Around the Storage Block
cancel
Showing results for 
Search instead for 
Did you mean: 

HPE CSI Driver for Kubernetes 1.3.0 now available!

Container ecosystems grow exponentially. Requirements change rapidly and there’s an ever-expanding stream of feature requests and enhancements. Today Hewlett Packard Enterprise released version 1.3.0 of the HPE CSI Driver for Kubernetes. This release marks a very important milestone, as HPE introduces their own CSI extensions by using Kubernetes CSI Sidecar Containers. These serve as a foundation to enable future innovations. There’s also broader platform support, and a much-awaited enhancements for our iSCSI users.

Let’s break down what’s in store for the CSI driver, with important deployment changes, along with some exciting updates to the HPE Primera Container Storage Provider for Kubernetes.

 

Kubernetes CSI Sidecar Containers

Users familiar with the CSI specification are well aware of the microservice architecture it’s comprised of. It allows components to be revised separately while exposing APIs over a high-speed remote procedure call (RPC) interface (gRPC), over UNIX sockets. This microservice architecture invites vendors to build their own extensions to CSI to expand on their own unique differentiating data management capabilities.

The first (yes, there’s more coming!) CSI extension from HPE is a volume mutator. It allows end users to “edit” their Persistent Volume Claims (PVCs) using a standard mechanism in Kubernetes called annotation. Attributes that are mutable are exposed by the backend Container Storage Provider (CSP) , and is restricted by the Kubernetes administrator using a parameter in the StorageClass.

HPE CSI Driver for Kubernetes achitectureHPE CSI Driver for Kubernetes achitecture

Using the HPE Nimble Storage CSP, users may be allowed to change performance characteristics of their PVCs by using the signature features of the array. These include:

  • Set Quality of Service (QoS) Limits (IOPS and/or throughput)
  • Change performance policy (within the same block size)
  • Move volume between folders (for logical grouping, gold tier, production etc)
For a more in-depth review of how the volume mutator works, and what use cases it opens up, visit Introduction to Kubernetes CSI Sidecar Containers from HPE on the HPE Developer Community blog.

 

Security enhancements for iSCSI users

Many customers who have adopted iSCSI as their storage fabric, enforces the initiators to login to their targets using iSCSI Challenge Handshake Authentication Protocol (CHAP). The iSCSI protocol itself doesn’t allow zoning, and spoofing an initiator is quite trivial if you have network access. Note that CHAP only encrypts the handshake using a shared secret; it does not encrypt data in flight on the wire. Also, only one-way CHAP initiator to target is supported at this time.

Using iSCSI CHAP with the HPE CSI Driver for Kubernetes is trivial as the backend CSP is under contract to create the CHAP account if it doesn’t exist on the backend. CHAP needs to be declared at deployment of the CSI driver.

Example, using Helm:

helm install hpe-csi hpe/hpe-csi-driver --set=iscsi.chapUser=chap-user --set=iscsi.chapPassword=shared-secret

See the updated documentation on HPE Storage Container Orchestrator Documentation (SCOD) for more details on using iSCSI CHAP with the CSI driver.

 

Expanded support

Both new and existing partners are asking for support for the HPE CSI Driver for their respective platforms, ecosystems and operating systems. The HPE engineering teams are here to deliver on all fronts.

HPE Ezmeral Container PlatformHPE Ezmeral Container Platform

 HPE Ezmeral Container Platform deploys and manages 100% open source upstream Kubernetes clusters. This makes it very easy and accessible for customers and partners wanting to adopt the container platform and the CSI driver, as all they need to do is cross-check the support matrix from both products and they’ll have plenty of options and freedom for deployment. This same philosophy now also applies to Rancher, where deployed Kubernetes clusters and host operating systems need to be within supported parameters.

Ubuntu is the open source Linux distribution of choice for many Kubernetes users. HPE customers are already running the CSI driver on the latest Long Term Support (LTS) release of Ubuntu, and HPE is now formally supporting Ubuntu 20.04 LTS. This, in turn, has deprecated Ubuntu 16.04 LTS for the CSI driver moving forward.

Support matrix: HPE CSI DRIVER for KUBERNETES 1.3.0
  CentOS 7.6 RHEL/RHCOS 7.6 Ubuntu 18.04/20.04
Kubernetes 1.15 - 1.18 1.15 - 1.18 1.15 - 1.18
Container Runtime Docker CE 19.3+ 19.3+
CRI-O 1.16, 1.17 1.16, 1.17
Containerd 1.2.13 1.2.13
Red Hat OpenShift 4 - 4.3, 4.4 -
Protocol iSCSI/FC iSCSI/FC iSCSI/FC

Note: See SCOD for the most up to date information.

 

HPE Primera Container Storage Provider updates

The 1.3.0 release of the CSI driver will include a significant update to the HPE Primera CSP as more features are being incorporated from the FlexVolume driver. This will ease the transition for the HPE 3PAR installed base. Capabilities such as importing volumes and using native HPE Primera snapshots for data management are now available. Other notable features include support for peer persistence and iSCSI.

Visit the peer persistence technical blog available on the HPE Developer Community for further reading.

 

Important deployment changes

Due to the inherent difficulty of managing immutable objects with Helm and the Operator Lifecycle Manager (OLM), the following important changes have been implemented in the latest Helm chart and Operator.

  • Kubernetes StorageClasses and backend Secrets are no longer managed
  • All HPE supported Container Storage Providers are now deployed during install

Documentation on SCOD has been updated to reflect this new behavior. The Helm chart and Operator is also briefer and has a much lower barrier to install.

 

Learn more

The HPE CSI Driver for Kubernetes version 1.3.0 is available immediately. There’s also a number of new notable assets available for public consumption pertaining to the CSI driver, including:

Stay tuned to Around the Storage Block for future updates on the HPE CSI Driver for Kubernetes!

0 Kudos
About the Author

MichaelMattsson

Data & Storage Nerd, Containers, DevOps, IT Automation