Running workloads in an ACK cluster often necessitates storage solutions for application data persistence, secure storage of sensitive and configuration data, and dynamic provisioning of storage resources. The ACK cluster delivers container storage capabilities through the Container Storage Interface (CSI) plug-in, utilizing Alibaba Cloud storage services to manage both static and dynamic persistent volume resources effectively.
Overview of supported volumes
The Container Storage Interface (CSI) plug-in is the Kubernetes community's recommended solution for implementing container storage. ACK's container storage capabilities are built on the CSI plug-in, seamlessly integrating Elastic Block Storage (EBS), File Storage NAS, Object Storage Service (OSS), and local disks. It is fully compatible with Kubernetes native volume types, including EmptyDir, HostPath, Secret, ConfigMap, and more. The volumes supported by the CSI plug-in include the following:
Container Service for Kubernetes (ACK) facilitates the automatic binding of various Alibaba Cloud storage services—including disks, NAS, OSS, , and local volumes—to pods. Key features, use cases, and associated billing details for each type of storage volume are outlined below.
The Container Storage Interface (CSI) plug-in is capable of both static and dynamic volume provisioning. With static provisioning, you typically need to manually create and edit a PersistentVolume (PV) and PersistentVolumeClaim (PVC) for attachment. For scenarios requiring numerous PVs and PVCs, dynamic provisioning can be utilized to streamline the process. The definitions of PV and PVC are as follows:
-
PersistentVolume (PV)
A storage resource within the cluster, a PV has a lifecycle independent of any pod that utilizes it. PVs can be provisioned in various forms, depending on the StorageClass type.
-
PersistentVolumeClaim (PVC)
A request for storage within a cluster. For instance, while pods consume node resources through PVs, PVCs are the mechanism through which PVs are consumed. Should there be a shortage of PVs, PVCs can dynamically provision additional PVs.
Storage service | Static volume | Dynamic volume | Default deployment | Main features | Application scenarios | Billing description |
Alibaba Cloud Disk | Supported | Supported | Yes | Non-shared storage. Each cloud disk can only be mounted on a single node. |
For more information, see disk volumes. | For information about billing items for disks, see block storage billing. For information about disk prices, see ECS product page. |
Alibaba Cloud NAS | Supported | Supported | Yes | Shared storage that can provide high-performance and high-throughput storage services. |
For more information, see NAS volumes. | |
Alibaba Cloud OSS | Supported | Supported | Yes | Shared storage, user-mode file system. |
Note OSS volumes are mounted using OSSFS, which is a user-mode file system simulated through FUSE. The write performance is limited when you use OSS volumes. We recommend that you use other storage volumes in scenarios that require high write performance. For more information, see OSS volumes. |
Alibaba Cloud storage services each have specific usage limits for storage volumes. Please refer to the information below.
Limits
When utilizing the ACK storage CSI plug-in, be mindful of both the plug-in's usage limits and those of the Alibaba Cloud storage products involved.
Cluster version limits
When utilizing the Container Storage Interface (CSI) plug-in, ensure that your ACK cluster is version 1.14 or higher, and set the kubelet runtime parameter --enable-controller-attach-detach
to true
. Should you need to upgrade your cluster, please refer to how to manually upgrade the cluster.
CSI Plug-in Usage Limits
The Alibaba Cloud CSI plug-in, open-sourced in the community, primarily supports ACK clusters. For non-ACK environments, such as self-built clusters on Alibaba Cloud, configuration, permission management, and networking differences may prevent seamless support. Adaptation may require source code modifications and configuration changes. For more information, visit alibaba-cloud-csi-driver.
Storage Volume Usage Limits
Volume type | Usage limits |
Disk volumes | See usage limits. |
NAS volumes |
|
OSS volumes |
|
Overview of container storage capabilities
The table below describes the storage features supported by different types of ACK clusters.
Storage classification | Storage capabilities | ACK managed and dedicated clusters | ACK Serverless cluster | ACK secure sandbox |
Block storage | Mount and unmount disks | |||
Online resize | ||||
Snapshots | ||||
Container I/O monitoring | ||||
File system | Supports XFS, Ext4 | Supports XFS, Ext4 | Supports XFS, Ext4 | |
Block, raw device | ||||
Snapshot restoration | ||||
Disk queue settings | ||||
Data encryption CMK and BYOK | ||||
Multi-zone awareness | ||||
Custom tags | ||||
Cross-host migration | ||||
File Storage NAS | Create, mount, and unmount NAS file systems | |||
Mount and unmount Samba file systems | ||||
Recycle bin (CNFS) | ||||
Dynamic volume - subdirectory/shared directory (CNFS) | ||||
Data encryption CMK (CNFS, Extreme NAS) | ||||
Quota control (CNFS) | Supported only in managed version | |||
Capacity/I/O monitoring (CNFS) | ||||
Online resize (CNFS) | ||||
Object Storage Service (OSS) | Mount and unmount OSS buckets | |||
Data encryption BYOK | ||||
Local storage | Block storage LVM management | |||
VolumeGroup automated configuration | ||||
Node LVM capacity-aware scheduling | ||||
PMEM Direct Mem | ||||
LVM-managed persistent memory (PMEM) |
Container Network File System CNFS
Within the ACK Pro cluster, you can leverage the Container Network File System (CNFS) for managing container storage resources. CNFS enhances NAS and OSS volume performance and Quality of Service (QoS) control by representing Alibaba Cloud's file storage as a Kubernetes object (CRD). This allows for independent management tasks such as creation, deletion, detailing, mounting, monitoring, and scaling. CNFS also offers functionalities including a recycle bin, resource quotas, and storage volume I/O performance monitoring. For additional details on CNFS, refer to Container Network File System CNFS, manage NAS lifecycle, and manage OSS lifecycle.
CSI components
The Container Storage Interface (CSI) plug-in comprises two key components: the CSI-Plugin and the CSI-Provisioner, which facilitate the automatic creation, mounting, and dismounting of volumes. These CSI components come pre-deployed in both ACK managed clusters and ACK dedicated clusters. For detailed information on the CSI components and instructions for upgrading, refer to managing CSI-Plugin and CSI-Provisioner components.
FAQ
How To Determine The Storage Plug-in Mode Used By The Cluster?
To identify the storage plug-in mode, view node annotations in the console or use kubectl to check kubelet parameters.
View node annotations through the console
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose .
-
In the Operation column of the desired node, click
.Check the node's Annotations under the Basic Information tab. The presence of
volumes.kubernetes.io/controller-managed-attach-detach: true
signifies that the cluster storage plug-in is CSI, while its absence indicates FlexVolume.
View kubelet parameters by using commands
Execute the command below to view kubelet parameters.
ps -ef | grep kubelet
Expected output:
--enable-controller-attach-detach=true
-
If
--enable-controller-attach-detach
is set totrue
, this signifies that the cluster's storage plugin is the Container Storage Interface (CSI). -
If the
--enable-controller-attach-detach
parameter is set tofalse
, this signifies that the cluster is utilizing a FlexVolume storage plugin.
How to manually authorize the CSI plug-in?
The CSI plug-in necessitates granting permissions for operations like mounting, unmounting, creating, and deleting volumes, which involve accessing resources from other products. Generally, CSI components come pre-installed in the cluster with the requisite permissions. Should manual authorization be required within the cluster, the CSI plug-in allows for direct authorization via AccessKey or by using RAM roles, which is the default method.
-
Authorize using AccessKey information
-
Enter the AccessKey information directly into the CSI deployment template.
-
You can also inject the AccessKey information into environment variables using the Secret method.
-
-
Authorize using RAM roles: The CSI plug-in utilizes the AliyunCSManagedCsiRole to access your resources across other cloud services. For more information, see ACK service roles. For details on RAM role authorization, see authorize RAM roles.
-
ACK managed cluster: The Token for RAM role permissions required by CSI is stored in a Secret named addon.csi.token. The CSI plug-in can mount this Secret to facilitate RAM role authorization and enable OpenAPI access.
-
ACK dedicated cluster: CSI leverages the RAM role associated with the ECS node where its pod resides.
-