You can mount a disk to a sandboxed container to significantly improve I/O performance. This topic describes how to mount a disk to a sandboxed container.
Prerequisites
Background information
virtio-fs is a shared file system. The Sandboxed-Container runtime provided by Container Service for Kubernetes supports virtio-fs. It allows you to add volumes, Secrets, and ConfigMaps to the guest operating system of a virtual machine (VM). This allows you to mount a disk as a volume to a sandboxed container. This method mounts the disk to the host. Applications in the container can write data to and read data from the disks only through virtio-fs. This may cause performance degradation.
Sandboxed containers allow you to directly mount disks. This method first unmounts disk mount targets from the host. Then, the disk is mounted to the guest operating system before the system creates a bind mount for the disk. This way, applications in the container can directly write data to and read data from the disk without performance degradation.

How a disk is mounted to a sandboxed container

A disk is mounted to a sandboxed container in the following process.
Step | Description |
---|---|
① | The kubelet requests the CSI plug-in to mount a disk. |
② | The CSI plug-in formats the disk and mounts the disk to the host. |
③ | The kubelet requests Kangaroo-Runtime to create a pod. |
④ | Kangaroo-Runtime parses the disk unmounting information and unmounts the disk from the host. |
⑤ | Kangaroo-Runtime requests the agent to create a pod. |
⑥ | The agent mounts the disk to the guest operating system. |
⑦ | The agent creates a bind mount for the disk that is mounted to the guest operating system. |
Examples
The following example shows how to mount a disk to a sandboxed container. In this example, a YAML file template is used to create resource objects.