persistent storage with containers with kubernetes & openshift
TRANSCRIPT
Red Hat and KubeStuff we’ve built● Storage● Secrets● Quotas ● Limit Ranges● Deployments● … and more
Stuff we contribute to● lots of API server● Networking● Auth & Authz● Security contexts● Scalability● … and more
OpenShift and KubeStuff we add around Kube● Automatic Builds & Deployments● Application Templates● STI (Source-to-image) builder● Tons of RH approved/tested images● Red Hat’s standard of excellence and support for
open source technology
Managing compute != managing storage
Pets vs. Cattle
Pets● Have names and identity● You care about them● You nurse them back to
health when sick
Cattle● Have numbers● Are just like other cattle● You don’t care about them● You get a new ones
Persistent StorageGoals● Allow admins to describe storage● Allow users to request storage● No tight coupling to any disk, server, network,
or storage device
Two API objects
PersistentVolume (PV)
PersistentVolumeClaim (PVC)
PersistentVolume● A PV is a real piece of networked storage in the cluster
provisioned by an administrator.● PVs are resources like nodes are resources● Long lifecycle independent of any pod
Persistent VolumeapiVersion: v1
kind: PersistentVolume
metadata:
name: pv0003
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle nfs:
path: /tmp
server: 172.17.0.2
Persistent Volume Claim● A request for storage by a user● Allows specific resource requests (e.g, size, access modes)● Used like a claim check
Persistent Volume Claimkind: PersistentVolumeClaim
apiVersion: v1
metadata: name: myclaim
spec: accessModes: - ReadWriteOnce
resources: requests: storage: 3Gi
Storage Lifecycle● Provisioning● Binding● Using● Releasing● Reclaiming
Provisioning● Dynamic● Scripted● Manual
Binding● Claims matched to volumes● Always more, never less● Claim can be unbound indefinitely
Using a claim checkkind: PodapiVersion: v1metadata: name: mypod labels: name: frontendhttpspec: containers: - name: myfrontend image: nginx ports: - containerPort: 80 name: "http-server" volumeMounts: - mountPath: "/var/www/html" name: mypd volumes: - name: mypd persistentVolumeClaim: claimName: myclaim
* Claims and Pods must be in the same namespace!
Re-use your claim
$ oc delete pod mypod
● Deleting a pod does not delete your claim● Re-use your claim in another pod
Releasing
$ oc delete pvc myclaim● Delete your claim to release your storage● Volume is “released” but not available for another claim● Recycling policy can scrub the volume to clean previous
claimant’s data
Reclaiming
● Reclaim policy per volume● Scrubbing is configurable (PR #9870)● Delete/Recreate via dynamic provisioning● PVs are “Retain” by default and can be manually reclaimed
Types of persistent volumes● GCEPersistentDisk● AWSElasticBlockStore● NFS● Glusterfs● iSCSI● RBD (Ceph block device)
● HostPath (for testing)● Fiber Channel● Cephfs● Cinder & Manila
Demo!Wordpress + MySQLBoth require persistent storage
https://github.com/openshift/origin/tree/master/examples/wordpress
Roadmap● Robust security between pods, volumes, and containers● Scalable storage and nominal services● Dynamic provisioning
https://github.com/openshift/origin
Red Hat & Project Atomic swag and raffles and smart people
Booth #310
github: markturansky
irc: markturansky
#openshift-dev
#google-containers