Object Storage Service (OSS) is a secure, cost-effective, and high-reliability cloud
storage service provided by Alibaba Cloud. OSS allows you to store a large amount
of data in the cloud. This topic describes how to mount an OSS bucket as a statically
provisioned volume in the console or by using a CLI.
Prerequisites
A Container Service for Kubernetes (ACK) cluster is created. For more information,
see Create an ACK managed cluster.
An OSS bucket is created. For more information, see Create buckets.
Note Select the internal endpoint if the OSS bucket and the Elastic Compute Service (ECS)
instance are deployed in the same region.
OSS is a secure, cost-effective, high-capacity, and high-reliability cloud storage
service provided by Alibaba Cloud. You can mount an OSS bucket to multiple pods of
an ACK cluster. OSS is applicable to the following scenarios:
Average requirements for disk I/O.
Sharing of data, including configuration files, images, and small video files.
Precautions
OSS buckets do not support dynamically provisioned persistent volumes (PVs).
kubelet and the OSSFS driver may be restarted when the ACK cluster is upgraded. As
a result, the mounted OSS directory becomes unavailable. In this case, you must recreate
the pods to which the OSS volume is mounted. You can add health check settings in
the YAML file to restart the pods and remount the OSS volume when the OSS directory
becomes unavailable.
Note If the csi-plugin and csi-provisioner that you use are V1.18.8.45 or later, the preceding
issue does not occur.
If the securityContext.fsgroup parameter is set in the application template, kubelet performs the chmod or chown operation after the volume is mounted, which increases the time consumption.
We recommend that you create no more than 1,000 files in the path directory. The OSSFS driver requires excess memory when the number of files is too
large, which may cause Out Of Memory (OOM) errors in pods.
Mount an OSS bucket as a statically provisioned volume in the console
In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the cluster details page, choose Volumes > Persistent Volumes.
In the upper-right corner of the Persistent Volumes page, click Create.
In the Create PV dialog box, set the following parameters.
Parameter
Description
PV Type
You can select Cloud Disk, NAS, or OSS. In this example, OSS is selected.
Volume Name
The name of the PV that you want to create. The name must be unique in the cluster.
In this example, pv-oss is entered.
Volume Plug-in
You can select Flexvolume or CSI. In this example, CSI is selected.
Capacity
The capacity of the PV that you want to create.
Access Mode
Default value: ReadWriteMany.
Access Certificate
Select a Secret that is used to access the OSS bucket.
Select Existing Secret: Select a namespace and a Secret.
Create Secret: Set Namespace, Name, AccessKey ID, and AccessKey Secret.
Optional Parameters
You can enter custom parameters in the format of -o *** -o ***.
Bucket ID
The name of the OSS bucket that you want to mount. Click Select Bucket. In the dialog box that appears, find the OSS bucket that you want to use and click
Select.
Endpoint
Select the endpoint of the OSS bucket:
If the OSS bucket and the ECS instance belong to different regions, select Public Endpoint.
If the OSS bucket and the ECS instance belong to the same region, select Internal Endpoint.
In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the details page, choose Volumes > Persistent Volume Claims.
In the upper-right corner of the Persistent Volume Claims page, click Create.
In the Create PVC dialog box, set the following parameters.
Parameter
Description
PVC Type
You can select Cloud Disk, NAS, or OSS. In this example, OSS is selected.
Name
The name of the persistent volume claim (PVC). The name must be unique in the cluster.
Allocation Mode
In this example, Existing Volumes is selected.
Note If no PV is created, you can set Allocation Mode to Create Volume and set the required parameters to create a PV. For more information, see Step 1: Create a PV.
Existing Volumes
Click Select PV. Find the PV that you want to use and click Select in the Actions column.
Capacity
The capacity claimed by the PVC.
Note The claimed capacity cannot exceed the capacity of the PV bound to the PVC.
Click Create.
After the PVC is created, you can find the PVC named csi-oss-pvc in the PVCs list. The PV is bound to the PVC.
In the left-side navigation pane of the ACK console, click Clusters.
On the Clusters page, find the cluster that you want to manage and click the name of the cluster
or click Details in the Actions column. The details page of the cluster appears.
In the left-side navigation pane of the details page, choose Workloads > Deployments.
In the upper-right corner of the Deployments page, click Create from Image.
Add Local Storage: You can select HostPath, ConfigMap, Secret, or EmptyDir from the PV Type drop-down
list. Then, set the Mount Source and Container Path parameters to mount the volume
to a container path. For more information, see Volumes.
Add PVC: You can add cloud volumes.
In this example, an OSS volume is selected and mounted to the /tmp path in the container.
Set other parameters and click Create.
After the application is created, you can use the OSS volume to store application
data.
Mount an OSS bucket as a statically provisioned volume by using kubectl
Step 1: Create a statically provisioned PV and a PVC
You can create a statically provisioned PV and a PVC by using the following methods:
Method 1: Create a statically provisioned PV and a PVC by using a Secret
Use a Secret to provide your AccessKey pair to the CSI plug-in.
Method 2: Specify an AccessKey pair when you create a PV and a PVC
Specify an AccessKey pair in the PV configurations.
Method 3: Configure token-based authentication when you create a PV and a PVC
Configure token-based authentication in the PV configurations.
Method 1: Create a statically provisioned PV and a PVC by using a Secret
Create a Secret.
The following YAML template provides an example on how to specify your AccessKey pair
in a Secret:
Note The Secret must be created in the namespace where the application that uses the PV
is deployed.
Replace the values of akId and akSecret with your AccessKey ID and AccessKey secret.
Run the following command to create a statically provisioned PV:
kubectl create -f pv-oss.yaml
The following pv-oss.yaml file is used to create the statically provisioned PV:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-oss
labels:
alicloud-pvname: pv-oss
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
csi:
driver: ossplugin.csi.alibabacloud.com
volumeHandle: pv-oss // The specified value must be the same as the name of the PV.
nodePublishSecretRef:
name: oss-secret
namespace: default
volumeAttributes:
bucket: "oss"
url: "oss-cn-hangzhou.aliyuncs.com"
otherOpts: "-o max_stat_cache_size=0 -o allow_other"
path: "/"
Parameter
Description
name
The name of the PV.
labels
The labels that are added to the PV.
storage
The available storage of the OSS bucket.
accessModes
The access mode of the PV.
persistentVolumeReclaimPolicy
The reclaim policy of the PV.
driver
The type of driver. In this example, the parameter is set to ossplugin.csi.alibabacloud.com.
This indicates that the OSS CSI plug-in is used.
nodePublishSecretRef
The Secret from which the AccessKey pair is retrieved when an OSS bucket is mounted
as a PV.
volumeHandle
The name of the PV.
bucket
The OSS bucket that you want to mount.
url
The endpoint of the OSS bucket to be mounted.
If the node and the OSS bucket belong to the same region, use the internal endpoint
of the OSS bucket.
If the node and the OSS bucket belong to different regions, use the public endpoint
of the OSS bucket.
You cannot use a virtual private cloud (VPC) endpoint.
otherOpts
You can enter custom parameters in the format of -o *** -o ***.
path
The path relative to the root directory of the OSS bucket to be mounted. The default
value is /. This parameter is supported by csi-plugin 1.14.8.32-c77e277b-aliyun and later.
The following pv-accesskey.yaml file provides an example on how to specify an AccessKey pair in the PV configurations:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-oss
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
csi:
driver: ossplugin.csi.alibabacloud.com
volumeHandle: pv-oss // The specified value must be the same as the name of the PV.
volumeAttributes:
bucket: "oss"
url: "oss-cn-hangzhou.aliyuncs.com"
otherOpts: "-o max_stat_cache_size=0 -o allow_other"
akId: "***"
akSecret: "***"
Method 3: Configure token-based authentication when you create a PV and a PVC
you can also run the following command to configure token-based authentication:
kubectl create -f pv-sts.yaml
The following pv-sts.yaml file provides an example on how to configure token-based authentication:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-oss
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
csi:
driver: ossplugin.csi.alibabacloud.com
volumeHandle: pv-oss // The specified value must be the same as the name of the PV.
volumeAttributes:
bucket: "oss"
url: "oss-cn-hangzhou.aliyuncs.com"
otherOpts: "-o max_stat_cache_size=0 -o allow_other"
authType: "sts"
Step 2: Create an application
Create an application named oss-static and mount the PVC to the application.
Run the following command to create an oss-static.yaml file:
kubectl create -f oss-static.yaml
The following oss-static.yaml file is used to create the application: