NAS volumes are suitable for scenarios such as data analytics, data sharing, web applications, and log storage. Instead of using statically provisioned volumes, you can create a PersistentVolumeClaim (PVC) and configure a StorageClass to dynamically allocate storage resources. The system then automatically provisions a persistent volume (PV) for you. This eliminates the need to manually create and configure storage resources in advance. You can mount a dynamically provisioned NAS volume using the subpath, sharepath, or filesystem method.
Prerequisites
The CSI plug-in is installed in the cluster. If an upgrade is required, refer to Update csi-plugin and csi-provisioner.
NoteIf your cluster uses FlexVolume, upgrade to CSI, because FlexVolume is deprecated. For details, see Upgrade from FlexVolume to CSI. To verify your storage component type, go to , and click the Storage tab.
The File Storage NAS service is activated.
When you log on to the File Storage NAS product page for the first time, follow the on-screen instructions to activate the service.
Limits
You cannot mount NAS file systems that use the SMB protocol.
You can mount a NAS file system only to pods in the same VPC. Cross-VPC mounting is not supported.
NoteWithin the same VPC, you can mount a NAS file system across zones.
General-purpose NAS file systems and Extreme NAS file systems have constraints on mount connectivity, the number of file systems, and protocol types. For more information, see Limits.
Usage notes
NAS is a shared storage service. A single NAS volume can be mounted to multiple pods. If multiple pods write data simultaneously, applications must independently ensure data consistency.
For more information about the limits on concurrent writes to NAS, see How do I prevent exceptions that may occur when multiple processes or clients concurrently write data to a log file? and How do I resolve the latency in writing data to an NFS file system?
If your application template includes the
securityContext.fsgroupparameter, kubelet performschmodorchownoperations after mounting, which can increase mount time.Avoid this setting to reduce latency. For more details, see Why does it require a long time to mount a NAS volume?.
Do not delete the NAS mount target after mounting. Doing so may cause the system to become unresponsive.
Mounting instructions
The volumeAs parameter in a StorageClass defines the relationship between a PV and a NAS file system or its subdirectory. Select a mount method based on your scenario.
Mount method | Description | Scenarios |
Creates a subdirectory-type PV. Each PV corresponds to one subdirectory of a NAS file system. |
| |
When a PV is created, no actual directory is created. Each PV corresponds to the same NAS directory. | Multiple pods across different namespaces mount the same NAS subdirectory. | |
Mount using the filesystem method (Not recommended) | Automatically creates a NAS file system. Each PV corresponds to one NAS file system. | This method is used when you need to exclusively use a NAS file system and dynamically create and delete the NAS file system and its mount target. |
Mount using the subpath method
When you use the subpath method, make sure that the version of the CSI component is 1.31.4 or later. For more information about how to upgrade the component, see Upgrade the CSI component.
Step 1: Obtain information about the NAS file system and mount target
Log on to the NAS console. In the navigation pane on the left, choose .
Create a NAS file system and a mount target.
You can mount only NAS file systems that use the NFS protocol. The mount target and the cluster nodes must be in the same VPC.
If you have an existing NAS file system, make sure that it meets the requirements.
If you do not have a suitable NAS file system, create one and a mount target. For more information, see Create a file system and Manage mount targets.
Obtain the information about the mount target.
Click the ID of the file system. In the navigation pane on the left, click Mount Targets.
In the Mount Target section, make sure that the status of the existing mount target is Active and obtain the mount target address.
Step 2: Create a StorageClass
kubectl
Modify the following YAML content and save it as alicloud-nas-subpath.yaml.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: alicloud-nas-subpath mountOptions: - nolock,tcp,noresvport - vers=3 parameters: volumeAs: subpath server: "0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com:/k8s" archiveOnDelete: "true" provisioner: nasplugin.csi.alibabacloud.com reclaimPolicy: Retain allowVolumeExpansion: trueParameter
Description
mountOptionsThe mount parameters for the NAS file system, including the NFS protocol version. We recommend that you use NFSv3. Extreme NAS file systems support only NFSv3. For more information about the NFS protocol, see NFS protocol.
parametersvolumeAsThe mount method. In this example, the value is set to
subpath. This creates a subdirectory-type PV. One PV corresponds to one subdirectory of a NAS file system.serverThe address of the mount target and the subdirectory of the NAS file system to mount. The format is
<NAS mount target address>:<mount directory>. If you do not specify a subdirectory, the root directory/is mounted by default.archiveOnDeleteSpecifies whether to delete the backend storage data when
reclaimPolicyis set toDelete. This parameter is added for double confirmation because NAS is a shared storage service.true(default): The directory or file is not deleted. It is renamed toarchived-{pvName}.{timestamp}.false: The backend storage resource is deleted.
NoteIf the service traffic is high, we recommend that you do not set this parameter to false. For more information, see The task queue of the Controller is full and no new PVs can be created when you use dynamically provisioned NAS volumes.
To completely delete the backend storage data, you can only set
parameters.archiveOnDeletetofalseusing kubectl.
provisionerThe driver type. The value is fixed at
nasplugin.csi.alibabacloud.com, which indicates that the Alibaba Cloud NAS CSI plugin is used.reclaimPolicyThe reclaim policy of the PV. The default value is
Delete.Retainis also supported.Delete: This value must be used witharchiveOnDelete.When
archiveOnDeleteistrue, the files in the NAS file system are renamed but not deleted when the PVC is deleted.When
archiveOnDeleteisfalse, the files in the NAS file system are deleted when the PVC is deleted.ImportantThis deletes the subpath directory and its files in the NAS file system. The NAS file system itself is not deleted. To delete the NAS file system, see Delete a file system.
Retain: When the PVC is deleted, the PV and the files in the NAS file system are not deleted. You must manually delete them.
If data security is a high priority, we recommend that you set this parameter to
Retainto prevent accidental data loss.allowVolumeExpansionYou can set this parameter only for General-purpose NAS file systems. If you enable this feature, a directory quota is configured for the PV that is dynamically created by the StorageClass to limit the available capacity. You can also update the PVC to expand the volume capacity. For more information, see Set a directory quota for a dynamically provisioned NAS volume.
NoteThe NAS quota takes effect asynchronously. After a PV is dynamically created, the directory quota may not take effect immediately. If you write a large amount of data in a short period, the storage usage may exceed the capacity limit. For more information about NAS directory quotas, see Directory quotas.
Create the StorageClass.
kubectl create -f alicloud-nas-subpath.yaml
Console
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left-side pane, choose .
On the Storage Classes page, click Create.
In the Create dialog box, configure the parameters for the StorageClass and click Create.
The following table describes the key parameters.
Configuration Item
Description
Example
Name
The name of the StorageClass. For more information about the format requirements, see the instructions on the UI.
alicloud-nas-subpath
Volume Type
Select NAS.
NAS
Select Mount Target
The address of the mount target of the NAS file system.
0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com
Volume Mode
The access mode of the volume. In this example, select Subpath. This uses the subpath method to mount the volume and automatically creates a subdirectory in the mount path. Data is stored in
<NAS mount target>:<mount path>/<pv-name>/.NoteThe Subpath mode takes effect only when the CSI component is V1.31.4 or later. Otherwise, the Shared Path mode is used.
Subpath
Mount Path
The subdirectory of the NAS file system to mount.
If you do not set this parameter, the root directory is mounted by default.
If the directory does not exist in the NAS file system, it is automatically created and then mounted.
NoteThe root directory of a General-purpose NAS file system is
/. The root directory of an Extreme NAS file system is/share. When you mount a subdirectory of an Extreme NAS file system, thepathmust start with/share, such as/share/data./k8s
Reclaim Policy
The reclaim policy of the PV. We recommend that you select Retain to prevent accidental data loss.
Delete: This value must be used with
archiveOnDelete. The console does not support the configuration ofarchiveOnDelete. If you select Delete, the setting does not take effect. When you delete the PVC, the PV and NAS files are not deleted. To configurearchiveOnDelete, create the PV using a YAML file. For a sample YAML file, see the kubectl tab.Retain: When the PVC is deleted, the PV and NAS files are not deleted. You must manually delete them.
Retain
Mount Options
The mount parameters for the NAS file system, including the NFS protocol version. We recommend that you use NFSv3. Extreme NAS file systems support only NFSv3. For more information about the NFS protocol, see NFS protocol.
Keep the default value
After the StorageClass is created, you can view it in the Storage Classes list.
Step 3: Create a PVC
kubectl
Modify the YAML content and save it as nas-pvc.yaml.
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nas-csi-pvc spec: accessModes: - ReadWriteMany storageClassName: alicloud-nas-subpath resources: requests: storage: 20GiParameter
Description
accessModesThe access mode. The default value is
ReadWriteMany.ReadWriteOnceandReadOnlyManyare also supported.storageClassNameThe name of the StorageClass to bind.
storageThe capacity of the volume that you want to request.
ImportantBy default, the actual available capacity of a NAS volume is not limited by this configuration. It is determined by the specifications of the NAS file system. For more information, see General-purpose NAS and Extreme NAS.
If you use a General-purpose NAS file system and
allowVolumeExpansionof the StorageClass is set totrue, the CSI component sets a directory quota based on this configuration to limit the available capacity of the NAS volume.
Create the PVC.
kubectl create -f nas-pvc.yamlView the PV.
kubectl get pvcThe expected output indicates that the CSI component automatically created a PV based on the StorageClass and bound the PV to the PVC.
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS VOLUMEATTRIBUTESCLASS REASON AGE nas-a7540d97-0f53-4e05-b7d9-557309****** 20Gi RWX Retain Bound default/nas-csi-pvc alicloud-nas-subpath <unset> 5m
Console
In the left-side navigation pane of the details page, choose .
On the PersistentVolumeClaims page, click Create.
On the Create PersistentVolumeClaim page, configure the parameters and click Create.
Configuration Item
Description
Example
Storage Claim Type
Select NAS.
NAS
Name
The name of the PVC. The name must be unique within the namespace.
pvc-nas
Provisioning Mode
In this example, select Dynamic Provisioning Using StorageClass.
Dynamic Provisioning Using StorageClass
Existing StorageClass
Click Select StorageClass and select the StorageClass that you created in the previous step.
alicloud-nas-subpath
Total Capacity
The capacity of the volume. This setting does not limit the maximum capacity that the application can use.
ImportantBy default, the actual available capacity of a NAS volume is not limited by this configuration. It is determined by the specifications of the NAS file system. For more information, see General-purpose NAS and Extreme NAS.
If you use a General-purpose NAS file system and
allowVolumeExpansionof the StorageClass is set totrue, the CSI component sets a directory quota based on this configuration to limit the available capacity of the NAS volume.
20Gi
Access Mode
The default value is ReadWriteMany. You can also select ReadWriteOnce or ReadOnlyMany.
ReadWriteMany
Step 4: Create an application and mount the NAS volume
kubectl
Create two deployments and mount the same PVC to them. This allows them to share the same subdirectory of the same NAS file system.
If you want to mount different subdirectories of the same NAS file system to multiple pods, create different StorageClasses and corresponding PVCs for the subdirectories, and then mount the PVCs separately.
Modify the following YAML content and save the files as nginx-1.yaml and nginx-2.yaml.
The following sample YAML files show that the configurations in nginx-1.yaml and nginx-2.yaml are the same, except for the
metadata.namevalue. The two applications are bound to the same PVC.nginx-1.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test-1 labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" # The path where the NAS volume is mounted in the container volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvc # Used to bind the PVCnginx-2.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test-2 labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" # The path where the NAS volume is mounted in the container volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvc # Used to bind the PVCCreate the two deployments.
kubectl create -f nginx-1.yaml -f nginx-2.yamlView the pod information.
kubectl get pod -l app=nginxThe expected output indicates that the same subdirectory of the same NAS file system is mounted to different applications.
NAME READY STATUS RESTARTS AGE nas-test-1-b75d5b6bc-vqwq9 1/1 Running 0 51s nas-test-2-b75d5b6bc-8k9vx 1/1 Running 0 44s
Console
Repeat the following steps to create two deployments and mount the same PVC to them. This allows them to share the same subdirectory of the same NAS file system.
In the navigation pane on the left of the cluster details page, go to .
On the Stateless page, click Create From Image.
Configure the parameters to create the application.
The following table describes the key parameters. You can keep the default values for other parameters. For more information, see Create a stateless application from an image.
Configuration Item
Parameter
Description
Example
Basic Information
Name
The name of the deployment. Enter a custom name. For more information about the format requirements, see the instructions on the UI.
deployment-nas-1
Replicas
The number of replicas for the deployment.
1
Container
Image Name
The address of the image used to deploy the application.
anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
Required Resources
The required vCPU and memory resources.
0.25 vCPU, 512 MiB
Volume
Click Add Cloud Storage Claim and complete the parameter settings.
Source: Select the PVC that you created.
Container Path: Enter the path in the container to which you want to mount the NAS file system.
Source: pvc-nas
Container Path: /data
View the deployment status of the application.
Click the application name on the Stateless page.
On the Pods tab, make sure that the pod status is Running.
Mount using the sharepath method
Step 1: Obtain information about the NAS file system and mount target
Log on to the NAS console. In the navigation pane on the left, choose .
Create a NAS file system and a mount target.
You can mount only NAS file systems that use the NFS protocol. The mount target and the cluster nodes must be in the same VPC.
If you have an existing NAS file system, make sure that it meets the requirements.
If you do not have a suitable NAS file system, create one and a mount target. For more information, see Create a file system and Manage mount targets.
Obtain the information about the mount target.
Click the ID of the file system. In the navigation pane on the left, click Mount Targets.
In the Mount Target section, make sure that the status of the existing mount target is Active and obtain the mount target address.
Step 2: Create a StorageClass
kubectl
Save the following content to the alicloud-nas-sharepath.yaml file and modify the parameters as needed.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: alicloud-nas-sharepath mountOptions: - nolock,tcp,noresvport - vers=3 parameters: volumeAs: sharepath server: "0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com:/sharepath" provisioner: nasplugin.csi.alibabacloud.com reclaimPolicy: RetainParameter
Description
mountOptionsThe mount parameters for the NAS file system, including the NFS protocol version. We recommend that you use NFSv3. Extreme NAS file systems support only NFSv3. For more information about the NFS protocol, see NFS protocol.
parametersvolumeAsThe mount method. In this example, the value is set to
sharepath. When a PV is created, no actual directory is created. The path specified in the StorageClass is used. This means that each PV corresponds to the same NAS directory.serverThe address of the mount target and the subdirectory of the NAS file system to mount. The format is
<NAS mount target address>:<mount directory>.If you do not specify a subdirectory, the root directory
/is mounted by default.If the directory does not exist in the NAS file system, it is automatically created and then mounted.
The root directory of a General-purpose NAS file system is
/. The root directory of an Extreme NAS file system is/share. When you mount a subdirectory of an Extreme NAS file system, thepathmust start with/share, such as/share/data.provisionerThe driver type. The value is fixed at
nasplugin.csi.alibabacloud.com, which indicates that the Alibaba Cloud NAS CSI plugin is used.reclaimPolicyThe reclaim policy of the PV. When you use the sharepath method, you must set this parameter to
Retain.Create the StorageClass.
kubectl create -f alicloud-nas-sharepath.yaml
Console
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left-side pane, choose .
On the Storage Classes page, click Create.
In the Create dialog box, configure the parameters for the StorageClass and click Create.
The following table describes the key parameters.
Configuration Item
Description
Example
Name
The name of the StorageClass. For more information about the format requirements, see the instructions on the UI.
alicloud-nas-sharepath
Volume Type
Select NAS.
NAS
Select Mount Target
The address of the mount target of the NAS file system.
0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com
Volume Mode
The access mode of the volume. In this example, select Shared Path. This uses the sharepath method to mount the volume. When a PV is created, no actual directory is created. The path specified in the StorageClass is used. This means that each PV corresponds to the same NAS directory. This method is suitable for scenarios where you need to share a directory across namespaces.
Shared Path
Mount Path
The subdirectory of the NAS file system to mount.
If you do not set this parameter, the root directory is mounted by default.
If the directory does not exist in the NAS file system, it is automatically created and then mounted.
NoteThe root directory of a General-purpose NAS file system is
/. The root directory of an Extreme NAS file system is/share. When you mount a subdirectory of an Extreme NAS file system, thepathmust start with/share, such as/share/data./sharepath
Reclaim Policy
When you use the sharepath method, you must set this parameter to
Retain.Retain
Mount Options
The mount parameters for the NAS file system, including the NFS protocol version. We recommend that you use NFSv3. Extreme NAS file systems support only NFSv3. For more information about the NFS protocol, see NFS protocol.
Keep the default value
After the StorageClass is created, you can view it in the Storage Classes list.
Step 3: Create a PVC
The following example shows how to create PVCs in two different namespaces.
kubectl
To mount a NAS volume to pods in different namespaces, you must create two namespaces.
Create the ns1 and ns2 namespaces.
kubectl create ns ns1 kubectl create ns ns2Modify the following YAML content and save it as pvc.yaml.
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nas-csi-pvc namespace: ns1 spec: accessModes: - ReadWriteMany storageClassName: alicloud-nas-sharepath resources: requests: storage: 20Gi --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nas-csi-pvc namespace: ns2 spec: accessModes: - ReadWriteMany storageClassName: alicloud-nas-sharepath resources: requests: storage: 20GiParameter
Description
accessModesThe access mode. The default value is
ReadWriteMany.ReadWriteOnceandReadOnlyManyare also supported.storageClassNameThe name of the StorageClass to bind.
storageThe capacity of the volume that you want to request.
ImportantBy default, the actual available capacity of a NAS volume is not limited by this configuration. It is determined by the specifications of the NAS file system. For more information, see General-purpose NAS and Extreme NAS.
If you use a General-purpose NAS file system and
allowVolumeExpansionof the StorageClass is set totrue, the CSI component sets a directory quota based on this configuration to limit the available capacity of the NAS volume.
Create the PVCs.
kubectl create -f pvc.yamlView the PVs.
kubectl get pvThe expected output indicates that the CSI component automatically created two PVs based on the StorageClass and bound them to the two PVCs in different namespaces.
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS VOLUMEATTRIBUTESCLASS REASON AGE nas-0b448885-6226-4d22-8a5b-d0768c****** 20Gi RWX Retain Bound ns1/nas-csi-pvc alicloud-nas-sharepath <unset> 74s nas-bcd21c93-8219-4a11-986b-fd934a****** 20Gi RWX Retain Bound ns2/nas-csi-pvc alicloud-nas-sharepath <unset> 74s
Console
Create the ns1 and ns2 namespaces. For more information, see Create a namespace.
In the left-side navigation pane of the details page, choose .
Create a PVC in the ns1 namespace.
On the PersistentVolumeClaims page, set Namespace to ns1 and click Create.
On the Create PersistentVolumeClaim page, configure the parameters and click Create.
Configuration Item
Description
Example
Storage Claim Type
Select NAS.
NAS
Name
The name of the PVC. The name must be unique within the namespace.
pvc-nas
Provisioning Mode
In this example, select Dynamic Provisioning Using StorageClass.
Dynamic Provisioning Using StorageClass
Existing StorageClass
Click Select StorageClass and select the StorageClass that you created.
alicloud-nas-sharepath
Total Capacity
The capacity of the volume.
20Gi
Access Mode
The default value is ReadWriteMany. You can also select ReadWriteOnce or ReadOnlyMany.
ReadWriteMany
Repeat the preceding step to create another PVC in the ns2 namespace.
Return to the PersistentVolumeClaims page. In the ns1 and ns2 namespaces, make sure that the two PVCs are bound to the automatically created PVs.
Step 4: Create an application and mount the NAS volume
Create applications in two different namespaces and mount the PVCs in the corresponding namespaces. The applications will share the NAS directory defined in the StorageClass.
kubectl
Modify the following YAML content and save the files as nginx-ns1.yaml and nginx-ns2.yaml.
The following sample YAML files show that the configurations in nginx-ns1.yaml and nginx-ns2.yaml are the same, except for the
metadata.namespacevalue. The two applications are bound to the PVCs in their respective namespaces.nginx-ns1.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test namespace: ns1 spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvcnginx-ns2.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test namespace: ns2 spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvcCreate the two deployments.
kubectl create -f nginx-ns1.yaml -f nginx-ns2.yamlView the pod information.
kubectl get pod -A -l app=nginxThe expected output indicates that the same subdirectory of the same NAS file system is mounted to pods in different namespaces.
NAMESPACE NAME READY STATUS RESTARTS AGE ns1 nas-test-b75d5b6bc-ljvfd 1/1 Running 0 2m19s ns2 nas-test-b75d5b6bc-666hn 1/1 Running 0 2m11s
Console
In the navigation pane on the left of the cluster details page, go to .
Create a deployment in the ns1 namespace and mount the corresponding PVC.
Set Namespace to ns1 and click Create From Image.
Configure the parameters to create the application.
The following table describes the key parameters. You can keep the default values for other parameters. For more information, see Create a stateless application from an image.
Configuration Item
Parameter
Description
Example
Basic Information
Name
The name of the deployment. Enter a custom name. For more information about the format requirements, see the instructions on the UI.
nginx
Replicas
The number of replicas for the deployment.
2
Container
Image Name
The address of the image used to deploy the application.
anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
Required Resources
The required vCPU and memory resources.
0.25 vCPU, 512 MiB
Volume
Click Add PVC and configure the parameters.
Source: Select the PVC that you created.
Container Path: Enter the path in the container to which you want to mount the NAS file system.
Source: pvc-nas
Container Path: /data
Repeat the preceding step to create another deployment in the ns2 namespace and mount the corresponding PVC.
Return to the Deployments page. In the ns1 and ns2 namespaces, view the deployment status of the two deployments. Make sure that the pods are running and the corresponding PVCs are mounted.
Mount using the filesystem method
If your application needs to dynamically create and delete NAS file systems and mount targets, you can use the filesystem method to mount a NAS volume. A pod that uses a filesystem-type NAS volume can create only one file system and one mount target.
By default, when a filesystem-type dynamically provisioned NAS volume is deleted, the file system and mount target are retained. To release the NAS file system and mount target when you release the PV resource, you must set reclaimPolicy to Delete and deleteVolume to true in the StorageClass.
Step 1: Set and grant a RAM Policy (Only ACK dedicated clusters must execute this step)
Filesystem-type NAS volumes involve the dynamic creation and deletion of NAS file systems and mount targets. Therefore, you must grant the required permissions to the csi-provisioner component for an ACK dedicated cluster.
The following code provides the minimum set of permissions required.
{
"Action": [
"nas:DescribeMountTargets",
"nas:CreateMountTarget",
"nas:DeleteFileSystem",
"nas:DeleteMountTarget",
"nas:CreateFileSystem"
],
"Resource": [
"*"
],
"Effect": "Allow"
}You can grant the permissions in one of the following ways:
Edit the custom policy of the Master RAM role for the ACK dedicated cluster to add the NAS-related permissions shown above. For more information, see Modify the content and remarks of a custom permission policy.
Create a RAM user, grant the RAM policy described above, generate an AccessKey, and add the AccessKey to the
envvariable of the csi-provisioner.env: - name: CSI_ENDPOINT value: unix://socketDir/csi.sock - name: ACCESS_KEY_ID value: "" - name: ACCESS_KEY_SECRET value: ""
Step 2: Create a StorageClass
Step 3: Create a PVC
Step 4: Create an application and mount the NAS volume
Verify the shared storage and persistent storage features of NAS
The multiple pods that you created in the preceding examples mount the same NAS file system. You can perform the following steps to verify the features:
Create a file in one pod and then check for the file in another pod to verify the shared storage feature.
Recreate the deployment and then check whether the data exists in the file system of the new pod to verify the persistent storage feature.
View the pod information.
kubectl get pod | grep nas-testSample result:
nas-test-*****a 1/1 Running 0 40s nas-test-*****b 1/1 Running 0 40sVerify shared storage.
Create a file in a pod.
In this example, the
nas-test-*****apod is used:kubectl exec nas-test-*****a -- touch /data/test.txtView the file from the other pod.
In this example, the
nas-test-*****bpod is used:kubectl exec nas-test-*****b -- ls /dataExpected output shows that the newly created file
test.txtis shared:test.txt
Verify persistent storage.
Recreate the Deployment.
kubectl rollout restart deploy nas-testWait until the pods are recreated.
kubectl get pod | grep nas-testSample result:
nas-test-*****c 1/1 Running 0 67s nas-test-*****d 1/1 Running 0 49sLog on to a recreated pod and check whether the file still exists in the file system.
In this example, the
nas-test-*****cpod is used:kubectl exec nas-test-*****c -- ls /dataThe following output shows that the file still exists in the NAS file system and can be accessed from the mount directory in the recreated pod.
test.txt
FAQs
If you encounter issues when mounting or using NAS volumes, refer to:
References
You can use Container Network File System (CNFS) to independently manage NAS file systems and improve their performance and Quality of Service (QoS) control. For more information, see Manage NAS file systems using CNFS (Recommended).
General-purpose NAS file systems that are mounted using the subpath method support the directory quota feature. You can set capacity limits for subdirectory PVs to improve resource utilization. For more information, see Set a directory quota for a dynamically provisioned NAS volume.