The container storage feature of Container Service for Kubernetes (ACK) is integrated with the storage services provided by Alibaba Cloud, and is compatible with Kubernetes-native storage services. You can deploy the Container Storage Interface (CSI) plug-in in ACK clusters to use Alibaba Cloud storage services. Disk volumes, Apsara File Storage NAS (NAS) volumes, Object Storage Service (OSS) volumes, and local volumes can be automatically mounted to pods in ACK clusters. This topic describes how to use the CSI plug-in in a registered cluster.
Prerequisites
A registered cluster is created and an external cluster is connected to the registered cluster. For more information, see Create a registered cluster in the ACK console and Use onectl to create a registered cluster.
Elastic Compute Service (ECS) instances are added to the external cluster. For more information, see Create and scale out a node pool .
ImportantThe CSI plug-in provided by Alibaba Cloud can be deployed only on ECS instances. Therefore, you must add the
alibabacloud.com/external=true
label to the ECS instances in the external cluster.A kubectl client is connected to the external cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.
Considerations
If the external cluster is deployed on Alibaba Cloud and ECS instances are added to the cluster, you must add labels to the ECS instances. For more information about how to add labels to ECS instances, see Add labels to ECS instances in an external cluster that is registered with ACK.
If you use the node pool feature to add ECS instances to the registered external cluster, the ECS instances have the
alibabacloud.com/external=true
label by default.
Step 1: Grant a RAM user the permissions to manage the CSI plug-in
Use onectl
Install onectl on your on-premises machine. For more information, see Use onectl to manage registered clusters.
onectl uses the AccessKey pair of a Resource Access Management (RAM) user to access Alibaba Cloud resources. Run the following command to grant the RAM user the permissions to manage the CSI plug-in:
onectl ram-user grant --addon csi-plugin
Expected output:
Ram policy ack-one-registered-cluster-policy-csi-plugin granted to ram user ack-one-user-ce313528c3 successfully.
Use the console
Before you install the CSI plug-in in a registered external cluster, you must set an AccessKey pair in the cluster to access related cloud resources. Before you set the AccessKey pair, create a RAM user and grant the RAM user the permissions to access Alibaba Cloud resources.
Create a RAM user. For more information, see Create a RAM user.
Create a custom policy.
For more information about how to create a custom policy, see Create a custom policy.
The following examples are custom permission policies used to grant permissions to manage disks, snapshots, snapshot policies, resource labels, instances, file systems, and repositories. For more information about API operations, see List of operations by function.
Attach the policy to the RAM user. For more information, see Create a RAM user and grant permissions to the RAM user.
Create an AccessKey pair for the RAM user. For more information, see Obtain an AccessKey pair.
Use the AccessKey pair to create a Secret named alibaba-addon-secret in the registered cluster.
The system automatically uses the AccessKey pair to access cloud resources when you install the CSI plug-in.
kubectl -n kube-system create secret generic alibaba-addon-secret --from-literal='access-key-id=<your access key id>' --from-literal='access-key-secret=<your access key secret>'
NoteReplace
<your access key id>
and<your access key secret>
with the AccessKey pair that you obtained in the previous step.
Step 2: Install the CSI plug-in
Use onectl
Run the following command to install the CSI plug-in:
onectl addon install csi-plugin
onectl addon install csi-provisioner
Expected output:
Addon csi-plugin, version **** installed.
Addon csi-provisioner, version **** installed.
Use the console
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, click the name of the cluster that you want to manage and choose in the left-side navigation pane.
Click the Storage tab, find csi-plugin and csi-provisioner, and then click Install.
In the Note message, confirm the versions of the plug-ins and click OK.
Step 3: Mount volumes
The following table describes how to mount different types of volumes in registered clusters.
Volume type | References |
NAS | |
OSS | |
CPFS | |
CNFS | |
Disk volumes | Disk volumes are not supported in registered clusters. |