Saltar a contenido

Week 8 - CSI, Storage, and Device Plugins

8.1 Conceptual Core

  • CSI (Container Storage Interface) is the standard plugin interface for storage. Every cloud and many on-prem systems ship a CSI driver. Kubernetes calls the driver via gRPC.
  • A CSI driver runs in two modes (or both):
  • Controller plugin-provision, delete, attach, detach, snapshot. Cluster-wide.
  • Node plugin-stage and publish (mount) the volume on the kubelet node.
  • PVC → PV → CSI flow: user creates a PVC; the external-provisioner sidecar sees it, calls the CSI controller's CreateVolume, which creates a PV bound to the PVC. Kubelet then asks the CSI node plugin to mount.

8.2 Mechanical Detail

  • StorageClass parameters: provisioner (CSI driver name), parameters (driver-specific), reclaimPolicy (Delete vs Retain), volumeBindingMode (Immediate vs WaitForFirstConsumer), allowVolumeExpansion.
  • WaitForFirstConsumer is critical for zone-aware provisioning-wait until the Pod is scheduled to know which zone to provision in.
  • Snapshots: VolumeSnapshot API; the external-snapshotter sidecar drives the CSI driver's snapshot calls.
  • Device plugins: a separate gRPC API (pluginapi.proto) for exposing custom resources (GPUs, FPGAs, RDMA NICs) to Pods. NVIDIA's k8s-device-plugin is the canonical example.

8.3 Lab-"Storage Hands-On"

  1. Install a local-path CSI driver (rancher/local-path-provisioner works for kind). Create a PVC; observe binding.
  2. Take a snapshot; restore to a new PVC.
  3. Author a mock device plugin that exposes 4 instances of a fake resource. Deploy a Pod requesting it; verify scheduling and resource accounting.
  4. Read the CSI proto. Diagram the provision + attach + mount flow on paper.

8.4 Hardening Drill

  • Use volumeBindingMode: WaitForFirstConsumer for all multi-zone clusters. Without it, you'll provision a volume in zone A and try to schedule its Pod in zone B.

8.5 Operations Slice

  • Monitor csi_* metrics emitted by sidecars. Alert on provision/attach errors and slow Mount operations.

Month 2 Capstone Deliverable

A node-and-cri/ workspace: 1. kubelet-tour/ - week 5's annotated journal-log walkthrough. 2.cri-direct/ - week 6's crictl - based pod-launch demo. 3.dataplane-bench/ - week 7's iptables vs IPVS vs Cilium-eBPF comparison. 4. `mock-device-plugin/ - week 8's working device plugin.

Comments