This topic describes how to provision static Object Storage Service (OSS) volumes by using YAML files.

Prerequisites

A static OSS volume is created. For more information, see Create buckets.
Note If a node and an OSS bucket are in the same region, you can use the internal endpoint of the OSS bucket when you mount it to the node.

Use a Secret to create a static PV

  1. Create a Secret.

    The following YAML file shows how to specify your AccessKey pair in a Secret.

    apiVersion: v1
    kind: Secret
    metadata:
      name: oss-secret
      namespace: default
    stringData:
      akId: ***
      akSecret: ***
    Note The Secret must be created in the same namespace where the application is created.

    Replace the values of the akId and akSecret parameters with your AccessKey ID and AccessKey secret.

  2. Create a static PV

    The following YAML file is used to create a static persistent volume (PV) through a persistent volume claim (PVC).

    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: oss-pvc
    spec:
      accessModes:
      - ReadWriteMany
      resources:
        requests:
          storage: 5Gi
    ---
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: oss-csi-pv
    spec:
      capacity:
        storage: 5Gi
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      csi:
        driver: ossplugin.csi.alibabacloud.com
        volumeHandle: oss-csi-pv // The specified value must be the same as the name of the PV. nodePublishSecretRef:
          name: oss-secret
          namespace: default
        volumeAttributes:
          bucket: "oss"
          url: "oss-cn-hangzhou.aliyuncs.com"
          otherOpts: "-o max_stat_cache_size=0 -o allow_other"
    Parameter Description
    nodePublishSecretRef Specifies that a Secret is used to obtain the AccessKey pair when an OSS bucket is mounted through a PV.
    volumeHandle Specifies the name of the PV.
    bucket Specifies the OSS bucket to be mounted.
    url Specifies the endpoint of the OSS bucket. If the OSS bucket and target node are deployed in the same region, you can use the internal endpoint of the OSS bucket.
    otherOpts You can enter custom parameters in the format of -o *** -o ***.

Specify an AccessKey pair directly in a PV/PVC

Use a Secret to create a static PV describes how to use a Secret to specify an AccessKey pair for the CSI plug-in. This section describes how to specify an AccessKey pair directly in a PV. The following YAML file is an example.
apiVersion: v1
kind: PersistentVolume
metadata:
  name: oss-csi-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  csi:
    driver: ossplugin.csi.alibabacloud.com
    volumeHandle: oss-csi-pv // The specified value must be the same as the name of the PV.
    volumeAttributes:
      bucket: "oss"
      url: "oss-cn-hangzhou.aliyuncs.com"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"
      akId: "***"
      akSecret: "***"

Configure security token-based authentication in a PV/PVC

Use a Secret to create a static PV and Specify an AccessKey pair directly in a PV/PVC describe how to use a Secret or an AccessKey pair for permission authentication. In addition, you can also configure security token-based authentication in a PV. The following YAML file is an example.
apiVersion: v1
kind: PersistentVolume
metadata:
  name: oss-csi-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  csi:
    driver: ossplugin.csi.alibabacloud.com
    volumeHandle: oss-csi-pv // The specified value must be the same as the name of the PV;
    volumeAttributes:
      bucket: "oss"
      url: "oss-cn-hangzhou.aliyuncs.com"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"
      authType: "sts"

Create an application

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 80
        volumeMounts:
          - name: oss-pvc
            mountPath: "/data"
      volumes:
        - name: oss-pvc
          persistentVolumeClaim:
            claimName: oss-pvc

You can also provision a static OSS volume in the console. For more information, see Use a static OSS volume.