So, What If I Don’t Want My Persistent Storage To Be Yet Another Bindmount?

Most CSI plugins assume that a mounted volume will be consumed directly on the host. For sandboxed runtimes like Kata Containers, this results in less efficient storage IO; there’s a tradeoff between ease of compatibility versus performant storage. So, what if getting the PVC to the container isn’t just a bind-mount away? There has been progress in Kata Containers and within the greater container ecosystem to allow for storage to be presented to the runtime in a more VM-friendly way that results in better IO performance as well as a better security profile. In this talk, we'll highlight the work done for direct storage assignment, as well as the challenges we’ve worked through with the node and storage communities, as well as KEPS to facilitate this pattern in CSI and Kubernetes. We will show how a well defined generic API can allow for efficient storage handling for all sandboxed runtimes.