Apsara File Storage NAS (NAS) is a distributed file system provided by Alibaba Cloud. NAS supports shared access and auto scaling. NAS features high reliability and high performance. You can use FlexVolume to mount NAS file systems as volumes on a self-managed Kubernetes cluster. NAS file systems can serve as statically or dynamically provisioned volumes. This topic describes how to use a PersistentVolumeClaim (PVC) to mount a NAS file system to multiple elastic container instance-based pods.
Prerequisites
A virtual node (VNode) is deployed on a self-managed Kubernetes cluster.
If the self-managed Kubernetes cluster is deployed in a data center, the data center is connected to Alibaba Cloud.
Precautions
NAS is a shared storage service. You can mount a NAS file system to multiple pods. If a NAS file system is mounted to multiple pods, the data in the file system is shared by the pods. In this case, an application must be able to synchronize data across these pods when data modifications are made to multiple pods.
Do not delete the mount target before you unmount the NAS file system. Otherwise, an operating system hang may occur.
Mount a NAS file system as a statically provisioned volume
Create a NAS file system and add a mount target.
Log on to the NAS console.
Create a NAS file system and add a mount target.
The NAS file system and mount target must reside in the same VPC as the VNode. For more information, see Create a NAS file system and Manage mount targets.
Create a PersistentVolume (PV).
Create a file named static-pv-nas.yaml and copy the following template into the file. Modify the parameters in the template as required.
apiVersion: v1 kind: PersistentVolume metadata: name: static-pv-nas spec: capacity: storage: 20Gi storageClassName: nas persistentVolumeReclaimPolicy: Recycle accessModes: - ReadWriteMany flexVolume: driver: "alicloud/nas" options: server: "1a93e496ef-****.cn-beijing.nas.aliyuncs.com" path: "/" vers: "3"
The following table describes the parameters in the template.
Parameter
Description
driver
The type of the driver used. In this example, the parameter is set to
alicloud/nas
. This indicates that the FlexVolume plug-in provided by Alibaba Cloud for NAS is used.server
The mount target of the NAS file system.
path
The subdirectory of the NAS file system that you want to mount. If you want to mount an Extreme NAS file system, set this parameter to a subdirectory of the
/share
directory. Example:/share/path1
.vers
The version number of the Network File System (NFS) protocol that is used to mount the NAS file system. We recommend that you use NFS v3. Extreme NAS supports only NFS v3.
Run the following command to create a PV:
kubectl create -f static-pv-nas.yaml
Create a PVC.
Create a file named static-pvc-nas.yaml and copy the following template into the file:
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: static-pvc-nas spec: accessModes: - ReadWriteMany storageClassName: nas resources: requests: storage: 20Gi
Run the following command to create a PVC:
kubectl create -f static-pvc-nas.yaml
Mount the NAS file system to two elastic container instance-based pods.
Create a file named static-test-nas.yaml and copy the following template into the file:
apiVersion: apps/v1 kind: Deployment metadata: name: static-test-nas labels: app: nginx spec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: nodeSelector: k8s.aliyun.com/vnode: "true" tolerations: - key: k8s.aliyun.com/vnode operator: "Equal" value: "true" effect: "NoSchedule" containers: - name: nginx image: registry-vpc.cn-beijing.aliyuncs.com/eci_open/nginx:1.14.2 ports: - containerPort: 80 volumeMounts: - name: pvc-nas mountPath: /data volumes: - name: pvc-nas persistentVolumeClaim: claimName: static-pvc-nas
Run the following command to create a Deployment:
kubectl create -f static-test-nas.yaml
View the results.
kubectl get pods -o wide
The following command output is expected to return:
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES static-test-nas-79df5959d4-lvr4m 1/1 Running 0 26s 172.16.XX.XX cn-beijing.vnd-2ze8nd8xcl33t4pa**** <none> <none> static-test-nas-79df5959d4-xdbwz 1/1 Running 0 26s 172.16.XX.XX cn-beijing.vnd-2ze8nd8xcl33t4pa**** <none> <none>
Check the file directories in the pods and verify that the
/data
mount directory is generated for the NAS file system. In addition, verify that the files written to the first pod can be viewed in the second pod. This indicates that the two pods share the NAS file system.
Mount a NAS file system as a dynamically provisioned volume
Deploy the NAS-Controller component
Before you mount a NAS file system as a dynamically provisioned volume, you must deploy the NAS-Controller component. NAS-Controller is used to automatically create a PV of the NAS type.
You must deploy NAS-Controller on a regular node instead of a VNode.
Create a YAML file that is used to deploy NAS-Controller.
Create a file named nas-controller.yaml and copy the following template into the file:
apiVersion: v1 kind: ServiceAccount metadata: name: alicloud-nas-controller namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: alicloud-nas-controller rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "watch", "list", "delete", "update", "create"] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: alicloud-nas-controller subjects: - kind: ServiceAccount name: alicloud-nas-controller namespace: kube-system roleRef: kind: ClusterRole name: alicloud-nas-controller apiGroup: rbac.authorization.k8s.io --- kind: Deployment apiVersion: apps/v1 metadata: name: alicloud-nas-controller namespace: kube-system spec: selector: matchLabels: app: alicloud-nas-controller strategy: type: Recreate template: metadata: labels: app: alicloud-nas-controller spec: tolerations: - operator: Exists affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: node-role.kubernetes.io/master operator: Exists requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: type operator: NotIn values: - virtual-kubelet priorityClassName: system-node-critical serviceAccount: alicloud-nas-controller hostNetwork: true containers: - name: nfs-provisioner image: registry.cn-hangzhou.aliyuncs.com/acs/alicloud-nas-controller:v1.14.8.17-7b898e5-aliyun env: - name: PROVISIONER_NAME value: alicloud/nas securityContext: privileged: true volumeMounts: - mountPath: /var/log name: log volumes: - hostPath: path: /var/log name: log
Deploy NAS-Controller.
kubectl create -f nas-controller.yaml
View the deployment result.
kubectl -n kube-system get pods
The following command output is expected to return:
NAME READY STATUS RESTARTS AGE alicloud-nas-controller-6dccf695d5-zxkwg 1/1 Running 0 3m7s
Mount a NAS file system
Create a NAS file system and add a mount target.
Log on to the NAS console.
Create a NAS file system and add a mount target.
The NAS file system and mount target must reside in the same VPC as the VNode. For more information, see Create a NAS file system and Manage mount targets.
Run the following command to create a StorageClass:
Create a file named sc-nas.yaml and copy the following template into the file. Modify the parameters in the template as required.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: alicloud-nas-test mountOptions: - nolock,tcp,noresvport - vers=3 parameters: volumeAs: subpath server: "1e9064****-gk***.cn-beijing.nas.aliyuncs.com" provisioner: alicloud/nas reclaimPolicy: Retain
The following table describes the parameters in the template.
Description
mountOptions
The mount options, such as the NFS version.
volumeAs
The PV type. A value of subpath indicates a subdirectory. In this case, NAS-Controller automatically creates a subdirectory of the NAS file system.
server
The mount target of the NAS file system if you set the volumeAs parameter to subpath.
provisioner
The type of the driver used. In this example, the parameter is set to
alicloud/nas
. This indicates that the FlexVolume plug-in provided by Alibaba Cloud for NAS is used.reclaimPolicy
The reclaim policy of the PV. Default value: Delete. You can also set this parameter to Retain.
Delete: When a PVC is deleted, the related PV and NAS file system are also deleted.
Retain: When a PVC is deleted, the related PV and NAS file system are retained and can only be manually deleted.
If you require higher data security, we recommend that you use the Retain mode to prevent data loss caused by user errors.
Run the following command to create a StorageClass:
kubectl create -f sc-nas.yaml
Create a PVC of the NAS type.
Create a file named pvc-nas.yaml and copy the following template into the file:
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pvc-nas spec: accessModes: - ReadWriteMany storageClassName: alicloud-nas-test resources: requests: storage: 20Gi
Run the following command to create a PVC:
kubectl create -f pvc-nas.yaml
Mount the NAS file system to two elastic container instance-based pods.
Create a file named test-nas.yaml and copy the following template into the file:
apiVersion: apps/v1 kind: Deployment metadata: name: test-nas spec: replicas: 2 selector: matchLabels: app: uid template: metadata: labels: app: uid spec: nodeSelector: k8s.aliyun.com/vnode: "true" tolerations: - key: k8s.aliyun.com/vnode operator: "Equal" value: "true" effect: "NoSchedule" containers: - name: nginx image: registry-vpc.cn-beijing.aliyuncs.com/eci_open/nginx:1.14.2 volumeMounts: - mountPath: /data name: data volumes: - name: data persistentVolumeClaim: claimName: pvc-nas
Run the following command to create a Deployment:
kubectl create -f test-nas.yaml
View the results.
kubectl get pods -o wide
The following command output is expected to return:
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES test-nas-7cf4d9f796-4h2kj 1/1 Running 0 50s 172.16.XX.XX cn-beijing.vnd-2ze8nd8xcl33t4pa**** <none> <none> test-nas-7cf4d9f796-dv5q2 1/1 Running 0 50s 172.16.XX.XX cn-beijing.vnd-2ze8nd8xcl33t4pa**** <none> <none>
Check the file directories in the pods and verify that the
/data
mount directory is generated for the NAS file system. In addition, verify that the files written to the first pod can be viewed in the second pod. This indicates that the two pods share the NAS file system.