• JD Wallace

Exploring Kubernetes Persistent Storage with the Pure Service Orchestrator CSI Plugin

In this post I'll install the Pure Service Orchestrator (PSO) Kubernetes CSI Plugin and then use it to deploy an app with persistent storage on FlashArray. If you don't yet have a lab deployed or want details about the lab I'm using, see my post Kubernetes Cluster Setup with Kubeadm. Of course, you'll also need access to a FlashArray.

Also, I want to be sure to acknowledge the excellent work Chris Crow (Pure Storage Systems Engineer) has done. Chris has been leading a community meet-up for us all to get better acquainted with Kubernetes, PSO, and Portworks and this post comes directly from my study of a lecture he original developed. Thanks for your leadership Chris!

Install Pure Service Orchestrator (PSO)

Add the Pure Storage PSO helm repository to your helm installation.

helm repo add pure https://purestorage.github.io/pso-csi
helm repo update
helm search repo pure-pso -l

Create a values.yaml file (here is a sample) to let PSO know how to connect to your FlashArray. The minimum values are:

clusterID - A unique name to represent your deployment. Multiple clusters may deployed targeting the same Pure storage, but each must have a unique clusterID.

MgmtEndPoint - The management IP of your FlashArray.

APIToken - An API Token for a user with at least Storage Admin rights on the FlashArray. This account will be used by PSO to orchestrate the FlashArray.

PSO may be configured to work with multiple FlashArrays as well as FlashBlades, however for this post I'll be using just a single FlashArray.

clusterID: homelab
    - MgmtEndPoint: ""
 APIToken: "f5ba6d62-63c1-3a3a-f9d2-642de1124fef"

Create a new namespace for the PSO deployment.

kubectl create namespace pso

Install Pure PSO.

helm install pure-pso pure/pure-pso --namespace pso \
-f PSOvalues.yaml

Expect output that looks something like this:

NAME: pure-pso
LAST DEPLOYED: Fri Dec 11 19:17:48 2020
STATUS: deployed

Eventually, these new pods will be running.

kubectl get pods -n pso

With PSO installed we should now have two new storage classes.

kubectl get storageclass

Using MinIO to Explore PSO

MinIO offers a software defined object storage application that can be deployed as a Docker image. This makes it well suited to explore persistent storage in a containerized environment. I'll deploy a MinIO container that uses PSO to leverage FlashArray for its persistent storage.

Create a Persistent Volume Claim with the pure-block storage class.

kubectl apply -f minio-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
  name: minio-pvc
  storageClassName: pure-block
    - ReadWriteOnce
      storage: 1Gi

This will result in a new persistent volume claim and a corresponding persistent volume which exists on the FlashArray.

This volume has been created on the FlashArray, but as you'll notice is not yet connected to any host.

Deploy MinIO and use the minio-pvc PVC we created previously as the storage volume.

kubectl apply -f minio-deployment.yaml
apiVersion: apps/v1
kind: Deployment
  # This name uniquely identifies the Deployment
  name: minio-deployment-pure
      app: minio-pure
    type: Recreate
        # Label is used as selector in the service.
        app: minio-pure
      # Refer to the PVC created earlier
      - name: storage
          # Name of the PVC created earlier
          claimName: minio-pvc
      - name: minio-pure
        # Pulls the default Minio image from Docker Hub
        image: minio/minio:latest
        - server
        - /storage
        # Minio access key and secret key
        - name: MINIO_ACCESS_KEY
          value: "minio"
        - name: MINIO_SECRET_KEY
          value: "minio123"
        - containerPort: 9000
          hostPort: 9001
        # Mount the volume into the pod
        - name: storage # must match the volume name, above
          mountPath: "/storage"

We now have a MinIO pod deployed on node k8s-worker3.

If we go back and review our FlashArray volume, we can see that a host entry for the node k8s-worker3 has been created and the volume has been connected to that host.

Create as service so we can access the MinIO UI.

kubectl apply -f minio-svc.yaml
apiVersion: v1
kind: Service
  name: minio-service
  type: NodePort
    - port: 9001
      targetPort: 9000
      protocol: TCP
    app: minio-pure

View the new service

kubectl get svc

Now if we browse to port 32320 on node k8s-worker3 we should connect to the MinIO UI.

Log in (minio/minio123), create a bucket, and upload some data.

Now we'll destroy the MinIO pod and allow the deployment to create a new instance. This time it's on node k8s-worker2.

Connecting to the new Pod we find that our file still exists.

We can further investigate by viewing the FlashArray volume and we'll see that it has been automatically reassigned to the new node hosting our redeployed MinIO application.


With Pure Storage PSO, we've seen that we can leverage persistent FlashArray storage for Kubernetes deployments while letting PSO handle all of the orchestration.

I am an employee of Pure Storage.

My statements and opinions on this site are my own and do not necessarily represent those of Pure Storage.

©2020 jdwallace.com.