 All right. Yeah, okay. Hi. Hi everybody. Welcome Today we are going to be talking about easy multi tenancy Coronet is free by many storage with club provider open stack and Manila CSI My name is Victoria Martinez and La Cruz. I'm here today with me I'm Tom Baron. I worked with Victoria. I was the Manila PTL the last three cycles, but not anymore got to miss so What are we going to be talking today? We have really a short amount of time and and this was intended for a full Presentation so we have a lot of content, but we are going to try to fit this in 10 minutes a bit more maybe So today we are going to be covering what is Manila CSI Then we are going to do a quick overview on well why we actually need river many for Kubernetes with Manila CSI Then we are going to go directly to show a demo of how are you going to deploy Manila CSI? and Finally, we are going to be covering the use case for the application developer side So basically is how you are going to be using Manila CSI as a well user actually finally we are going to leave a link With summary and resources you can use if you are interested on this topic So you can check it out later all the slides are you have a lot of content But the idea is for you to actually have some sort of resource if you need to check it out. All right, so First of all, what is the Manila CSI plug-in first I hope you are familiar with the many with what Manila is if not just the quick basic introduction Is that Manila is the share power system as a service project for open stack? and CSI basically is the solution we have the standard solution We have if you need to have persistent storage for you in Kubernetes The actual Definition for this would be is external dynamic provisioner plug-in for persisting Kubernetes volumes serve up in true open stack Manila a good thing about is because there are several implementations, but CSI is a standard and The great thing about it to be a standard is that basically you can use it with any Continued orchestrator is not only Q&A is But still this code lives in the Q&A is cloud provider opens our repository So a bit of Motivation on why we should be using The cloud provider opens our plug-in with Manila instead with that maybe implementation for a vendor specific or back-end specifics Storage and basically is The our main reason would be is you know Manila has support not only for one storage, but also For nearly 35 different storage vacancies Basically, you can use this a Single Abstraction layer to interact with any storage you might have and this is pretty convenient. This is flexible So this is a good reason for you to be using Manila on Kubernetes So a really important point is that in open stack we have multi-tenancy Basically, you are getting this for free In Kubernetes something that basically you don't have right now in Kubernetes And it's not nearly to be done in the short place So if you are looking to have a deployment with multi-tenancy, this is your your way to go okay, so Why use Manila instead of other solutions in open stacks for instance like Zinder We have a plug-in for Zinder But the thing is that is read rate only Thank you, and in Manila you are getting read by many So there are different use cases is like if your use case actually requires this capability then Manila is your way to go In Zinder is a different use case, but well it depends on what you want to do and Well, what what would you want to use a storage in Kubernetes? Basically? Well, it's easy to scale and Basically manage any application you might have that would need persistent storage All right, so All right, so Let's see a quick overview of how this demo is going to be look like How is the the topology that we are going to be presenting in in for here? So basically you will have Open stack deployment like a minimal one with Manila And Manila is not on the data path is in the control path You will have different tenants for with your Kubernetes cluster here have cluster a cluster v and Here we depict an scenario in which you will have two different storage possibilities So for instance a vendor storage and in the other side Seth with NFS Ganesha gateway in front of it Basically, you can interact with Manila to provide a share and just get the share directly attached to your pod and That in a simple scenario that well we are going to show and it will allow Tom to actually perform the demo sure So what we want to show first is what a Kubernetes? cloud administrator needs to do to work with CSI so cloud administrator is The Kubernetes admin is oh, yeah, I'm sorry. This is right. Thank you So the administrator is an open-stack user it has an ordinary open-stack user rights but the administrator of the Does not need administrative privileges and open-stack itself. Okay, so we showed a picture with Kubernetes cloud a and Kubernetes cloud b and they're each separate open-stack tenants And our ships in the night to each other as they interact with open stack. So In the Manila CSI provisioner The Kubernetes administrator works with a bunch of YAML files to install the plug-ins that are required So we're showing here an example where they're using an NFS partner plug-in to just do the mount Nothing else in the NFS CSI is used similarly you could use a sep fs native provisioner to do the sep fs mount and then the controller part is Is run as a stateful set with replication one So you only have one one of them running a time that's in charge of orchestrating that The actual stuff it interacts with Manila and the control plane to get provisioning done and then there are node provisioners Which do the actual mounting from the Manila standpoint and interact with these Interact with the protocol helper so All of that is canned Okay, it's just the same as boilerplate It's the same for every kind of deployment except which protocol you're going to use to hook up with what you have to do though is set up local secrets with your normal credentials and the code to do there's a script to do that in in the code that was Provided with the Manila CSI provisioner and then you have to define storage classes Kubernetes users refer to storage classes when they do Persistent volume claims the storage class concept is abstractly a whole lot like The Manila concept of a share type and indeed you map this in that when you do the storage class definition You not only say how big you want it. I need two terabytes or whatever, but you say What Manila? Storage storage type share type matches the storage class So you might have a Manila share type called gold or something and it will get mapped there in your storage class. So This is something that's done one time There's a helm chart to do a lot of this now that's in here We're not using it in here and then downstream For instance in our distribution with OpenShift we intend to write an operator that will wrap all this up and just make can it It's still pretty easy even like this Next slide, please Oh, yeah, okay, so I Think these points I've made basically we're gonna do a little screencast that shows you what the administrator does to set it up with these manifest Thank you Okay, here we are Play okay, we have a Kubernetes cluster It's running 1.15.1 I Can't type so you get to see me type and retype. We have a master node and three worker nodes Here are the manifests that I just saw earlier that I just had on the slide for example the secrets file Looks like that a script produced it from your OpenStack credentials Here's the storage class that's defined at the moment here I Will you can see here? The storage class has a name. It's using the Manila provisioner and Has a Manila share type so the you the Kubernetes administrator needs to talk to the OpenStack Administrator at some level and say what share types do you have out there? Just like any other user it wants to use share types They have to know which types there are the Kubernetes administrators guide those that in this case Right now you can see we don't really have much going on in the Kubernetes cluster some bare bones one We're going to create we're going to use these manifests We'll see if they them start running in a while Actually the way I sorted those they start running right away so It's fast and easy The hardest part is typing kubectl right without inverting the letters and You can see that there are a bunch of pods here running with these different parts of the Manila CSI plug-in and What else did I show here? Oh? There are no persistent volume claims made yet There are no persistent volumes made yet We didn't create any manually at a time and the dynamic creation of them by Like persistent volume claims hasn't happened because we're just the administrator setting things up for ordinary users Who are going to use do this? Manila Also on the back end didn't have any shares corresponding to that We can go go on now Let's move on to the next slide. Thank you Victoria Okay, I What I want to show you is that's something this one time administrator does for it over in Kubernetes cluster a Over in Kubernetes cluster B the administrator did something similar. They don't know about each other They're running on open stack and getting opensack storage right now. How does an actual user is typically a developer or DevOps person? interact with this now so an application developer using Manila CSI can get RWX storage RWX is the Kubernetes jargon for read write anywhere Which is just means essentially that I can have applications running in pods that are writing Concurrently to the same persistent volume safely Okay, the jargon is our RWX versus RWO or the various read-only modes So as Victoria mentioned earlier Sender for instance will give you RWO mode, but not RWX at least when you're using file There's a new raw black block thing. We're not talking about right now So The idea is an application developer ought to be able to define their application in a pod and They ought to be able to find persistent volume claims and use that in a cloud native area running on Alibaba or Azure or AWS or something like that and then move the same application over into an on-premises OpenStack Environment and run the same thing they're gonna have to change the names of their storage classes But otherwise they ought to be able to run and the reason they have need to change the names of storage classes is not because they're moving from Alibaba or AWS to An OpenStack based thing just because they're moving to a different administrator people name things differently They might use their own native language for instance It's the names of them you got to be able to refer to the storage classes that have been defined by the administrator Okay, let's move along now So I made a bare-bones simple multi writer Application so if you look at the red part, this is an application a simple DOM application writing Running in a pod the application Echoes the date into a path Slash M&T path and it's using the host name of the of the node Here hostname here hostname here ends up Different I have two of these writer one and writer two the only difference is the name and the name shows up in the hostname So that means you can write into a different spot in the file system. We're using the same application We're mounting this through a pbc and the claim name is my claim We can look that this will all be online I'm gonna run through it quickly because I'm running out of time, but you can see how it works later now We have web that my claim shows up in a pbc and The pbc is read write only I mean rewrite many 10 gig and It referred to the storage class that the administrator created Okay We'll go run through this of quickly in a screencast again, you can see this We're running out of time, but it'll all be here and our contact information's at the front So if you need to ask us questions Feel free So we don't have any pbc's yet the administrator just set things up user hasn't done anything That's the pbc. We're gonna use this one. I showed on the slide we create we create a We create that persistent volume claim and now if we look there is a persistent volume claim where that was blank before and There was a persistent volume fulfilling it and once you get the credentials, right? We'll see that there's a manila share Corresponding to it now. I'm cheating a little way in running manila commands here of doing it For the sake of showing it to you the end user of the kubernetes cloud isn't gonna know Anything about manila? They don't need to know anything about open stack just you can see on the back end That's how it's getting fulfilled as I showed you in the slides. I've got an application same one We put on the slides. There are two versions of it. They differ only in the name It shows up. We run each of them Look at the result Come on. Can't type pester. All right. So what we're here here what we're doing Might be running off the screen here basically They're both running and they're running you'll see it if you run this on your native And you'll see they're running on different worker nodes. So they're distributed out over the cluster now what we can do is Run a command in the pod called writer one And we're just listing the the file tree under the mount point all I'm showing you here is you get you see the same thing from both pods Which are running on different worker nodes Right and not only can you see the same thing? You can look at the file that's being written by the other pod on This on you know on writer one you can see what writer two is writing and on writer two you can see what writers one's writing So these guys not seeing this a million times in in Manila You know with read with without calling without the container context So You can also see and hear that that the files are both both show up in both places and You can see that they're up top that mount with the It's running off the screen here But it's mounted in both places in inside both pods So the scoop can tell cuddle Exact commands are running in both pods. So this will be posted the slides will be posted the screencasts will be available The manifests will be downloadable when you come back after this, you know in a week or two when the Conference is all settles So you can follow up on the details of that stuff at that point I Have another I'm going to skip it right now You can obviously do read write once as well the demo and screencast show you trying to run the same apps The first one comes up fine the second one blocks. That's what you will get the sender or etc With the sender CSI plug-in with this kind of application. So summing up with Manila CSI you get read write anywhere access from any nodes in your in your Kubernetes cluster you can run multiple clusters on open stack that don't know anything about each other But that are still using common open stacks Alas elastically available large-scale storage behind it that's available to all of open stack You can run multiple back-ends. I can run Saff plus net app plus I don't know in spur, you know, etc. And I can put them all in there Or I can pick and choose among them as the open stack administrator and nobody has to know anything about it Who's using Kubernetes? so That's basically it the slides cover some more stuff like futures that are developing with I think that's about wraps it up will be around if you have questions and stuff This is liking talking and we're already running over our time. So thank you for letting us do that