You can mount a Network Attached Storage (NAS) file system to a sandboxed container to significantly improve I/O performance. This topic describes how to mount a NAS file system to a sandboxed container.
Prerequisites
Background information
virtio-fs is a shared file system. Container Service for Kubernetes (ACK) allows you to use virtio-fs to add volumes, Secrets, and ConfiMaps to the guest operating system of a virtual machine (VM). This directly mounts a NAS file system to a cluster. This method mounts the NAS file system to the host. Applications in the container can write data to and read data from the NAS file system only through virtio-fs. This may cause performance degradation.
Sandboxed containers allow you to directly mount NAS file systems. This method first unmounts NAS mount targets from the host. The NAS file system is mounted to the guest operating system. Then, the system creates a bind mount for the NAS file system. This way, applications in the container can directly write data to and read data from the NAS file system without performance degradation.

How a NAS file system is mounted to a sandboxed container

Step | Description |
---|---|
① | The kubelet requests the CSI plug-in to mount a NAS file system. |
② | The CSI plug-in mounts the NAS file system to the host. |
③ | The Kubelet requests Kangaroo-Runtime to create a pod. |
④ | Kangaroo-Runtime parses the unmounting information, passes the information to the guest operating system, and then unmounts the NAS file system from the host. |
⑤ | Kangaroo-Runtime requests the agent to create a container. |
⑥ | The agent mounts the NAS file system to the guest operating system. |
⑦ | The agent creates a bind mount to mount for the NAS file system that is mounted to the guest operating system. |
Examples
The following example describes how to mount a NAS file system to a sandboxed container. In this example, an Apsara File Storage NAS instance is created and a YAML file template is used to create resource objects.