Container ecosystems grow exponentially. Requirements change rapidly and thereโs an ever-expanding stream of feature requests and enhancements. Today Hewlett Packard Enterprise released version 1.3.0 of the HPE CSI Driver for Kubernetes. This release marks a very important milestone, as HPE introduces their own CSI extensions by using Kubernetes CSI Sidecar Containers. These serve as a foundation to enable future innovations. Thereโs also broader platform support, and a much-awaited enhancements for our iSCSI users.
Letโs break down whatโs in store for the CSI driver, with important deployment changes, along with some exciting updates to the HPE Primera Container Storage Provider for Kubernetes.
Kubernetes CSI Sidecar Containers
Users familiar with the CSI specification are well aware of the microservice architecture itโs comprised of. It allows components to be revised separately while exposing APIs over a high-speed remote procedure call (RPC) interface (gRPC), over UNIX sockets. This microservice architecture invites vendors to build their own extensions to CSI to expand on their own unique differentiating data management capabilities.
The first (yes, thereโs more coming!) CSI extension from HPE is a volume mutator. It allows end users to โeditโ their Persistent Volume Claims (PVCs) using a standard mechanism in Kubernetes called annotation. Attributes that are mutable are exposed by the backend Container Storage Provider (CSP) , and is restricted by the Kubernetes administrator using a parameter in the StorageClass.
Using the HPE Nimble Storage CSP, users may be allowed to change performance characteristics of their PVCs by using the signature features of the array. These include:
- Set Quality of Service (QoS) Limits (IOPS and/or throughput)
- Change performance policy (within the same block size)
- Move volume between folders (for logical grouping, gold tier, production etc)
Security enhancements for iSCSI users
Many customers who have adopted iSCSI as their storage fabric, enforces the initiators to login to their targets using iSCSI Challenge Handshake Authentication Protocol (CHAP). The iSCSI protocol itself doesnโt allow zoning, and spoofing an initiator is quite trivial if you have network access. Note that CHAP only encrypts the handshake using a shared secret; it does not encrypt data in flight on the wire. Also, only one-way CHAP initiator to target is supported at this time.
Using iSCSI CHAP with the HPE CSI Driver for Kubernetes is trivial as the backend CSP is under contract to create the CHAP account if it doesnโt exist on the backend. CHAP needs to be declared at deployment of the CSI driver.
Example, using Helm:
helm install hpe-csi hpe/hpe-csi-driver --set=iscsi.chapUser=chap-user --set=iscsi.chapPassword=shared-secret
See the updated documentation on HPE Storage Container Orchestrator Documentation (SCOD) for more details on using iSCSI CHAP with the CSI driver.
Expanded support
Both new and existing partners are asking for support for the HPE CSI Driver for their respective platforms, ecosystems and operating systems. The HPE engineering teams are here to deliver on all fronts.
HPE Ezmeral Container Platform deploys and manages 100% open source upstream Kubernetes clusters. This makes it very easy and accessible for customers and partners wanting to adopt the container platform and the CSI driver, as all they need to do is cross-check the support matrix from both products and theyโll have plenty of options and freedom for deployment. This same philosophy now also applies to Rancher, where deployed Kubernetes clusters and host operating systems need to be within supported parameters.
Ubuntu is the open source Linux distribution of choice for many Kubernetes users. HPE customers are already running the CSI driver on the latest Long Term Support (LTS) release of Ubuntu, and HPE is now formally supporting Ubuntu 20.04 LTS. This, in turn, has deprecated Ubuntu 16.04 LTS for the CSI driver moving forward.
| CentOS 7.6 | RHEL/RHCOS 7.6 | Ubuntu 18.04/20.04 | |
| Kubernetes | 1.15 - 1.18 | 1.15 - 1.18 | 1.15 - 1.18 |
| Container Runtime | Docker CE | 19.3+ | 19.3+ |
| CRI-O | 1.16, 1.17 | 1.16, 1.17 | |
| Containerd | 1.2.13 | 1.2.13 | |
| Red Hat OpenShift 4 | - | 4.3, 4.4 | - |
| Protocol | iSCSI/FC | iSCSI/FC | iSCSI/FC |
Note: See SCOD for the most up to date information.
HPE Primera Container Storage Provider updates
The 1.3.0 release of the CSI driver will include a significant update to the HPE Primera CSP as more features are being incorporated from the FlexVolume driver. This will ease the transition for the HPE 3PAR installed base. Capabilities such as importing volumes and using native HPE Primera snapshots for data management are now available. Other notable features include support for peer persistence and iSCSI.
Important deployment changes
Due to the inherent difficulty of managing immutable objects with Helm and the Operator Lifecycle Manager (OLM), the following important changes have been implemented in the latest Helm chart and Operator.
- Kubernetes StorageClasses and backend Secrets are no longer managed
- All HPE supported Container Storage Providers are now deployed during install
Documentation on SCOD has been updated to reflect this new behavior. The Helm chart and Operator is also briefer and has a much lower barrier to install.
Learn more
The HPE CSI Driver for Kubernetes version 1.3.0 is available immediately. Thereโs also a number of new notable assets available for public consumption pertaining to the CSI driver, including:
- HPE CSI Driver for Kubernetes Helm chart
- HPE CSI Operator for Kubernetes on OperatorHub.io
- New Video Gallery on SCOD with tutorials and demonstrations
- Deploying a highly available containerized database on HPE Nimble Storage with HPE Ezmeral Container Platform
- HPE Reference Configuration for Red Hat OpenShift Container Platform 4 on HPE Synergy and HPE Storage systems
- Blog post on openshift.com highlighting the Red Hat and HPE partnership
Stay tuned to Around the Storage Block for future updates on the HPE CSI Driver for Kubernetes!
MichaelMattsson
Data & Storage Nerd, Containers, DevOps, IT Automation
