dok.community Open in urlscan Pro
2606:4700:3033::ac43:a527  Public Scan

Form analysis
0 forms found in the DOM

Text Content

REGISTER FOR DOK DAY 2023 THROUGH KUBECON REGISTRATION TODAY!

Register Now!
 * Community
   * Welcome
   * Join Slack
   * Code of Conduct
   * Community Ambassadors
   * Sponsor Resources Page
   * View playlists
   * Meetup Organisers
 * Events
   * Meetup
   * DoK Amsterdam
   * DoK Days
     * DoK Day North America 2023
     * [ENDED] DoK Day NA 2022 @ KubeCon
     * [ENDED] DoK Day EU 2022 @ KubeCon
     * [ENDED] DoK Students Day 2022
     * [ENDED] DoK Day NA 2021 @ KubeCon
     * [ENDED] DoK Day EU 2021 @ KubeCon
 * DoK Reports
   * 2022 DoK Report
   * 2021 DoK Report
 * DoK Landscape
 * About
   * Who We Are
   * Join DoKC
   * Sponsors
   * Community Collaborator
   * Staff
 * Newsroom
   * Press releases
   * Blog
   * Newsletter
   * Submit content


PROTECTING DATA WITH CSI VOLUME SNAPSHOTS ON KUBERNETES

The container storage interface (CSI) is a contract between different container
orchestrators (Kubernetes, Nomad, etc.) and storage plugins. This contract is a
set of gRPC services for provisioning, utilizing, and snapshotting storage
volumes. In this talk, Software Engineer at Portworx by Pure Storage Grant
Griffiths focuses on one aspect of the CSI spec: Volume Snapshots.

The talk covers volume snapshots on Kubernetes CSI, with a deep dive on
Kubernetes CSI snapshots. After covering the basics of both container
schedulers, Grant deep dives into how backup systems can programmatically
interact with the Kubernetes CSI snapshots client.

In the end, he demos the basics of the CSI snapshots on Kubernetes and shows how
to start using CSI snapshots.



Grant Griffiths  00:00

Today we’re gonna be talking about protecting data with CSI volume snapshots on
Kubernetes. My name is Greg Griffis a little bit about me. I’m a software
engineer at Portworx, a company owned by Pure Storage. And of course, I work on
the CSI control play, and I do some community work as well. Previously, I was at
GE Digital where I did data services and platform engineering type work. I’m
also a contributor to Kubernetes, CSI and Nomad, CSI as well helped helped out a
bunch with Kubernetes, CSI volume snapshots, as well as a couple other features,
as well. 

For fun, I like rock climbing. This is a picture of me in the background and the
French Alps. And I also like to do some running and snowboarding as well. Let’s
get going. 

So what we’ll cover today will cover the CSI spec. Also, go over Kubernetes CSI
volume snapshots. And then we’ll also cover a demo on CSI snapshots. And then
we’ll also do a quick discussion on our systems that are utilizing our
snapshots.

So first, let’s get into the CSI spec. So folks out there might be kind of
familiar with the CSI spec already that I figured I’d cover it. Basically it’s a
contract between different container orchestrators. So things like Kubernetes,
Nomad, and storage plugins themselves. So it’s a contract of, basically set of g
RPC services, Protobuf services for provisioning utilizing and snapshotting
storage volumes. So yeah, you have like the container orchestrator something
like Kubernetes Mesa, Nomad, and then those containers orchestrators communicate
to CSI drivers, such as you know, RBD, Digitalocean Block Storage, GCE and a
bunch of other storage plugins. 

You can actually go ahead and check out the CSI spec itself. It’s in
https://github.com/container-storage-interface/spec. And then inside of that
there’s a CSI.proto. And this contains all of the different Protobuf definitions
for kind of communicating over gRPC between the container orchestrator and the
CSI drivers. It uses gRPC go. So you can check that project out as well. 

So the main thing with CSI snapshots are there’s three main controller service
calls, and controller service being there’s three different types of services,
there’s the Controller Service, which runs on kind of controller nodes, there’s
the node service, which is expected to run on every node in the cluster. And
then there’s the identity service with CSI, which is basically how CSI plugins
kind of identify themselves in a system. So there’s three main controller, ones
for snapshotting, create snapshot, delete snapshot, and list snapshot, these are
all item potent to kind of make it easier to for the controller and driver to
kind of connect with each other and kind of build a establish a contract with
each other.

So next, we’ll talk about Kubernetes, CSI volume snapshots. So this is a huge
diagram, it kind of goes over what all the different components are in a
deployment. So the main ones we’ll talk about today are the CSI snapshoter, and
the CSI snapshot controller, as well as the CSI provisioner. So as you can see
all of these sidecars, they all listen for kind of changes to objects. So the
provisioner is always listening on provisioner changes, these resize, the
snapshotter is listening on snapshot contents and does a create delete snapshot.
And then the snapshot controller is kind of handling, you know, volume snapshot
creation and that kind of stuff. Then so these kind of sidecars, they can talk
with any CSI driver, and it kind of just pings the CSI. There’s also the new
driver registrar that’s in charge of registering these nodes, these CSI drivers
and all the different nodes. So that’s kind of how it works in a Nutshell. 

Next, we’re going to get a quick overview on snapshotting for CSI with
Kubernetes. As the feature name suggests, it allows for snapshotting and
restoring persistent volume claims. And this feature is available for Kubernetes
clusters 1.20 and above, it’s GA available it’s the recommended version, at
least as Kubernetes 1.20. And it kind of utilizes CRDs, which are custom
resource definitions. So these are external to the core Kubernetes API. The team
kind of developed these API’s kind of outside of the core Kubernetes API. So it
also requires an additional snapshot controller deployment to operate. But if
you’re using a CSI driver on a managed kind of Kubernetes service, it’ll will
likely already install that for you. Or the CSI driver documentation will also
probably tell you how to do that. Many different CSI drivers supported. 

So there’s the volume snapshot CRDs. So this is created a volume snapshot class
is kind of similar to a storage class, if you’ve kind of used Kubernetes
persistent storage before, it’s created by an admin or an end user. And this
contains all the storage plug in parameters, maybe specific features to
different storage plugins provide, you can also provide secrets, whether that’s
for kind of encryption. And then you can also set the retain policy as well on
the snapshot class. So for example, the retain policies, if it’s delete, the
underlying snapshot will be deleted when you delete the object itself. And then
there’s retain, which will go ahead and read that snapshot data if you were to
delete the object. So that’s kind of the more safe kind of way to do it. There’s
the volume snapshot, this is the end users object to dictate that they want to
snapshot a PVC. And then the snapshot content is created about the CSI snapshot
or, and that’s a cluster wide object as opposed to the snapshot itself, which is
a namespace-specific. 

There’s a deployment that I mentioned, snapshot controller, snapshots sidecar,
snapshot, or sidecar. We talked about those already. And then there’s the
snapshot validation webhook. And what this is, is uncharted, it is basically
ensuring that the end user is kind of creating volume snapshots correctly. So it
has a whole series of different checks to make sure that you’re not doing
anything that could cause harm to you. 

So let’s do a quick demo. CSI snapshots. Terminal. So I have a little bit
different files. Here. We have a generic kind of MySQL deployment right here. As
you can see, it references the PVC volume claim right there. So first thing we
want to do is create a PVC. So we have one right here, actually, it’s called
MySQL data. And it’s using a Portworx storage class, because that is the the
provider that I’m working with here. So I just went ahead and I created the
storage class. 

Next, what we’re going to do is go ahead and create the PVC. As you can see, the
PVC is already bound, it’s ready to use. 

Now let’s go ahead and create our MySQL pod. It’s mysql.yaml. Awesome. What’s
happening in the backend is it’s doing a node publish volume for Portworx to
kind of mount this pod, this volume inside of the pod inside of the container.
So that’s ready for application data. 

So now let’s go ahead and do a volume snapshot. But first, what we need is a
snapshot class. Awesome. This snapshot class is pretty straightforward. Just
take a quick look. Basic volume snapshot class, I have a retain policy as
deletes and we’re using the Portworx CSI driver. So now let’s go ahead and
create our volume snapshot. Awesome. So we have right here, a new volume
snapshot, snapshot one, it is ready to use True, source PVC as our PVC. And as
you can see it’s all good. So we’re safe to kind of just go ahead and delete our
application because we have backed up the data. 

So let’s go ahead and do that. Oops we have to do this. I can delete the PVC as
well. So that while that’s running, what we can do is actually go ahead and
restore our PVC. The restore has been created. And now we can go ahead and do is
create our MySQL restore. 

So now we have restored our pod with the restored PVC, awesome, so really
quickly, just wanted to go over some systems that are utilizing snapshots. So
there’s many different systems and integrated CSI snapshots, I’m not going to
list them all, but they’re all here for you to check out. It’s really cool to
see all these different companies kind of utilizing the work that we did for
Kubernetes CSI snapshots. So these are all pulled directly from the Kubernetes
blog. So if you have another storage plugin that supports this, make sure to get
it out there. 

Lastly, this historic CSI driver. This is the one that I worked on, it enables
Backup and Restore via CSI CRs. So create a volume snapshot car and store these
in a history-compatible backup location. This is all the backups the product
that I’ve worked on. So yeah, that’s pretty much it. Thank you. If you have any
questions, feel free to reach out to me on the Kubernetes slack Data on
Kubernetes Slack, or Twitter as well. Cool. Thanks, everyone.

PUBLISHED AUGUST 22, 2022


RELATED POSTS


HOW TO BUILD A CLOUD-NATIVE EVENT-DRIVEN APP AND DEPLOY TO KUBERNETES

NOVEMBER 28, 2022


FROM LAPTOP TO CLOUD: DEVELOPING CLOUD-NATIVE APPLICATIONS WITH CONTAINERIZED
DATABASES

NOVEMBER 28, 2022


PROTECTION AGAINST ACCIDENTAL DELETION OF PVS OR NAMESPACES

NOVEMBER 16, 2022

© Copyright 2023 DoK.community
Content Distributed under CC BY 4.0

 * Community
   * Welcome
   * Join Slack
   * Code of Conduct
   * Community Ambassadors
   * Sponsor Resources Page
   * View playlists
   * Meetup Organisers
 * Events
   * Meetup
   * DoK Amsterdam
   * DoK Days
     * DoK Day North America 2023
     * [ENDED] DoK Day NA 2022 @ KubeCon
     * [ENDED] DoK Day EU 2022 @ KubeCon
     * [ENDED] DoK Students Day 2022
     * [ENDED] DoK Day NA 2021 @ KubeCon
     * [ENDED] DoK Day EU 2021 @ KubeCon
 * DoK Reports
   * 2022 DoK Report
   * 2021 DoK Report
 * DoK Landscape
 * About
   * Who We Are
   * Join DoKC
   * Sponsors
   * Community Collaborator
   * Staff
 * Newsroom
   * Press releases
   * Blog
   * Newsletter
   * Submit content

We are using advertisement, analytics, performance and others cookies to give
you the best experience on our website.

You can find out more about which cookies we are using or switch them off in
settings.

Accept Reject
Close GDPR Cookie Settings
 * Privacy Overview
 * 3rd Party Cookies

Privacy Overview


This website uses cookies so that we can provide you with the best user
experience possible. Cookie information is stored in your browser and performs
functions such as recognising you when you return to our website and helping our
team to understand which sections of the website you find most interesting and
useful.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the
number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Enable or Disable Cookies

Please enable Strictly Necessary Cookies first so that we can save your
preferences!

Enable All Save Changes



Notifications