All Products
Search

This Product

    Container Service for Kubernetes:Mount a statically provisioned OSS volume

    Document Center

    Container Service for Kubernetes:Mount a statically provisioned OSS volume

    Last Updated:Mar 26, 2026

    Mount a statically provisioned OSS volume

    Static provisioning lets you mount an existing Object Storage Service (OSS) bucket as a persistent volume (PV) in a Container Service for Kubernetes (ACK) cluster. You create the PV, a persistent volume claim (PVC), and a pod manually, binding your cluster workloads directly to a named OSS bucket via a Kubernetes Secret.

    Prerequisites

    Before you begin, ensure that you have:

    • An ACK cluster with nodes that can reach your OSS bucket

    • An Alibaba Cloud AccessKey pair with read and write access to the bucket

    Usage notes

    If securityContext.fsGroup is configured in the pod spec, kubelet runs chmod or chown after mounting the volume, which increases mount time. For steps to reduce mount latency in this case, see Why does it require a long time to mount an OSS volume?

    Mount an OSS bucket

    Static provisioning requires three resources: a PV that references your OSS bucket, a PVC that binds to the PV, and a pod that mounts the PVC.

    Step 1: Create a PV

    You can create the PV using kubectl or the ACK console.

    kubectl

    1. Create a Secret to store your Alibaba Cloud credentials. Replace <your AccessKey ID> and <your AccessKey secret> with your actual values. To get your AccessKey pair, open the ACK console, hover over the user icon, and click AccessKey.

      Field Description
      osssecret Secret name. Customize as needed.
      akId Your AccessKey ID.
      akSecret Your AccessKey secret.
      --type Must be alicloud/oss.
      -n default Namespace. The Secret and the pod that uses it must be in the same namespace. 
      kubectl create secret generic osssecret \
  --from-literal=akId='<your AccessKey ID>' \
  --from-literal=akSecret='<your AccessKey secret>' \
  --type=alicloud/oss \
  -n default

    2. Save the following as oss-pv.yaml and run kubectl apply -f oss-pv.yaml.

      Parameter Description Required Example
      capacity.storage Declared capacity of the PV. Yes 5Gi
      accessModes Must be ReadWriteMany for OSS. Yes ReadWriteMany
      storageClassName Must match the PVC's storageClassName. Yes oss
      flexVolume.driver FlexVolume driver name. Must be alicloud/oss. Yes alicloud/oss
      secretRef.name Name of the Secret created in Step 1. Yes osssecret
      options.bucket Name of your OSS bucket. Yes docker
      options.url OSS endpoint for your bucket's region. Yes oss-cn-hangzhou.aliyuncs.com
      options.path Subdirectory within the bucket to mount. No /path
      options.otherOpts Additional OSSFS mount options in -o key=value format. No -o max_stat_cache_size=0 -o allow_other 
      apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-oss
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  storageClassName: oss
  flexVolume:
    driver: "alicloud/oss"
    secretRef:
      name: "osssecret"  # Replace with the Secret name from Step 1.
    options:
      bucket: "docker"
      url: "oss-cn-hangzhou.aliyuncs.com"
      path: "/path"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"

    ACK console

    1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

    2. On the Clusters page, find the cluster you want to manage and click its name. In the left-side pane, choose Volumes > Persistent Volumes.

    3. On the Persistent Volumes page, click Create. In the Create PV dialog box, set the following parameters and click Create.

      Parameter Description Required
      PV Type Select OSS. Yes
      Volume Name Enter a name that is unique in the cluster. For example, pv-oss. Yes
      Capacity Declared capacity of the PV. Yes
      Access Mode Defaults to ReadWriteMany. Yes
      Access Certificate Select Select Existing Secret to use an existing Secret (specify namespace and Secret name), or select Create Secret to create one inline (specify namespace, name, AccessKey ID, and AccessKey secret). Yes
      Optional Parameters Additional OSSFS mount options in -o *** -o *** format. No
      Bucket ID Click Select Bucket, choose your OSS bucket, and click Select. Yes
      OSS Path Subdirectory within the bucket to mount, relative to the bucket root. No
      Endpoint Select Public Endpoint if your OSS bucket and cluster nodes are in different regions. Select Internal Endpoint if your OSS bucket is on the classic network. Yes

    Step 2: Create a PVC

    Save the following as oss-pvc.yaml and run kubectl apply -f oss-pvc.yaml.

    kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc-oss
spec:
  storageClassName: oss
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi

    The PVC binds to the PV when storageClassName, accessModes, and storage match the PV's values.

    Step 3: Create a pod

    Save the following as oss-deploy.yaml and run kubectl apply -f oss-deploy.yaml.

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: oss-static
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
        ports:
        - containerPort: 80
        volumeMounts:
          - name: pvc-oss
            mountPath: "/data"
        livenessProbe:
          exec:
            command:
            - sh
            - -c
            - cd /data
          initialDelaySeconds: 30
          periodSeconds: 30
      volumes:
      - name: pvc-oss
        persistentVolumeClaim:
          claimName: pvc-oss