Alibaba Cloud NAS is a file storage service facing to Alibaba Cloud Elastic Compute Service (ECS) instances and provides the standard file access protocol. You can use the distributed file system with unlimited capacity, extensive capabilities, single namespace, multiple sharing, high reliability, and high availability, without modifying the existing applications.
Currently, Hangzhou, Shanghai, Beijing, and Shenzhen are opened for Alibaba Cloud NAS, and you can only create NAS data volumes for clusters in these regions.
You can only activate the data volume function when your cluster meets the following conditions:
The cluster Agent is of version 0.6 or later versions.
You can view your Agent version on the Cluster List page. Click More at the right of the cluster and then select Upgrade Agent from the list. For how to upgrade the Agent, see Upgrade Agent.
The acsvolumedriver application is deployed in the cluster. We recommend that you update the acsvolumedriver to the latest version.
You can deploy and update the acsvolumedriver application by upgrading the system services. For details, see Upgrade system services.
Take the Container Service cluster whose Region is China East 1 (Hangzhou) and Network Type is Virtual Private Cloud (VPC) as an example.
Note: The created NAS file system and your cluster must be in the same region.
In this example, an NAS file system with China East 1 (Hangzhou) as the Region is created.
If the network type of your container cluster is Classic, add a classic network mount point.
If the network type of your container cluster is VPC, add a VPC mount point.
In this example, add a VPC mount point.
Note: Select the VPC in which your container cluster resides in the VPC field. Otherwise, an error occurs when creating the data volumes.
Add the intranet IP addresses of the ECS instances in the cluster to the NAS file system whitelist to make these ECS instances can access the NAS file system.
For clusters created after February 2017, the intranet IP addresses of the ECS instances in the cluster will be automatically added to the NAS file system whitelist when NAS data volumes are created. You do not need to perform any operations.
After creating the NAS data volumes, Container Service will automatically create NAS data volumes for newly added or expanded ECS instances and add the intranet IP addresses of the newly added ECS instances to the NAS file system whitelist when you expand the cluster (for details, see Add an existing ECS instance or Expand a cluster).
For clusters created before February 2017, you can add the intranet IP addresses of the ECS instances in the cluster to the NAS file system by:
Manually adding the whitelist.
Log on to the NAS console. Create a permission group and add permission group rules to add the intranet IP addresses of the ECS instances in the cluster to the whitelist. For details, see Use permission groups to control the access.
Use this method to add the whitelist and create the NAS data volumes. Then, when you expand the cluster (for details, see Add an existing ECS instance or Expand a cluster), Container Service will automatically create the NAS data volumes for the newly added or expanded ECS instances. However, before using such data volumes, you must and can only manually add the intranet IP addresses of the newly added ECS instances to the NAS file system whitelist.
Authorizing in RAM. The whitelist will be automatically added after the authorization. Container Service will automatically add the intranet IP addresses of the newly added ECS instances to the NAS file system whitelist when you expand the cluster (for details, see Add an existing ECS instance or Expand a cluster).
Log on to the RAM console.
Click Users in the left-side navigation pane.
Click the user
Click User Authorization Policies in the left-side navigation pane and then click Edit Authorization Policy in the upper-right corner.
The Edit User-Level Authorization dialog box appears. Enter NAS in the search box and select AliyunNASFullAccess. Click the add () button to add the authorization policy to the Selected Authorization Policy Name section and then click OK.
Enter the cellphone verification code and then click OK to complete the authorization.
Log on to the Container Service console.
Click Data Volumes in the left-side navigation pane.
Select the cluster in which you want to create a data volume from the Cluster list.
Click Create in the upper-right corner.
The Create Data Volume dialog box appears. Complete the configurations and then click Create. Container Service will create NAS data volumes with the same name on each node in the cluster.
You can log on to the NAS console. Click the ID of the NAS file system that the cluster will mount to view the details of the file system.
Complete the configurations for the data volume according to the file system details.
- Name: The data volume name, which must be unique in the cluster.
- File System ID: The ID of the NAS file system.
- Mount Point Domain Name: The mount address of the mount point in the NAS file system for the cluster.
- Path: The subdirectory under the NAS path, which is started with
/. After setting the subdirectory, the data volumes will be attached to the specified subdirectory.
- If the specified subdirectory does not exist in the NAS root directory, the subdirectory will be created first by default and then has the data volumes attached.
- With this field not configured, the data volumes will be attached to the NAS root directory by default.
- Privilege: Set the access permission for the mount directory. For example, 755, 644, and 777.
- This field can only be configured when the data volumes are attached to the NAS subdirectory. When the data volumes are attached to the root directory, this field cannot be configured.
- With this field not configured, the privilege is the original permission of the NAS file by default.
Note: Upgrade the volume driver to the latest version if you want to configure the Path and Privilege fields.
After creating the data volumes, you can use the created data volumes in your applications. For how to use the data volumes in applications, see Use third-party data volumes.