You can mount a disk to a sandboxed container to significantly improve I/O performance. This topic describes how to mount a disk to a sandboxed container.

Background information

virtio-fs is a shared file system. The Sandboxed-Container runtime provided by Container Service for Kubernetes supports virtio-fs. It allows you to add volumes, Secrets, and ConfigMaps to the guest operating system of a virtual machine (VM). This allows you to mount a disk as a volume to a sandboxed container. This method mounts the disk to the host. Applications in the container can write data to and read data from the disks only through virtio-fs. This may cause performance degradation.

Sandboxed containers allow you to directly mount disks. This method first unmounts disk mount targets from the host. Then, the disk is mounted to the guest operating system before the system creates a bind mount for the disk. This way, applications in the container can directly write data to and read data from the disk without performance degradation.

Mount a disk to a sandboxed container

How a disk is mounted to a sandboxed container

How a disk is mounted to a sandboxed container

A disk is mounted to a sandboxed container in the following process.

Step Description
The kubelet requests the CSI plug-in to mount a disk.
The CSI plug-in formats the disk and mounts the disk to the host.
The kubelet requests Kangaroo-Runtime to create a pod.
Kangaroo-Runtime parses the disk unmounting information and unmounts the disk from the host.
Kangaroo-Runtime requests the agent to create a pod.
The agent mounts the disk to the guest operating system.
The agent creates a bind mount for the disk that is mounted to the guest operating system.

Examples

The following example shows how to mount a disk to a sandboxed container. In this example, a YAML file template is used to create resource objects.

  1. Use the following template to create resource objects: 
    cat <<EOF | kubectl create -f -
allowVolumeExpansion: true
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alicloud-disk-ssd
parameters:
  type: cloud_ssd
provisioner: diskplugin.csi.alibabacloud.com
reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: disk-pvc-01
  namespace: default
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 25Gi
  storageClassName: alicloud-disk-ssd
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: busybox
  name: busybox
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: busybox
  template:
    metadata:
      labels:
        app: busybox
      annotations:
        storage.alibabacloud.com/enable_ebs_passthrough: "true"
    spec:
      containers:
        - name: busybox
          image: registry.cn-hangzhou.aliyuncs.com/acs/busybox:v1.29.2
          command:
          - tail
          - -f
          - /dev/null
          volumeMounts:
            - mountPath: "/data"
              name: disk-pvc
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      runtimeClassName: runv
      volumes:
        - name: disk-pvc
          persistentVolumeClaim:
            claimName: disk-pvc-01
EOF
    Note
    By default, pods cannot communicate with disks. You must add an annotation in the template to enable the pod to communicate with disks. 
    annotations:
        storage.alibabacloud.com/enable_ebs_passthrough: "true"
  2. Run the following commands to check the type of file system that is mounted to the pod: 
    kubectl get pods
    kubectl exec -it ${podid} sh
    mount | grep /data | grep -vi virtio_fs
    If the type of file system is not virtio-fs, it indicates that the disk is mounted to the container.