Hi RBD Volumes Users I would like to know if you are running a large scale RBD Dynamic Provisioning using Kubernetes. I am interested in learning from your experience on the following areas:-
- Are using RBD Dynamic Provisioning to deploy RBD Volumes for multiple tenants where the volume of one tenants should not be accessible to another tenant - What steps are you taking to ensure isolation of volumes from mutiple tenants - What steps are you taking for securing the volumes. Do you have threat models designs in this area ? - What gaps and problems you see in using RBD through Kubernetes dynamic provisioning ? - May be a Ceph specific question, are you using a Ceph Pool per tenant or multiple tenants belong to the same Ceph pool ? - How are you doing Capacity Management in Kubernetes. Are you using ResourceQuotas ? How ? Any other methods or are you limiting access at the Ceph level ? - If you are using a single Ceph Pool for all your tenants, are you using multiple user keyrings for the same pool or the same keyring ? If same keyring, how are you protecting it since all tenants will need the same keyring ? I am looking for guidance in deploying large scale RBD provisioning on Kubernetes. Best practices and what has worked and what hasnt in this world I promise to post a summary of the all the comments/decisions/best practices in doc/issue what ever the community prefers. -Mayank -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
