Use the recycle bin feature to restore deleted NAS data - Container Service for Kubernetes

Container Network File System (CNFS) supports the recycle bin feature, which allows you to restore accidentally deleted NAS files. This topic describes how to use the CNFS recycle bin feature to restore deleted NAS files using a publicly accessible NGINX application as an example.

Usage notes

Billing
You are not charged for enabling the recycle bin feature. However, you are charged for the storage space occupied by files that are temporarily stored in the recycle bin. The storage fees are calculated based on the storage type of the files before the files are deleted. To reduce storage costs, we recommend that you specify a retention period for files. For more information, see Billing of General-purpose NAS file systems and Billing of the IA storage class.
Permissions
Only the owner of a file system or authorized Resource Access Management (RAM) users can use the recycle bin feature. For more information, see Perform access control based on RAM policies.

Prerequisites

The cluster uses CNFS to manage NAS file systems. For more information, see Manage NAS file systems by using CNFS (recommended).
The cluster can be accessed over the Internet. For more information, see Enable Internet access for API Server.
The Container Storage Interface (CSI) plug-in is used, and the following components meet the version requirements:
- The versions of csi-plugin and csi-provisioner are v1.20.5-ff6490f-aliyun or later. To upgrade the components, see Upgrade csi-plugin and csi-provisioner.
- The version of storage-operator is v1.18.8.56-2aa33ba-aliyun or later. To upgrade the component, see Manage the storage-operator component.

Procedure

Create a sample directory by using the CNFS StorageClass and mount the directory to NGINX. After the index.html file is deleted, the NGINX welcome page cannot be accessed. You can restore the index.html file from the recycle bin in the console to restore the NGINX welcome page.

Step 1: Create a PVC and mount it to a publicly accessible NGINX application

View the status of the CNFS object.

Make sure that the status of the CNFS object is Available.

View the CNFS object.

kubectl get cnfs

Expected results:

NAME                                      AGE
default-cnfs-nas-7938cef-20210907193713   21h

View the status of the CNFS object.

kubectl get cnfs default-cnfs-nas-7938cef-20210907193713 -o yaml | grep Available

Expected results:

status: Available

Use the following YAML template to create a PVC.
Important
The CNFS StorageClass is referenced in the storageClassName field of the PVC. In this example, the name of the PVC is cnfs-nas-pvc and the value of storageClassName is alibabacloud-cnfs-nas.
```
cat << EOF | kubectl apply -f -
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: cnfs-nas-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alibabacloud-cnfs-nas
  resources:
    requests:
      storage: 30Gi
EOF
```

Use the following YAML template to create a Deployment.

Important

The Deployment is used to reference the PVC created in the preceding step. In this example, the name of the Deployment is cnfs-nas-deployment, the name of the referenced PVC is cnfs-nas-pvc, the path to which the PVC is mounted in the container is /app, and a container port named http is exposed on port 8080.

cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cnfs-nas-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      securityContext:
        runAsUser: 0
      containers:
      - name: nginx
        image: docker.io/bitnami/nginx:1.16.1-debian-9-r56
        volumeMounts:
        - mountPath: "/app"
          name: cnfs-nas-pvc
        ports:
        - containerPort: 8080
          name: http
      volumes:
      - name: cnfs-nas-pvc
        persistentVolumeClaim:
          claimName: cnfs-nas-pvc
EOF

Use the following YAML template to create a Service for the Deployment.
Note
The following YAML template is used to create a LoadBalancer Service. A Server Load Balancer (SLB) instance is used to expose the Service through a public IP address, which can be used to access the Deployment. In this example, a Service named nginx-default of the LoadBalancer type is created. The Service forwards HTTP requests from the Internet to pods with the label app:nginx.
```
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
  name: nginx-default
  labels:
    app: nginx
spec:
  type: LoadBalancer
  externalTrafficPolicy: "Cluster"
  ports:
    - name: http
      port: 80
      targetPort: http
  selector:
    app: nginx
EOF
```

Add the NGINX welcome page to the /app path of the running pod.

Run the following command to query the number of pods in the cluster:

kubectl get pod

Expected results:

NAME                                   READY   STATUS    RESTARTS   AGE
cnfs-nas-deployment-597bc9fb45-cmkss   1/1     Running   0          3h23m

Go to the /app path of pod cnfs-nas-deployment-597bc9fb45-cmkss.

kubectl exec cnfs-nas-deployment-597bc9fb45-cmkss -ti sh
cd /app

Write index.html to the /app path.

cat << EOF >> index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
EOF

Exit the pod.
```
exit
```

Obtain the public IP address of the SLB instance.

kubectl get svc

Expected results:

NAME            TYPE           CLUSTER-IP        EXTERNAL-IP      PORT(S)        AGE
nginx-default   LoadBalancer   192.168.XX.XX     47.115.XX.XX     80:30989/TCP   20h

Enter the public IP address into the address bar of a browser. The NGINX welcome page appears.
In this example, the public IP address is 47.115.XX.XX.

Step 2: Verify the restore feature of the CNFS recycle bin

The following example describes how to restore a deleted file from the recycle bin of the NAS volume managed by CNFS.

Delete the index.html file and refresh the browser. The NGINX welcome page displays 403 Forbidden.
```
kubectl exec cnfs-nas-deployment-597bc9fb45-cmkss -- rm -rf /app/index.html
```
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Volumes > Persistent Volumes.
On the Persistent Volumes page, click Recycle Bin in the Actions column of the persistent volume.
CNFS-managed NAS enables the recycle bin by default. You can recover the index.html file of Nginx in the console.
In this example, the name of the persistent volume (PV) is nas-ecaf6018-5250-4e19-b570-5d9e657d23bc.
On the Recycle Bin tab of the file system, click the Deleted Files And Directories tab. Then, click Restore in the Actions column of the deleted path.
Select Restore To Original Path and click OK.
Refresh the browser to verify that the NGINX welcome page is restored.
This indicates that the index.html file of NGINX is restored.

References

For more information about the recycle bin feature of NAS, such as how to disable and empty the recycle bin, see Recycle bin.