernetes: Introducing the Scylla OperatorScylla on Kubernetes: Introducing the Scylla Operator
Scylla on Kubernetes: Introducing the Scylla OperatorScyllaDB
 
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...Citus Data
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installationRobert Bohne
 
Helm Charts Security 101
Helm Charts Security 101Helm Charts Security 101
Helm Charts Security 101Deep Datta
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 introTerry Cho
 
OpenEBS hangout #4
OpenEBS hangout #4OpenEBS hangout #4
OpenEBS hangout #4OpenEBS
 

Más contenido relacionado

La actualidad más candente

Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Imesh Gunaratne
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Ryan Jarvinen
 
Persistent Storage with Containers with Kubernetes & OpenShift
Persistent Storage with Containers with Kubernetes & OpenShiftPersistent Storage with Containers with Kubernetes & OpenShift
Persistent Storage with Containers with Kubernetes & OpenShiftRed Hat Events
 
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringBoosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringShapeBlue
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfssuser1490e8
 
Kubernetes
KubernetesKubernetes
Kuberneteserialc_w
 
Secure container: Kata container and gVisor
Secure container: Kata container and gVisorSecure container: Kata container and gVisor
Secure container: Kata container and gVisorChing-Hsuan Yen
 
Intro to Helm for Kubernetes
Intro to Helm for KubernetesIntro to Helm for Kubernetes
Intro to Helm for KubernetesCarlos E. Salazar
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleMihai Criveti
 
Kubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setKubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setTerry Cho
 
Getting started with kubernetes
Getting started with kubernetesGetting started with kubernetes
Getting started with kubernetesJanakiram MSV
 
Scylla on Kubernetes: Introducing the Scylla Operator
Scylla on Kubernetes: Introducing the Scylla OperatorScylla on Kubernetes: Introducing the Scylla Operator
Scylla on Kubernetes: Introducing the Scylla OperatorScyllaDB
 
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...Citus Data
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Krishna-Kumar
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installationRobert Bohne
 
Helm Charts Security 101
Helm Charts Security 101Helm Charts Security 101
Helm Charts Security 101Deep Datta
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsStefan Schimanski
 

La actualidad más candente (20)

Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
 
Persistent Storage with Containers with Kubernetes & OpenShift
Persistent Storage with Containers with Kubernetes & OpenShiftPersistent Storage with Containers with Kubernetes & OpenShift
Persistent Storage with Containers with Kubernetes & OpenShift
 
Boosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uringBoosting I/O Performance with KVM io_uring
Boosting I/O Performance with KVM io_uring
 
OpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdfOpenShift Virtualization- Technical Overview.pdf
OpenShift Virtualization- Technical Overview.pdf
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Secure container: Kata container and gVisor
Secure container: Kata container and gVisorSecure container: Kata container and gVisor
Secure container: Kata container and gVisor
 
Quick introduction to Kubernetes
Quick introduction to KubernetesQuick introduction to Kubernetes
Quick introduction to Kubernetes
 
Intro to Helm for Kubernetes
Intro to Helm for KubernetesIntro to Helm for Kubernetes
Intro to Helm for Kubernetes
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & Security
 
Kubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful setKubernetes #4 volume & stateful set
Kubernetes #4 volume & stateful set
 
Getting started with kubernetes
Getting started with kubernetesGetting started with kubernetes
Getting started with kubernetes
 
Scylla on Kubernetes: Introducing the Scylla Operator
Scylla on Kubernetes: Introducing the Scylla OperatorScylla on Kubernetes: Introducing the Scylla Operator
Scylla on Kubernetes: Introducing the Scylla Operator
 
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...
Distributed Point-in-Time Recovery with Postgres | PGConf.Russia 2018 | Eren ...
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
 
Helm Charts Security 101
Helm Charts Security 101Helm Charts Security 101
Helm Charts Security 101
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitions
 

Similar a Introduction to Container Storage Interface (CSI)

Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 introTerry Cho
 
OpenEBS hangout #4
OpenEBS hangout #4OpenEBS hangout #4
OpenEBS hangout #4OpenEBS
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rookRohan Gupta
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Docker, Inc.
 
Docker on Amazon ECS
Docker on Amazon ECSDocker on Amazon ECS
Docker on Amazon ECSDeepak Kumar
 
Kubernetes for Beginners
Kubernetes for BeginnersKubernetes for Beginners
Kubernetes for BeginnersDigitalOcean
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopWeaveworks
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes InternalsShimi Bandiel
 
A guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on KubernetesA guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on Kubernetest8kobayashi
 
kubernetes.pdf
kubernetes.pdfkubernetes.pdf
kubernetes.pdfcrezzcrezz
 
[WSO2Con Asia 2018] Deploying Applications in K8S and Docker
[WSO2Con Asia 2018] Deploying Applications in K8S and Docker[WSO2Con Asia 2018] Deploying Applications in K8S and Docker
[WSO2Con Asia 2018] Deploying Applications in K8S and DockerWSO2
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209mffiedler
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWSGrant Ellis
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWSGrant Ellis
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyJérémy Wimsingues
 

Similar a Introduction to Container Storage Interface (CSI) (20)

Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
 
OpenEBS hangout #4
OpenEBS hangout #4OpenEBS hangout #4
OpenEBS hangout #4
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the Datacenter
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rook
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)Kubernetes CRI containerd integration by Lantao Liu (Google)
Kubernetes CRI containerd integration by Lantao Liu (Google)
 
Docker on Amazon ECS
Docker on Amazon ECSDocker on Amazon ECS
Docker on Amazon ECS
 
Kubernetes for Beginners
Kubernetes for BeginnersKubernetes for Beginners
Kubernetes for Beginners
 
AKS: k8s e azure
AKS: k8s e azureAKS: k8s e azure
AKS: k8s e azure
 
Intro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps WorkshopIntro to Kubernetes & GitOps Workshop
Intro to Kubernetes & GitOps Workshop
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes Internals
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
 
A guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on KubernetesA guide of PostgreSQL on Kubernetes
A guide of PostgreSQL on Kubernetes
 
kubernetes.pdf
kubernetes.pdfkubernetes.pdf
kubernetes.pdf
 
[WSO2Con Asia 2018] Deploying Applications in K8S and Docker
[WSO2Con Asia 2018] Deploying Applications in K8S and Docker[WSO2Con Asia 2018] Deploying Applications in K8S and Docker
[WSO2Con Asia 2018] Deploying Applications in K8S and Docker
 
Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209Testing kubernetes and_open_shift_at_scale_20170209
Testing kubernetes and_open_shift_at_scale_20170209
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWS
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWS
 
Heroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success storyHeroku to Kubernetes & Gihub to Gitlab success story
Heroku to Kubernetes & Gihub to Gitlab success story
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istio
 

Último

Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 

Último (20)

Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 

Introduction to Container Storage Interface (CSI)

  • 2. Agenda ● Motivation ● High level overview of spec and architecture
  • 4. Short recap - stateless & stateful apps
  • 5. Stateless apps ● No need to persist state in order to operate properly ● For example, a web server hosting static content input output
  • 6. Stateful apps ● Require to persist state for operating consistently ● For example, a Database input output
  • 7. Containers and stateful apps? ● Containers are ephemeral ○ Data is lost when container is restarted ● Containers are isolated ○ Data cannot be shared with other containers ● Therefore, containers alone are not a good fit for stateful applications
  • 9. Volume plugin ● Kubernetes way for exposing a block device or a mounted file system to all containers in a pod ● It determines: ○ The backing store of the volume (host / remote storage) ○ The lifecycle of the volume (same as pod’s LC / beyond pod’s LC)
  • 10. Ephemeral storage in k8s ● EmptyDir volume plugin ● Volume allocated on a host machine ● Data exists as long as the pod exists ● Containers in the same pod can share data
  • 11. Ephemeral storage in k8s ● ConfigMap and Secret are volumes built on top of the EmptyDir volume plugin ● Kubernetes expose these API objects as files in an EmptyDir volume
  • 12. Deploying Redis ● Redis is an in-memory key- value store that can persist data on disk ● We deploy a cluster of 3 redis nodes - 1 master and 2 replicas ● At first, we use an EmptyDir volume for storage apiVersion: apps/v1 kind: StatefulSet metadata: name: redis … containers: - command: [sh, -c, source /redis- config/init.sh ] image: redis:4.0.11-alpine name: redis ports: - containerPort: 6379 name: redis volumeMounts: - mountPath: /redis-config name: config - mountPath: /redis-data name: data ….. volumes: - configMap: name: redis-config name: config - emptyDir: {} name: data
  • 14. Deploying Redis - adding data persistency
  • 15. Persisting Redis data with ebs ● EBS - Amazon Elastic Block store ● First we’ll define a StorageClass object ● This object allows K8S to dynamically provision volumes (PersistentVolume or PV) for our application ● It contains the information on which volume plugin to use as well as the set of parameters for provisioning the volume ● So essentially, this is a template for creating a new volume
  • 16. Persisting Redis data with ebs kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: redis-storage-standard annotations: storageclass.kubernetes.io/is-default-class: "true" provisioner: kubernetes.io/aws-ebs parameters: type: gp2 fsType: ext4
  • 17. Persisting Redis data with ebs ● Next we’ll need to add a volumeClaimTemplates section in the stateful set definition ● This allows creating a PersistentVolumeClame (PVC) for each pod in the stateful set ○ A PVC is a request for storage ○ It lets Kubernetes know: ■ How much storage the pod needs ■ What is the access mode to the volume (e.g., ReadWriteOnce) ■ What type of storage to use (i.e., StorageClass)
  • 18. Persisting Redis data with ebs apiVersion: apps/v1 kind: StatefulSet metadata: name: redis ... volumeMounts: - mountPath: /redis-data name: data ... volumeClaimTemplates: - metadata: name: data spec: accessModes: [ "ReadWriteOnce" ] storageClassName: "redis-storage-standard" resources: requests: storage: 1Gi
  • 20. Persisting Redis data with ebs PVCs & PVs remain although sts is deleted Our data is back after redeploying the sts
  • 21. In-tree volume plugins ● EmptyDir and EBS are in-tree volume plugins ● In-tree volume plugins are part of the core Kubernetes and are shipped with its binaries ● Example in-tree volume plugins: ○ EmptyDir ○ AWS EBS ○ Azure Disks ○ GCE pd ○ ScaleIO ○ Vsphere Volume ○ ...
  • 22. In-tree volume plugins challenges ● Development is tightly coupled with Kubernetes releases. ● Kubernetes community is responsible for testing and maintaining all volume plugins. ● Bugs in volume plugins can crash critical Kubernetes components. (E.g., kubelet) ● Volume plugins are granted the same privileges as the kubernetes component they are part of (E.g., kubelet) ● Forces volume plugin developers to make plugin source code public.
  • 23. Out-of-tree volume plugins ● Out-of-tree volume plugins are developed independently of the Kubernetes code base, and are deployed on Kubernetes clusters as extensions. ● Kubernetes supports 2 types of out-of-tree volume plugins: ○ FlexVolume Driver (deprecated) ○ CSI Driver (GAed in Kubernetes 1.13)
  • 25. Brief history ● Over time, different COs (Container Orchestrators; e.g., Kubernetes, Mesos) developed their own storage interfaces ● It became a nightmare for SPs (storage providers), having to support all of the different specs out there ● Besides that, there were issues with the interfaces themselves ○ 1 of them is their “in-tree” structure ● Somewhere in 2017, some folks from different COs and SPs decided to tackle these issues and formed the Container Storage Interface - CSI
  • 26. out-of-tree plugin ● Out-of-tree was chosen as per the reasons we mentioned before
  • 27. Volume Operations ● 2 types of volume operations ● Must be executed on the node (volume’s host) ○ E.g., mount/unmount ● Can be executed on any node ○ E.g., create volume ● This led to the definition of 3 services ○ Identity Service - must run on each node (used for registering the driver with CO node agent) ○ Node Service - must run on each node (used for “on-the-node” operations) ○ Controller Service - single instance the can run on any node (interacts with the API Server and the Storage Provider) ○ CSI Driver needs to implement these services ● Next, we describe these services deeper (focusing on Kubernetes)
  • 28. Service APIs ● APIs should be: ○ Implemented as gRPC endpoints (over unix domain sockets) ○ Sync ○ Idempotent ■ For failure recovery
  • 29. Identity Service ● GetPluginInfo ○ Driver metadata ■ Name, Vendor ● GetPluginCapabilities ○ For advertising what “features” the driver supports ○ E.g. CreateVolume ● Probe ○ Driver health check EP
  • 30. Controller Service ● CreateVolume ● DeleteVolume ● ControllerPublishVolume ○ Attaching volume to node ● ControllerUnpublishVolume ○ Detach ● ValidateVolumeCapabilities ○ Validate requested vol caps match the supported caps ○ Stage/unstage ● ListVolumes ● GetCapacity ● ControllerGetCapabilities
  • 31. Node Service ● NodeStageVolume ○ Mount volume to a staging path on the node ● NodeUnstageVolume ○ Unmounts from staging path ● NodePublishVolume ○ Mount the volume to the target path on the node (bind-mount) ● NodeUnpublishVolume ○ Unmount from target path ● NodeGetId ○ Node identifier - for iSCSI - IQN ● NodeGetCapabilities
  • 33. Plugin Deployment ● As long as meets the CSI spec - no restrictions ● However, Kubernetes team has a recommended way ● It involves using a some helper side cars developed by the Kubernetes community ● It also facilitates special CSI objects- CSIDriver, CSINode
  • 34. Sidecars / Helper containers ● Watch the Kubernetes API server ● Trigger appropriate operations against the CSI Driver container ● Update the Kubernetes API server with returned data from CSI driver ● Available sidecars (partial): ○ Node-driver-registrar: fetch driver info and register with kubelet ○ External-provisioner: more to follow ○ External-attacher: more to follow
  • 37. CSI - Intro: The End Idan Atias