When it comes to orchestrating compute infrastructure, Kubernetes is powerful. The ability to declaratively define scalable and resilient services is game changing. All of this is straightforward for stateless services, development apps and demos. But, what about stateful enterprise applications? When you introduce storage into the mix there are a number of important security details that you should pay attention to before moving into production. Persistent storage solutions have been around for several software generations. Initially, there were native in-tree volume plugins that were built-in to Kubernetes. This meant that adding full support for a 3rd party storage backend required coordination and integration with Kubernetes, with all updates locked to Kubernetes release cycles. Then came FlexVolumes, which addressed these limitations by moving the storage intelligence out of Kubernetes, but complicated deployment and dependency management. At last, we’ve arrived at a scalable model: CSI plugins. The Container Storage Interface enables [...]
About BlockbridgeThis author has not yet filled in any details.
So far Blockbridge has created 26 blog entries.
Blockbridge 4.1 is the GA release of the AnyScale architecture. It includes improvements across the entire product. Highlights include:ethernet-attached backplanes with high availability support for NVMe & SATAimproved data mobility using remote-basis clonesenhanced monitoring, notification and support capabilitiessimplified base imaging via ISO and USBintegration with Kubernetes via CSI1. Software InstallationBare-metal and Virtual Imaging via ISOInstallation of Blockbridge on bare-metal platforms and virtual environments is simplified through the use of a “Live-style” bootable ISO. Boot the ISO (via USB, virtual CD-ROM, UEFI or legacy), select the disk media to install on, and write an image for the desired installation type. The platform characteristics are auto-detected and the kernel is configured with the appropriate parameters. Upon booting into the image, the system is ready for configuration. Additionally, you can specify the initial network configuration directly from the Live shell.Openstack Cloud ImagesFor installation of Blockbridge in an Openstack virtual environment, cloud images are [...]
Plugins are now the recommended way to extend the capabilities of Docker. In fact, certification requires it. This post sheds light on what plugins are, the problems they solve and the most common mistake to avoid. 1) Plugins are containers, but not Docker Containers: Docker documentation specifies plugins as out-of-process because they do not operate under the umbrella of Docker Engine. Why? Plugins are containers that are run natively via containerd, the low level component that implements container execution and provides process management. Plugins operate in isolation from Docker Engine. They are invisible to familiar tools including docker ps. And, plugins do not have access to many of Docker’s value added features including secrets management. For some, this is a cause for concern. We particularly enjoy the comedy of this tweet: "docker plugins is the most infuriating feature I've seen yet. It is wrong on so many levels. it’s a parallel universe [...]
Version 3.1 is hot off the CI/CD pipeline. This update focused on storage operators and services providers: improved controls, increased efficiency and higher availability. We also updated all of our host orchestration tools and topped the release off with a Certified Plugin for Docker Enterprise! Even better, new trial options and tutorials... Here's the rundown of the release: Control Plane Service Templates Service templates precisely define the performance characteristics of storage services. You can control how performance scales with capacity, data/network placement, and bursting policies. The software now ships with 3 predefined templates (you can create as many as you like). The ‘general purpose’ and ‘provisioned iops’ templates mimic AWS EBS. The ‘unlimited’ template mimics traditional SAN. Account Templates Blockbridge implements a rich set of tenant permissions that allow an administrator to control nearly every aspect of the tenant’s experience: from creating asynchronous replicating disks and backing up snapshots to object storage, to the [...]
The Blockbridge Docker Volume Driver version 4.0 is now available! This update adds native support for compressed and encrypted volume backup to any S3 compatible object store. Backup any application without the need for custom images, application changes or downtime. Instantly restore from backup, with full read/write access, without having to wait for a full volume transfer. Move data between test and production, from private to public clouds, and between cloud providers. Perform backups and recover from disaster scenarios without host software dependencies. Platform agnostic, cloud agnostic, host independent. Read on for more information! Volume Driver 4.0 Compatibility Compatibility Description OS Any linux that runs docker Docker version Any docker version 1.9+ Orchestration Swarm, Mesos, Kubernetes, Kontena No additional host software required. No kernel requirements. No changes to applications or containers. Volume Driver 4.0 Feature Reference The Blockbridge volume driver is a full-featured volume plugin for [...]
It's easy to copy application binaries over long distances and to change DNS entries, but what about application state? How do you move data between your old school virtual machines running in your private datacenter and your new-school containers running in a bare-metal service provider? These are a few of the problems that we have been working on. One of the core features introduced in Anti-gravity is hybrid-cloud data mobility. The underlying technology is called Object Exchange ("OX"). OX integrates Elastic Block Storage ("EBS") with any S3 compatible object storage provider. OX allows you to snapshot volumes from block storage directly into object storage. And, OX allows you to instantly clone volumes from object storage, copying data on-demand without waiting for a full volume transfer. OX addresses a number of fundamental mobility issues including backup, disaster tolerance and migration of elastic block storage. Requirements: When we set out to build OX, [...]
Anti-Gravity is the 3rd generation of Blockbridge Elastic Storage. We're introducing several new technologies that deliver on the promise of elastic block storage in public, private and hybrid cloud. In this blog post, we'll run through the high-level list of features. Stay tuned for in-depth technical posts on some of the new concepts. Object Exchange Object Exchange (aka, "OX") integrates Elastic Block Storage with any S3 compatible object storage provider. Example providers include Amazon Web Services, Google Compute Engine, Microsoft Azure, Swift, and CEPH. OX allows you to snapshot a volume from block storage directly into object storage. Additionally, OX allows you to instantly clone volumes from object storage. Cloned volumes provide immediate access to data, even if your object storage provider is off-premises. OX delivers seamless data mobility for backup, disaster tolerance and hybrid cloud applications. HEAL - Heuristic Evaluation with Autonomous Layout HEAL provides automated device-level data protection. [...]
If you've been following along with DockerCon2016, you probably heard the huge announcement regarding Docker security: they have integrated automated setup and management of Swarm nodes configured with TLS. In summary, they are giving each node a cryptographic identity and protecting communication channels with certificate based authentication and transport encryption. Well guess what? We have some exciting news as well! A couple of months ago, we disclosed an industry first: support for iSCSI over TLS. In a previous post, we demonstrated that iSCSI/TLS has superior performance when compared to IPsec using functionally equivalent ciphers (3.8x bandwidth!!!). Today, we’re announcing one of the missing pieces to the Docker security puzzle: end-to-end encryption for storage. In our latest release, you get fully automated end-to-end encryption with perfect forward secrecy (PFS) for persistent volumes. iSCSI/TLS is firewall friendly, blazingly fast and no fuss. Even better, it's just a single command line option [...]
Migrating applications to container infrastructure requires new tools and thinking. As container infrastructure scales, so does management complexity. We know everyone loves to focus on Dev. But, you can only go so far without investing in Ops. With that said, we’re excited to introduce Sense for Docker Volumes. Sense provides application level insight into container storage. It simplifies data management in distributed environments and provides answers to the following key questions: What containers reference a volume? Where are those containers located? Which container is currently accessing a volume? What application is the container running? What image is the container based on? What policies are applied to the volume? What filesystem is the volume formatted with? What is the filesystem utilization? What are mount propagation settings for a volume? Sense is now a fully supported feature of our Docker Volume Driver: no configuration is needed. Sense leverages our extensible metadata [...]
We’ve updated the Blockbridge Volume Driver with new support for Docker Swarm. This update makes it simple to deploy and scale the volume driver in a swarm deployment, using Docker Compose. Additionally, we’ve introduced helper scripts that enable you to create a swarm for development and testing. Background Docker Swarm is a Docker-native clustering solution. It allows you to schedule applications to run on multiple hosts, called swarm “nodes”.. Constraints, affinities, and failover of applications are all possible. By pointing the Docker command line at the swarm master, operations on images, volumes and containers work across the swarm with commands you are familiar with. Additionally, Docker Compose continues to work as expected. Blockbridge Volumes Blockbridge volumes are multi-host aware. This means that any volume is accessible from any node in the swarm. No matter where an application runs, its data volume is always available. An [...]