Consolidate your Kubernetes Storage with Multi-tenancy and Self-service

In this mini-tutorial we'll show you how to use Quobyte's multi-tenancy to connect multiple Kubernetes namespaces or clusters to a single Quobyte cluster.

Sharing storage resources is the best way to reduce cost through better resource utilization, less systems to manage and data sharing - where it makes sense.

Multi-tenancy allows you to completely isolate tenants from each other on the same Quobyte cluster. By default, this isolation is on the logical level. This means that tenants cannot see and access each other's resources. However, you can also add full hardware isolation so that tenants don't share the same drives or servers using the Quobyte Policy Engine.

The Quobyte CSI plugin can direct all persistent volume claims (PVCs) to a single Quobyte tenant or map Kubernetes namespaces onto Quobyte tenants. The first option is the best choice when you have multiple clusters, e.g. one per group, and you want to consolidate the storage for all Kubernetes clusters on one Quobyte cluster.

The alternative of automatically mapping the Kubernetes namespaces onto Quobyte tenants is suitable for situations where you have one or more Kubernetes clusters that are already shared among groups. If enabled, Quobyte maps the name of the Kubernetes namespace to a Quobyte tenant, i.e. there needs to be a corresponding tenant with the exact same spelling in your Quobyte cluster.

Connect Kubernetes Namespaces to Tenants

To get started you need a Kubernetes cluster with the Quobyte CSI plugin and client installed (check out out install tutorial with video), a Quobyte cluster (read more).

Next, we have to tell the Quobyte CSI plugin to map Kubernetes namespaces onto Quobyte tenants: Edit the quobyte-csi-driver/values.yaml file and set 

useK8SNamespaceAsTenant: true
If you want to use access keys, you should also set 
enableAccessKeys: true

Or if you want to map a whole cluster to a tenant, you leave 

useK8SNamespaceAsTenant: false
and add the tenant to the StorageClass.yaml (you can read more about storage classes with Quobyte here): 
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: quobyte-storage
provisioner: csi.quobyte.com
allowVolumeExpansion: true
parameters:
  quobyteTenant: "Department A"
  ...
Deploy or install the Quobyte CSI plugin: 
helm install quobyte-csi ./quobyte-csi-driver

Assign Users to Tenants

Now you have to map your users to tenants. If you use the internal database in Quobyte you just have to add a tenant membership to the each user:

If you use LDAP you have to map LDAP groups onto Quobyte tenants:

And that's it. When a user creates a PVC in a namespace the Quobyte CSI plugin will create a corresponding Quobyte volume in the tenant matching the namespace.

If you want your users to be able to check their resource utilization or create access keys, they can log into the Quobyte Webconsole:

Learn more about Kubernetes with Quobyte

Tutorial logo

How to set up shared file system (RWX) persistent volumes on Kubernetes with Quobyte

READ MORE

Tutorial logo

How to combine flash and HDD in Quobyte for fast and cost-effective Persistent Volumes

READ MORE

Glossary logo

Confused by PV, PCV, CSI? Read our gloassary on K8s storage terms.

READ MORE

Tutorial logo

How to connect Kubernetes StorageClasses to the Quobyte Policy Engine

READ MORE