Tutorial

Consolidate your Kubernetes Storage with Multi-tenancy and Self-service

In this mini-tutorial we'll show you how to use Quobyte's multi-tenancy to connect multiple Kubernetes namespaces or clusters to a single Quobyte cluster.

Contents

Reading Time: 2 minutes

Sharing storage resources is the best way to reduce cost through better resource utilization, less systems to manage and data sharing – where it makes sense.

Multi-tenancy allows you to completely isolate tenants from each other on the same Quobyte cluster. By default, this isolation is on the logical level. This means that tenants cannot see and access each other’s resources. However, you can also add full hardware isolation so that tenants don’t share the same drives or servers using the Quobyte Policy Engine.

The Quobyte CSI plugin can direct all persistent volume claims (PVCs) to a single Quobyte tenant or map Kubernetes namespaces onto Quobyte tenants. The first option is the best choice when you have multiple clusters, e.g. one per group, and you want to consolidate the storage for all Kubernetes clusters on one Quobyte cluster.

The alternative of automatically mapping the Kubernetes namespaces onto Quobyte tenants is suitable for situations where you have one or more Kubernetes clusters that are already shared among groups. If enabled, Quobyte maps the name of the Kubernetes namespace to a Quobyte tenant, i.e. there needs to be a corresponding tenant with the exact same spelling in your Quobyte cluster.

Step-by-Step Tutorial

  1. Connect Kubernetes Namespaces to Tenants

    To get started you need a Kubernetes cluster with the Quobyte CSI plugin and client installed (check out out install tutorial with video), a Quobyte cluster (read more).

    Next, we have to tell the Quobyte CSI plugin to map Kubernetes namespaces onto Quobyte tenants: Edit the quobyte-csi-driver/values.yaml file and set

    useK8SNamespaceAsTenant: true
  2. If you want to use access keys, you should also set
    enableAccessKeys: true
  3. Or if you want to map a whole cluster to a tenant, you leave

    useK8SNamespaceAsTenant: false

  4. add the tenant to the StorageClass.yaml (you can read more about storage classes with Quobyte here):
    apiVersion: storage.k8s.io/v1
    kind: StorageClass
    metadata:
      name: quobyte-storage
    provisioner: csi.quobyte.com
    allowVolumeExpansion: true
    parameters:
      quobyteTenant: "Department A"
      ...
  5. Deploy or install the Quobyte CSI plugin:

    helm install quobyte-csi ./quobyte-csi-driver

  6. Assign Users to Tenants

    Now you have to map your users to tenants. If you use the internal database in Quobyte you just have to add a tenant membership to the each user:

  7. If you use LDAP you have to map LDAP groups onto Quobyte tenants:
  8. And that's it. When a user creates a PVC in a namespace the Quobyte CSI plugin will create a corresponding Quobyte volume in the tenant matching the namespace.

    If you want your users to be able to check their resource utilization or create access keys, they can log into the Quobyte Webconsole:

Talk to Us

Quobyte can do a lot more for you than what you’ve seen so far.

To find out what, contact us to set up a quick demo.

Talk to us