To improve the performance of Apsara File Storage NAS (NAS) file systems, Container Service for Kubernetes (ACK) uses Container Network File System (CNFS) to achieve independent management of NAS file systems. This topic describes how to use CNFS to manage NAS file systems and how to use CNFS to mount volumes to workloads.

Prerequisites

Features

You can use CNFS to manage NAS file systems by using one of the following methods:

Method 1: Use CNFS to create a default NAS file system

Use the following template to create a default CNFS file system and mount a dynamically provisioned NAS volume to the automatically created NAS file system. Then, mount the dynamically provisioned NAS volume to a Deployment and a StatefulSet at the same time.
# Create the following objects: a CNFS, a StorageClass, a Deployment, and a StatefulSet. 
cat << EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain # Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained. 
  parameters:
    encryptType: SSE-KMS # This parameter is optional. If you leave this parameter empty, the created NAS file system is not encrypted. A value of SSE-KMS indicates that the created NAS file system is encrypted by Key Management Service (KMS). 
    enableTrashCan: "true" # This parameter is optional. If you leave this parameter empty, the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled. 
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alibabacloud-cnfs-nas
mountOptions:
  - nolock,tcp,noresvport
  - vers=3
parameters:
  volumeAs: subpath
  containerNetworkFileSystem: cnfs-nas-filesystem
  path: "/"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain
allowVolumeExpansion: true # This parameter is optional. A value of true indicates that the NAS file system can be expanded. 
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: cnfs-nas-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alibabacloud-cnfs-nas
  resources:
    requests:
      storage: 70Gi # If you enable the directory quota feature, the storage field takes effect. A value of 70Gi indicates that the maximum size of data that can be written into a dynamically created directory is 70 GiB. 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cnfs-nas-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: cnfs-nas-pvc
      volumes:
      - name: cnfs-nas-pvc
        persistentVolumeClaim:
          claimName: cnfs-nas-pvc
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: cnfs-nas-sts
  labels:
    app: nginx
spec:
  serviceName: "nginx"
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: www
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "alibabacloud-cnfs-nas"
      resources:
        requests:
          storage: 50Gi # If you enable the directory quota feature, the storage field takes effect. A value of 50Gi indicates that the maximum size of data that can be written into a dynamically created directory is 50 GiB. 
EOF
Notice The NAS file system is created in the virtual private cloud (VPC) where the cluster is deployed. If the region of the cluster does not support NAS file systems of the NAS Capacity type, a NAS file system of the NAS Performance type is created. By default, the created NAS file system is not encrypted.

Method 2: Use CNFS to create a custom NAS file system

Use CNFS to create a custom NAS file system and use a statically or dynamically provisioned NAS volume to mount the created custom NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.

  1. Create a custom NAS file system.
    1. Run the following command to create a custom file system:
      cat <<EOF | kubectl apply -f -
      apiVersion: storage.alibabacloud.com/v1beta1
      kind: ContainerNetworkFileSystem
      metadata:
        name: cnfs-nas-filesystem
      spec:
        description: "cnfs"
        type: nas
        reclaimPolicy: Retain
        parameters:
          filesystemType: standard
          storageType: Capacity
          protocolType: NFS
          encryptType: SSE-KMS
          enableTrashCan: true
          trashCanReservedDays: 5
          vSwitchId: vsw-2ze9l3ppwzg6bl02j****
      EOF
      Parameter Description
      description The description of the NAS file system
      type The type of the volume that you want to create.
      reclaimPolicy The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.
      parameters.filesystemType The type of the file system. Default value: standard. The default value indicates the General-purpose NAS type.
      parameters.storageType The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.
      parameters.protocolType The Network File System (NFS) protocol is used. Only NFSv3 is supported.
      parameters.encryptType The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.
      parameters.enableTrashCan Specifies whether to enable the recycle bin feature. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.
      parameters.trashCanReservedDays The maximum number of days that the files in the recycle bin are retained. Default value: 7. In this example, trashCanReservedDays: 5 is used, which indicates that the files in the recycle bin are retained for up to five days.
      parameters.vSwitchId The ID of the vSwitch that is used by the created NAS file system.
    2. Run the following command to query the created NAS file system:
      kubectl get cnfs

      Expected output:

      NAME                  AGE
      cnfs-nas-filesystem   6d
    3. Run the following command to query the details about the NAS file system:
      kubectl get cnfs/cnfs-nas-filesystem -o yaml

      Expected output:

      apiVersion: storage.alibabacloud.com/v1beta1kind: ContainerNetworkFileSystem
      metadata:
        annotations:
          kubectl.kubernetes.io/last-applied-configuration: |
            {"apiVersion":"storage.alibabacloud.com/v1beta1","kind":"ContainerNetworkFileSystem","metadata":{"annotations":{},"name":"nas-load-mount-target"},"spec":{"description":"filesystem4","parameters":{"filesystemId":"17f7e4****","server":"17f7e4****-hlm35.cn-beijing.nas.aliyuncs.com"},"reclaimPolicy":"Retain","type":"nas"}}
        creationTimestamp: "2021-05-14T08:20:09Z"
        finalizers:
        - protection.alibabacloud.com/cnfs
        generation: 6
        name: cnfs-nas-filesystem
        resourceVersion: "122342382"
        selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target
        uid: a9e9650c-68b2-405b-8274-0f5b6063****
      spec:
        description: "cnfs"
        type: nas
        reclaimPolicy: Retain
        parameters:
          filesystemType: standard
          storageType: Capacity
          protocolType: NFS
          encryptType: SSE-KMS
          vSwitchId: vsw-XXX
          enableTrashCan: true
      status:
        conditions:
        - lastProbeTime: "2021-05-14 16:20:15"
          reason: The nas filesystem and mount target complete initialization.
          status: Ready
        fsAttributes:
          accessGroupName: DEFAULT_VPC_GROUP_NAME
          encryptType: SSE-KMS
          enableTrashCan: true
          filesystemId: 17f7e48ece
          filesystemType: standard
          protocolType: NFS
          regionId: cn-beijing
          server: 17f7e48ece-hlm35.cn-beijing.nas.aliyuncs.com
          storageType: Capacity
          vSwitchId: vsw-2ze9l3ppwzg6bl02j****
          vpcId: vpc-2ze9sgmehjvwv5x74****
          zoneId: cn-beijing-h
        status: Available
      Parameter Description
      status The status of CNFS. Valid values: Pending, Creating, Initialization, Available, Unavailable, Fatal, and Terminating.
      conditions.lastProbeTime The time when the last probe was sent.
      conditions.reason The reason for the current status.
      conditions.status Indicates whether the file system is ready. Valid values: Ready and NotReady.
      fsAttributes.accessGroupName The name of the permission group used by the mount target. Set the value to DEFAULT_VPC_GROUP_NAME. This indicates the default permission group for VPCs.
      fsAttributes.encryptType The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.
      fsAttributes.enableTrashCan Specifies whether to enable the recycle bin feature. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.
      fsAttributes.filesystemId The ID of the file system
      fsAttributes.filesystemType The type of the file system. Default value: standard. The default value indicates the General-purpose NAS type.
      fsAttributes.protocolType The file transfer protocol. NFS is supported.
      fsAttributes.regionId The region to which the CNFS file system belongs.
      fsAttributes.server The domain name of the mount target of the CNFS file system.
      fsAttributes.storageType The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.
      fsAttributes.vSwitchId The vSwitch used by the CNFS file system.
      fsAttributes.vpcId The VPC to which the CNFS file system belongs.
      fsAttributes.zoneId The zone to which the CNFS file system belongs.
  2. Create a persistent volume (PV) and associate it with the NAS file system.
    Create a statically or dynamically provisioned PV and associate it with the NAS file system:
    • Create a statically provisioned PV.
      1. Use the following template to create a statically provisioned PV and associate it with the NAS file system:
        cat <<EOF | kubectl apply -f -
        apiVersion: v1
        kind: PersistentVolume
        metadata:
          name: cnfs-nas-pv
          labels:
            alicloud-pvname: cnfs-nas-pv
        spec:
          capacity:
            storage: 5Gi
          accessModes:
            - ReadWriteMany
          csi:
            driver: nasplugin.csi.alibabacloud.com
            volumeHandle: cnfs-nas-pv # The value must be the same as the PV name.
            volumeAttributes:
              containerNetworkFileSystem: cnfs-nas-filesystem
              path: "/"
              mode: "644"
          mountOptions:
            - nolock,tcp,noresvport
            - vers=3
        EOF
        Parameter Description
        containerNetworkFileSystem The name of the CNFS file system that you want to use
        path The path of the CNFS file system used by the PV
      2. Run the following command to check whether the PV is created:
        kubectl get pv
        Expected output:
        NAME          CAPACITY   ACCESS MODES     RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
        cnfs-nas-pv   5Gi        RWX              Retain           Available                                   4s
    • Create a dynamically provisioned PV.
      1. Use the following template to create a dynamically provisioned PV and associate it with the NAS file system:
        cat <<EOF | kubectl apply -f -
        apiVersion: storage.k8s.io/v1
        kind: StorageClass
        metadata:
          name: alibabacloud-nas-cnfs
        mountOptions:
          - nolock,tcp,noresvport
          - vers=3
        parameters:
          volumeAs: subpath
          containerNetworkFileSystem: nas-load-mount-target
          path: "/"
        provisioner: nasplugin.csi.alibabacloud.com
        reclaimPolicy: Retain
        allowVolumeExpansion: true
        EOF
        Note The valid values of allowVolumeExpansion are true and false. This parameter specifies whether the PV is expandable and the volume quota is enabled.
      2. Run the following command to check whether the PV is created:
        kubectl get pv
        Expected output:
        NAME          CAPACITY   ACCESS MODES     RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
        cnfs-nas-pv   5Gi        RWX              Retain           Available                                   4s
  3. Create a persistent volume claim (PVC).
    1. Use the following template to create a PVC that is used to mount the NAS file system:
      cat <<EOF | kubectl apply -f -
      apiVersion: v1
      kind: PersistentVolumeClaim
      metadata:
        name: cnfs-nas-pvc
      spec:
        accessModes:
          - ReadWriteMany
        storageClassName: alibabacloud-nas-cnfs
        resources:
          requests:
            storage: 70Gi
      EOF
  4. Create an application.
    1. Use the following template to create an application that uses the PVC:
      cat <<EOF | kubectl apply -f -
      apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: cnfs-nas-deployment
        labels:
          app: nginx
      spec:
        selector:
          matchLabels:
            app: nginx
        template:
          metadata:
            labels:
              app: nginx
          spec:
            containers:
              - name: nginx
                image: nginx:1.14.2
                ports:
                  - containerPort: 80
                volumeMounts:
                  - name: cnfs-nas-pvc
                    mountPath: "/data"
            volumes:
              - name: cnfs-nas-pvc
                persistentVolumeClaim:
                  claimName: cnfs-nas-pvc
      EOF
    2. Run the following command to query the status of the application:
      kubectl get pod

      Expected output:

      NAME                             READY   STATUS    RESTARTS   AGE
      cnfs-nas-deployment-86959b****   1/1     Running   0          2s

      The output shows that the created Deployment is in the Running state. This means that the CNFS file system is used by the Deployment.

Method 3: Create a CNFS file system by using an existing NAS file system

Use CNFS to configure an existing NAS file system and use a statically or dynamically provisioned NAS volume to mount the existing NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.

  1. Create a CNFS file system by using an existing NAS file system.
    1. Use the following template to create a CNFS file system by using an existing NAS file system:
      # Load the existing NAS file system.
      cat <<EOF | kubectl apply -f -
      apiVersion: storage.alibabacloud.com/v1beta1
      kind: ContainerNetworkFileSystem
      metadata:
        name: cnfs-nas-filesystem
      spec:
        description: "cnfs"
        type: nas
        reclaimPolicy: Retain
        parameters:
          server: 17f7e4****-hlm35.cn-beijing.nas.aliyuncs.com
      EOF
      Parameter Description
      description The description of the NAS file system
      type The type of the volume that you want to create
      reclaimPolicy The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.
      parameters.server The URL of the mount target of the NAS file system
    2. Run the following command to query the NAS file system:
      kubectl get cnfs

      Expected output:

      NAME                  AGE
      cnfs-nas-filesystem   6d
    3. Run the following command to query the details about the NAS file system:
      kubectl get cnfs/cnfs-nas-filesystem -o yaml

      Expected output:

      apiVersion: storage.alibabacloud.com/v1beta1kind: ContainerNetworkFileSystem
      metadata:
        annotations:
          kubectl.kubernetes.io/last-applied-configuration: |
            {"apiVersion":"storage.alibabacloud.com/v1beta1","kind":"ContainerNetworkFileSystem","metadata":{"annotations":{},"name":"nas-load-mount-target"},"spec":{"description":"filesystem4","parameters":{"filesystemId":"17f7e4****","server":"17f7e48ece-h****.cn-beijing.nas.aliyuncs.com"},"reclaimPolicy":"Retain","type":"nas"}}
        creationTimestamp: "2021-05-14T08:20:09Z"
        finalizers:
        - protection.alibabacloud.com/cnfs
        generation: 6
        name: cnfs-nas-filesystem
        resourceVersion: "122342382"
        selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target
        uid: a9e9650c-68b2-405b-8274-0f5b6063****
      spec:
        description: cnfs
        parameters:
          server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com
        reclaimPolicy: Retain
        type: nas
      status:
        conditions:
        - lastProbeTime: "2021-05-14 16:20:15"
          reason: The nas filesystem and mount target complete initialization.
          status: Ready
        fsAttributes:
          accessGroupName: DEFAULT_VPC_GROUP_NAME
          encryptType: None
          enableTrashCan: true
          filesystemId: 17f7e4****
          filesystemType: standard
          protocolType: NFS
          regionId: cn-beijing
          server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com
          storageType: Capacity
          vSwitchId: vsw-2ze9l3ppwzg6bl02j****
          vpcId: vpc-2ze9sgmehjvwv5x74****
          zoneId: cn-beijing-h
        status: Available
  2. Use the CNFS file system in NAS volumes. For more information, see Step 2 to Step 4 in Method 2: Use CNFS to create a custom NAS file system.

What to do next

For more information about how to monitor NAS resources at the node side, see Examples of monitoring NAS file systems.