Use Azure File Storage in Kubernetes

My recent work on integrating Microsoft Azure File Storage with Kubernetes storage is available for testing.

Azure File Storage is basically a SMB 3.0 file share. Each time a VM needs a file share, you can use your storage account to create one. There is one limitation for Linux VM: for lack of encryption in kernel CIFS implementation, Linux VM must colocate with the file share in the same Azure region. Thus, for now Kubernetes hosts must live in Azure Computing VMs to access their Azure file share.

It is also possible to use Azure Block Blob storage for Kubernetes, though that’ll require more efforts and new APIs from Azure.



What’s Next for Containers? User Namespaces


Red Hat Enterprise Linux Blog

What are user namespaces? Sticking with the apartment complex analogy, the numbering of users and groups have historically been the same in every container and in the underlying host, just like public channel 10 is generally the same in every unit in an apartment building.

But, imagine that people in different apartments are getting their television signal from different cable and satellite companies. Channel 10 is now different for for each person. It might be sports for one person, and news for another.

Historically, in the Linux kernel, there was a single data structure which held users and groups. Starting in kernel version 3.8

View original post 679 more words

The Age of Cloud File Services


Red Hat Stack

The new OpenStack Kilo upstream release that became available on April 30, 2015 marks a significant milestone for the Manila project for shared file system service for OpenStack with an increase in development capacity and extensive vendors adoption. This project was kicked off 3 years ago and became incubated during 2014 and now moves to the front of the stage at the upcoming OpenStack Vancouver Conference taking place this month with customer stories of Manila deployments in Enterprise and Telco environments.

storage-roomThe project was originally sponsored and accelerated by NetApp and Red Hat and has established a very rich community that includes code contribution fromcompanies such as EMC, Deutsche Telekom, HP, Hitachi, Huawei, IBM, Intel, Mirantis and SUSE.

The momentum of cloud shared file services is not limited to the OpenStack open source world. In fact, last month at the AWS Summit in San Francisco, Amazon announced it new Shared…

View original post 1,589 more words

Got Permission Denied?

Throughout my career, I have dealt with permission denied problems. While root cause could vary, they more or less fall into the followings.

Unix ACL

The Unix ACL defines read/write/execute privileges for owner, group member, and others. One can use chmod(1) to protect files and directories. Users that don’t have the proper privileges are denied of access.

Linux Capabilities(7)

Linux Capabilities defines capabilities that executables have for certain actions. For example, a program needs CAP_CHOWN to execute chown(2). Similarly, a container that wants to run mount has to have CAP_SYS_ADMIN capability to avoid permission deny problem, which can be supplied by –cap-add option to docker run command.


SELinux is a role based mandatory access control. SELinux is supported by many filesystems. Once SELinux is enabled, a filesystem must be mounted with proper label to allow processes to access content. For example, a Docker container needs svirt_sandbox_file_t label to access external volume.

Some Special Cases

  • NFS
    • root_squash, and all_squash. An NFS server exports a share with root_squash strips uid 0 and converts it to anonymous id. All_squash converts any uid to anonymous id.
    • NFS v4 ACL. v4 ACL defined rules for read/write/execute/chown/delete/etc. Missing flags also cause permission deny.

Availability of Red Hat Gluster Storage in Microsoft Azure

Red Hat Storage

Sayan Saha, head of Product Management, Red Hat Gluster Storage and Big Data, Red Hat

Today, we announced our plans to make several Red Hat offerings, including Red Hat Gluster Storage, available in Microsoft Azure as fully supported offerings. Red Hat Gluster Storage offers Azure users a scale-out, POSIX compatible, massively scalable, elastic file storage solution with a global namespace.

This offering brings existing users of Red Hat Gluster Storage another supported public cloud environment where they can they run their POSIX compatible file storage workloads.

Conversely, existing Azure users can look forward to having access to Red Hat Gluster Storage which they can use for several cloud storage use-cases including archival, rich media streaming, big data analytics, and disaster recovery. POSIX compatibility will provide users the ability to move their existing on-premise applications to Azure without the need to rewrite them.

RHS Azure

Red Hat Gluster Storage is a software-defined storage…

View original post 359 more words