Multi-tenancy allows you to completely isolate tenants from each other on the same Quobyte cluster. By default, this isolation is on the logical level. This means that tenants cannot see and access each other's resources. However, you can also add full hardware isolation so that tenants don't share the same drives or servers using the Quobyte Policy Engine.
The Quobyte CSI plugin can direct all persistent volume claims (PVCs) to a single Quobyte tenant or map Kubernetes namespaces onto Quobyte tenants. The first option is the best choice when you have multiple clusters, e.g. one per group, and you want to consolidate the storage for all Kubernetes clusters on one Quobyte cluster.
The alternative of automatically mapping the Kubernetes namespaces onto Quobyte tenants is suitable for situations where you have one or more Kubernetes clusters that are already shared among groups. If enabled, Quobyte maps the name of the Kubernetes namespace to a Quobyte tenant, i.e. there needs to be a corresponding tenant with the exact same spelling in your Quobyte cluster.
Next, we have to tell the Quobyte CSI plugin to map Kubernetes namespaces onto Quobyte tenants:
quobyte-csi-driver/values.yaml file and set
useK8SNamespaceAsTenant: trueIf you want to use access keys, you should also set
Or if you want to map a whole cluster to a tenant, you leave
useK8SNamespaceAsTenant: falseand add the tenant to the
StorageClass.yaml(you can read more about storage classes with Quobyte here):
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: quobyte-storage provisioner: csi.quobyte.com allowVolumeExpansion: true parameters: quobyteTenant: "Department A" ...Deploy or install the Quobyte CSI plugin:
helm install quobyte-csi ./quobyte-csi-driver
Now you have to map your users to tenants. If you use the internal database in Quobyte you just have to add a tenant membership to the each user:
If you use LDAP you have to map LDAP groups onto Quobyte tenants:
And that's it. When a user creates a PVC in a namespace the Quobyte CSI plugin will create a corresponding Quobyte volume in the tenant matching the namespace.
If you want your users to be able to check their resource utilization or create access keys, they can log into the Quobyte Webconsole:
Deploy Quobyte on your Kubernetes cluster with our Helm chart and deploy reliable and scalable persistent volumes in minutes.Learn More
Benefits and Features of Quobyte for Kubernetes
How to set up shared file system (ReadWriteMany, RWX) persistent volumes on Kubernetes with Quobyte
Combine SSD or NVMe with HDD for cost effective and fast persistent volumes for Kubernetes
Connect Kubernetes StorageClasses with Quobyte's Policy Engine and give your users options