This topic describes how to mount a statically provisioned Object Storage Service (OSS) volume by using a persistent volume (PV) and a persistent volume claim (PVC), and how to use a Secret with a PV.

Precautions

If the securityContext.fsgroup parameter is set in the application template, kubelet performs the chmod or chown operation after the volume is mounted, which increases the time consumption.
Note For more information about how to speed up the mounting process when the securityContext.fsgroup parameter is set, see Why does it require a long time to mount an OSS volume?.

Mount a statically provisioned OSS volume by using a PV and a PVC

  1. Create a PV.
    You can create a PV in the Container Service for Kubernetes (ACK) console or by using a YAML file.
    • Create a PV by using a YAML file.
      Use the following oss-pv.yaml file to create a PV:
      apiVersion: v1
      kind: PersistentVolume
      metadata:
        name: pv-oss
      spec:
        capacity:
          storage: 5Gi
        accessModes:
          - ReadWriteMany
        storageClassName: oss
        flexVolume:
          driver: "alicloud/oss"
          options:
            bucket: "docker"
            url: "oss-cn-hangzhou.aliyuncs.com"
            akId: "LTAI4G6E3whAAKnzdRPx****"
            akSecret: "uRJeIi0cbahgWOhxncpp54wR5b****"
            otherOpts: "-o max_stat_cache_size=0 -o allow_other"
    • Create a PV in the ACK console
      1. Log on to the ACK console.
      2. In the left-side navigation pane of the ACK console, click Clusters.
      3. On the Clusters page, find the cluster that you want to manage. Then, click the name of the cluster or click Details in the Actions column.
      4. In the left-side navigation pane of the cluster details page, choose Volumes > Persistent Volumes.
      5. Click the Persistent Volumes tab and click Create.
      6. In the Create PV dialog box, set the required parameters.
        Parameter Description
        PV Type In this example, OSS is selected.
        Volume Name The name of the PV that you want to create. The name must be unique in the cluster. In this example, pv-oss is entered.
        Volume Plug-in In this example, Flexvolume is selected. For more information about volume plug-ins, see Differences between the CSI and FlexVolume plug-ins.
        Capacity The capacity of the PV that you want to create.
        Access Mode Default value: ReadWriteMany.
        Access Certificate Select a Secret that is used to access the OSS bucket.
        • Select Existing Secret: Select a namespace and a Secret.
        • Create Secret: Set Namespace, Name, AccessKey ID, and AccessKey Secret.
        Optional Parameters Enter custom parameters in the format of -o *** -o ***.
        Bucket ID The name of the OSS bucket that you want to mount. Click Select Bucket. In the dialog box that appears, select the OSS bucket that you want to mount and click Select.
        Endpoint Select Public Endpoint if the OSS bucket and the Elastic Compute Service (ECS) instances in the cluster are deployed in different regions. Select Internal Endpoint if the OSS bucket is deployed in a classic network.
        Label Add labels to the PV.
      7. Click Create.
  2. Create a PVC.
    Use the following oss-pvc.yaml file to create a PVC.
    kind: PersistentVolumeClaim
    apiVersion: v1
    metadata:
      name: pvc-oss
    spec:
      storageClassName: oss
      accessModes:
        - ReadWriteMany
      resources:
        requests:
          storage: 5Gi
  3. Create a pod.
    Use the following oss-deploy.yaml file to create a pod.
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: oss-static
      labels:
        app: nginx
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: nginx
      template:
        metadata:
          labels:
            app: nginx
        spec:
          containers:
          - name: nginx
            image: nginx
            ports:
            - containerPort: 80
            volumeMounts:
              - name: pvc-oss
                mountPath: "/data"
            livenessProbe:
              exec:
                command:
                - sh
                - -c
                - cd /data
              initialDelaySeconds: 30
              periodSeconds: 30
            volumes:
            - name: pvc-oss
              persistentVolumeClaim:
                claimName: pvc-oss           

Use a Secret to provide AccessKey information

  1. Run the following command to create a Secret:
    kubectl create secret generic osssecret --from-literal=akId='LTAI4G6E3whAAKnzdRPx****' --from-literal=akSecret='uRJeIi0cbahgWOhxncpp54wR5b****' --type=alicloud/oss -n default
    • osssecret: the name of the Secret.
    • akId: the AccessKey ID.
    • akSecret: the AccessKey secret.
    • type: Set this parameter to alicloud/oss. The Secret and the pod that uses the Secret must belong to the same namespace.
  2. Use the Secret in a PV.
    Specify the Secret in the secretRef field of the PV.
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: pv-oss
    spec:
      capacity:
        storage: 5Gi
      accessModes:
        - ReadWriteMany
      storageClassName: oss
      flexVolume:
        driver: "alicloud/oss"
        secretRef:
          name: "osssecret"
        options:
          bucket: "docker"
          url: "oss-cn-hangzhou.aliyuncs.com"
          otherOpts: "-o max_stat_cache_size=0 -o allow_other"