Managed Storage Cluster

The Managed Storage Cluster offers advanced cloud-native storage capabilities for Managed OpenShift. It brings a huge list of features, including ReadWriteMany storage volumes and is meant as an add-on where the capabilities of the CSI storage integration of the cloud provider isn’t sufficient to meet the needs or for infrastructures where there is no CSI integration possible.

This product is based on Rook and uses Ceph as it’s underlying storage technology.

Supported Features and Configuration

Supported by default

These features and configurations are available out-of-the box and installed and configured by default.

Feature Description

Feature	Description
Managed Rook	The Rook storage operator is installed, configured and maintained.
`ReadWriteOnce` and `ReadOnlyMany` Access Mode	These access modes are available via Ceph.
`ReadWriteMany` Access Mode	This access mode is available via CephFS.
In-Cluster Object Storage	With the Rados Gateway of Ceph an in-cluster S3-compatible object storage is available.
Dynamic Provisioning	Volumes are dynamically provisioned and request by creating a PersistentVolumeClaim.
Metrics and Monitoring	All key metrics are collected and monitored on if there are any anomalies.
Volume Snapshots	Kubernetes Volume Snapshots are supported.
Volume Cloning	Cloning of volumes is fully supported.
Volume Resizing	Dynamic volume expanding is available.
Replication and High-Availability	The default replication factor is 3 (meaning that 3 copies of any given data is stored in the cluster) and if possible the storage cluster nodes are distributed over different availability-zones and are configured using anti-affinity virtual machine rules.
Storage Encryption at Rest	By default the Rook Ceph cluster is configured with `encrypted: true` and the encryption secrets are stored as Kubernetes secrets. That means that the backing storage is fully encrypted at rest using the well-known `dmcrypt` with `LUKS`.

Managed Rook

The Rook storage operator is installed, configured and maintained.

ReadWriteOnce and ReadOnlyMany Access Mode

These access modes are available via Ceph.

ReadWriteMany Access Mode

This access mode is available via CephFS.

In-Cluster Object Storage

With the Rados Gateway of Ceph an in-cluster S3-compatible object storage is available.

Dynamic Provisioning

Volumes are dynamically provisioned and request by creating a PersistentVolumeClaim.

Metrics and Monitoring

All key metrics are collected and monitored on if there are any anomalies.

Volume Snapshots

Kubernetes Volume Snapshots are supported.

Volume Cloning

Cloning of volumes is fully supported.

Volume Resizing

Dynamic volume expanding is available.

Replication and High-Availability

The default replication factor is 3 (meaning that 3 copies of any given data is stored in the cluster) and if possible the storage cluster nodes are distributed over different availability-zones and are configured using anti-affinity virtual machine rules.

Storage Encryption at Rest

By default the Rook Ceph cluster is configured with encrypted: true and the encryption secrets are stored as Kubernetes secrets. That means that the backing storage is fully encrypted at rest using the well-known dmcrypt with LUKS.

Supported on request

These features or configuration adjustments must be specifically requested and some restrictions apply. Activation and configuration of these features imply additional engineering costs and can cause additional engineering costs for operating them (although no fixed additional recurring costs apply).

Feature	Description
In-Cluster Object Storage	With the Rados Gateway of Ceph an in-cluster S3-compatible object storage is available.

Feature

Description

In-Cluster Object Storage

With the Rados Gateway of Ceph an in-cluster S3-compatible object storage is available.

Unsupported

These features or configuration adjustments are not supported by VSHN, but can still be activated or changed, allthough are neither monitored, backed up nor maintained. No guarantees are given, use them at your own risk.

Feature / Configuration	Description	Reasoning
Encryption per PV	Per volume encryption as supported by the Ceph CSI driver.	This feature is very complex in operations and doesn’t automatically bring added value over the VSHN supported storage encryption at rest as it uses the same encryption mechanisms.

Feature / Configuration

Description

Reasoning

Encryption per PV

Per volume encryption as supported by the Ceph CSI driver.

This feature is very complex in operations and doesn’t automatically bring added value over the VSHN supported storage encryption at rest as it uses the same encryption mechanisms.

Still interested in one (or more) of these unsupported options? Get in contact with sales@vshn.ch and we figure out together what we can offer.

Pricing

It’s included in the Managed OpenShift fee.

The vCPUs of the storage nodes count as "Worker-vCPU", but these nodes can only run the storage cluster components, no other workload can run on these nodes.

Default Configuration

By default, 3 storage nodes will be provisioned. This is the minimum supported configuration, it’s not possible to have less than three storage nodes.

The sizing of the storage nodes depends on the infrastructure.

Limits and Scaling

Max. number of Persistent Volumes

With 3 storage nodes, max. 200 Persistent Volumes are supported. More volumes are available on request and require additional storage nodes.

Storage Node Sizing

A storage node needs at least:

8 vCPUs
16 GB RAM (24 GB RAM if you’re planning to use CephFS)
120 GB storage for the OS
512 GB storage for the storage cluster

Rook Storage Provider

Only the Ceph storage provider is supported. Other Rook storage providers aren’t supported (e.g. Cassandra or NFS).