Mount disks and SMB file systems to Windows pods - User Guide for Kubernetes Clusters| Alibaba Cloud Documentation Center

Container Service for Kubernetes (ACK) allows you to mount dynamically provisioned disk volumes and statically provisioned Server Message Block (SMB) volumes to Windows pods. This topic describes how to create and mount disk volumes or SMB volumes to pods on Windows nodes.

Prerequisites

You have the permissions to use FlexVolume.
If you do not have the permissions to use FlexVolume, Submit a ticket and apply to be added to a whitelist.
An ACK cluster is created and FlexVolume is selected as the volume plug-in of the cluster. For more information, see Create a managed Kubernetes cluster.
A Windows node pool is created. For more information, see Create a Windows node pool.
A kubectl client is connected to the cluster. For more information, see Connect to ACK clusters by using kubectl.

Create and mount disk volumes to Windows pods

Alibaba Cloud disks are block storage resources for Elastic Compute Service (ECS) instances. Alibaba Cloud disks provide low latency, high performance, high durability, and high reliability.

You can perform the following steps to create and mount disk volumes to Windows pods:

Step 1: Create a StorageClass

alicloud-disk-controller checks whether a StorageClass is intended for the Windows file system or the Linux file system based on the value of fstype in the StorageClass.

If the value of fstype is set to ext3, ext4, or xfs, the StorageClass is intended for the Linux file system.
If the value of fstype is set to ntfs, the StorageClass is intended for the Windows file system.

By default, if FlexVolume is selected as the volume plug-in, the system defines StorageClasses that are intended for the Linux file system when you create an ACK cluster. You must manually define StorageClasses intended for the Windows file system.

Create a file named storageclass.yaml based on the following content to define StorageClasses for the Windows file system:

YAML example

kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: alicloud-disk-common-windows
provisioner: alicloud/disk
parameters:
  type: cloud
  fstype: ntfs
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: alicloud-disk-efficiency-windows
provisioner: alicloud/disk
parameters:
  type: cloud_efficiency
  fstype: ntfs
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: alicloud-disk-ssd-windows
provisioner: alicloud/disk
parameters:
  type: cloud_ssd
  fstype: ntfs
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: alicloud-disk-essd-windows
provisioner: alicloud/disk
parameters:
  type: cloud_essd
  fstype: ntfs
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
  name: alicloud-disk-available-windows
provisioner: alicloud/disk
parameters:
  type: available
  fstype: ntfs

The following table describes the configurations of the StorageClasses.

YAML example Description

YAML example	Description
`kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: alicloud-disk-ssd-windows provisioner: alicloud/disk parameters: type: cloud_ssd fstype: ntfs + allowVolumeExpansion: true # useless`	Volume expansion is not supported in Windows. For example, the `allowVolumeExpansion: true` configuration of the StorageClass does not take effect.
`kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: alicloud-disk-ssd-windows provisioner: alicloud/disk parameters: type: cloud_ssd fstype: ntfs + reclaimPolicy: Retain # only unmount`	You can configure the `reclaimPolicy: Retain` reclaim policy to reduce the chances of accidental data loss by user errors.
`kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: alicloud-disk-ssd-windows provisioner: alicloud/disk parameters: type: cloud_ssd fstype: ntfs + regionId: cn-hangzhou + zoneId: cn-hangzhou-b`	If no region ID or zone ID is specified, the system may fail to mount the disk. You can set the `regionId` and `zoneId` parameters to prevent mounting errors.

  kind: StorageClass
  apiVersion: storage.k8s.io/v1
  metadata:
    name: alicloud-disk-ssd-windows
  provisioner: alicloud/disk
  parameters:
    type: cloud_ssd
    fstype: ntfs
+ allowVolumeExpansion: true # useless

Volume expansion is not supported in Windows. For example, the allowVolumeExpansion: true configuration of the StorageClass does not take effect.

  kind: StorageClass
  apiVersion: storage.k8s.io/v1
  metadata:
    name: alicloud-disk-ssd-windows
  provisioner: alicloud/disk
  parameters:
    type: cloud_ssd
    fstype: ntfs
+ reclaimPolicy: Retain # only unmount

You can configure the reclaimPolicy: Retain reclaim policy to reduce the chances of accidental data loss by user errors.

  kind: StorageClass
  apiVersion: storage.k8s.io/v1
  metadata:
    name: alicloud-disk-ssd-windows
  provisioner: alicloud/disk
  parameters:
    type: cloud_ssd
    fstype: ntfs
+   regionId: cn-hangzhou
+   zoneId: cn-hangzhou-b

If no region ID or zone ID is specified, the system may fail to mount the disk. You can set the regionId and zoneId parameters to prevent mounting errors.

Run the following command to create a StorageClass in the Windows environment:
```
kubectl create -f storageclass.yaml
```

Step 2: Install FlexVolume on Windows nodes

Use the following YAML template to create a flexvolume-windows.yaml file.

YAML example

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: flexvolume-windows
  name: flexvolume-windows
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-volume: flexvolume
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      metadata:
      labels:
        k8s-volume: flexvolume
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ""
    spec:
      tolerations:
      - operator: Exists
      /*since 1.18, we can specify "hostNetwork: true" for Windows workloads, so we can deploy an application without NetworkReady.*/
      hostNetwork: true
      priorityClassName: system-node-critical
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
              - key: beta.kubernetes.io/os
                operator: In
                values:
                - windows
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
              - key: kubernetes.io/os
                operator: In
                values:
                - windows
      containers:
      - name: acs-flexvolume
        command:
        - pwsh.exe
        - -NoLogo
        - -NonInteractive
        - -File
        - entrypoint.ps1
        /* Replace cn-hangzhou in the following image address with the region where your cluster is deployed. */
        image: registry-vpc.cn-hangzhou.aliyuncs.com/acs/flexvolume-windows:v1.0.0
        imagePullPolicy: Always
        volumeMounts:
        - name: host-flexvolume-binary
          mountPath: c:/host/usr/libexec/kubernetes/kubelet-plugins/volume/exec
        - name: host-flexvolume-socket
          mountPath: c:/host/etc/kubernetes/flexvolume/socket
        - name: host-log
          mountPath: c:/var/log/alicloud
        /*use managed addon token from Alibaba Cloud*/
        - name: managed-addon-token
          mountPath: c:/var/addon/
          readOnly: true
     /* or specify the customized access key of Alibaba Cloud*/
     /* - name: customized-access-key*/
     /*   mountPath: c:/host/etc/.volumeak*/
     /* env:*/
     /* - name: ACCESS_KEY_ID*/
     /*   value: ""*/
     /* - name: ACCESS_KEY_SECRET*/
     /*   value: ""*/
      volumes:
      - name: host-flexvolume-binary
        hostPath:
          path: c:/usr/libexec/kubernetes/kubelet-plugins/volume/exec
          type: DirectoryOrCreate
      - name: host-flexvolume-socket
        hostPath:
          path: c:/etc/kubernetes/flexvolume/socket
          type: DirectoryOrCreate
      - name: host-log
        hostPath:
          path: c:/var/log/alicloud
          type: DirectoryOrCreate
      - name: managed-addon-token
        secret:
          defaultMode: 420
          optional: true
          items:
          - key: addon.token.config
            path: token-config
          secretName: addon.csi.token
     /* - name: customized-access-key*/
     /*   hostPath:*/
     /*     path: c:/etc/.volumeak*/
     /*     type: DirectoryOrCreate*/

Run the following command to install FlexVolume on all of the Windows worker nodes:
```
kubectl create -f flexvolume-windows.yaml
```

After the DaemonSets are deployed, run the following command on a Windows node to query the status of the FlexVolume plug-in alicloud-disk-controller:

ls C:\usr\libexec\kubernetes\kubelet-plugins\volume\exec\alicloud~disk.exe\

Expected output:

Directory: C:\usr\libexec\kubernetes\kubelet-plugins\volume\exec\alicloud~disk.exe

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        8/12/2021   2:45 PM        5636096 disk.exe

Step 3: Create a disk volume and mount it to a Windows pod

A StatefulSet is used as an example. You can specify the required StorageClass in the volumeClaimTemplates field. Then, the FlexVolume plug-in on the Windows worker node automatically performs the following operations: verifies your credentials, creates a disk, attaches the disk to an ECS instance, and then creates and mounts a disk volume to a Windows pod.

YAML example

apiVersion: v1
kind: Service
metadata:
  labels:
    app: web-windows-disk
  name: web-windows-disk
spec:
  type: LoadBalancer
  ports:
    - port: 80
      protocol: TCP
      targetPort: 80
  selector:
    app: web-windows-disk
---
apiVersion: v1
kind: Service
metadata:
  name: web-windows-disk-headless
  labels:
    app: web-windows-disk
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  clusterIP: None
  selector:
    app: web-windows-disk
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web-windows-disk
spec:
  serviceName: "web-windows-disk-headless"
  selector:
    matchLabels:
      app: web-windows-disk
  replicas: 1
  template:
    metadata:
      labels:
        app: web-windows-disk
    spec:
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      tolerations:
      - key: os
        value: windows
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: beta.kubernetes.io/os
                operator: In
                values:
                - windows
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - windows
      containers:
      - name: windows
        /* Replace cn-hangzhou in the following image address with the region where your cluster is deployed. */
        image: registry-vpc.cn-hangzhou.aliyuncs.com/acs/sample-web-windows:v1.0.1
        volumeMounts:
          - name: ssd
            mountPath: c:/openresty/logs
  volumeClaimTemplates:
  - metadata:
      name: ssd
    spec:
      accessModes: 
      - ReadWriteOnce
      /* Specify the supported disk type based on the zone and region where your cluster is deployed. */
      storageClassName: alicloud-disk-ssd-windows
      resources:
        requests:
          storage: 50Gi

After the StatefulSet is deployed, run the following command to query the persistent volume (PV):

kubectl get pv

Expected output:

NAME                     STATUS   VOLUME                   CAPACITY   ACCESS MODES   STORAGECLASS                AGE
ssd-web-windows-disk-0   Bound    d-wz9dihqdkusysc56****   50Gi       RWO            alicloud-disk-ssd-windows   5s

Step 4: Verify that the disk volume can be used to persist data

PVs are used to persist data. The access log of a pod stored in a PV is retained after the pod is deleted.

Run the following command to access the deployed Window application web-windows-disk:

for i in {1..2}; do; curl $(kubectl get svc web-windows-disk --template '{{ (index .status.loadBalancer.ingress 0).ip }}'); done

Run the following command to print the log of the web-windows-disk-0 container:

kubectl logs web-windows-disk-0

Expected output:

openresty started...
x.x.x.x - - [14/Aug/2021:18:28:28 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:28:32 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"

Run the following command to delete the web-windows-disk-0 container:
```
kubectl delete pod web-windows-disk-0
```

Run the following command to access the redeployed Windows application web-windows-disk:

for i in {1..3}; do; curl $(kubectl get svc web-windows-disk --template '{{ (index .status.loadBalancer.ingress 0).ip }}'); done

Run the following command to print the log of the web-windows-disk-0 container:

kubectl logs web-windows-disk-0

Expected output:

openresty started...
x.x.x.x - - [14/Aug/2021:18:28:28 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:28:32 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
openresty started...
x.x.x.x - - [14/Aug/2021:18:56:40 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:56:40 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:56:41 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"

The log data of the redeployed web-windows-disk-0 container indicates that the log file is retained after the container for the web-windows-disk application is deleted.

Create and mount SMB volumes to Windows pods

Apsara File Storage NAS (NAS) is a distributed file system that is provided for ECS instances. NAS uses Portable Operating System Interface of UNIX (POSIX)-based APIs and is compatible with native operating systems. NAS provides shared access, ensures data consistency, and implements mutual exclusion by using locks.

SMB is a protocol that can be used by NAS and works well in Windows. Different from alicloud-disk-controller, the SMB FlexVolume plug-in is not reliant on Linux worker nodes or Kubernetes controllers.

If Kubernetes controllers are not used, the SMB FlexVolume plug-in can only statically provision PVs and cannot use StorageClasses to dynamically provision PVs.

Step 1: Install FlexVolume on Windows nodes

Install FlexVolume on all of the Windows worker nodes. For more information, see Step 2: Install FlexVolume on Windows nodes of Create and mount disk volumes to Windows pods.

Step 2: Create an SMB PV and mount the PV to a Windows pod

Create a PV.

Use the following YAML template to create a PV and a persistent volume claim (PVC), and apply for a NAS file system of 10 GiB in size.

YAML example

apiVersion: v1
kind: PersistentVolume
metadata:
  labels:
    alicloud-pvname: pv-smb-10g
  name: pv-smb-10g
spec:
  persistentVolumeReclaimPolicy: Retain
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 10Gi
  flexVolume:
    driver: alicloud/smb.exe
    options:
      server: 25f3f4819c-e****.cn-hangzhou.nas.aliyuncs.com
      path: /myshare/web-windows-logs
      user: workgroup/Administrator
      password: ******
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: web-windows-smb
spec:
  selector:
    matchLabels:
      alicloud-pvname: pv-smb-10g
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 10Gi

The following table describes some of the parameters in the template.


Parameter	Description
driver	The type of driver that is used to mount the PV. The value must be set to `alicloud/smb.exe`.
server	The mount address of the mount target that is added for the NAS file system. The region of the mount address must be the same as that of the virtual private cloud (VPC) where the Windows nodes are deployed.
path	The path where the NAS file system is mounted in the container. The path must start with /myshare/. This means that all the subdirectories are created under the parent directory /myshare/. Example: /myshare/web-windows-logs.
user	The username used to log on to the ECS instance. We recommend that you use workgroup/administrator.
password	The password used to log on to the ECS instance.

Use the following YAML template to create a Service and a Deployment, and mount the created PV.

YAML example

apiVersion: v1
kind: Service
metadata:
  labels:
    app: web-windows-smb
  name: web-windows-smb
spec:
  type: LoadBalancer
  ports:
    - port: 80
      protocol: TCP
      targetPort: 80
  selector:
    app: web-windows-smb
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-windows-smb
spec:
  selector:
    matchLabels:
      app: web-windows-smb
  replicas: 1
  template:
    metadata:
      labels:
        app: web-windows-smb
    spec:
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      tolerations:
      - key: os
        value: windows
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: beta.kubernetes.io/os
                operator: In
                values:
                - windows
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - windows
      containers:
      - name: windows
        /* Replace cn-hangzhou in the following image address with the region where your cluster is deployed. */
        image: registry-vpc.cn-hangzhou.aliyuncs.com/acs/sample-web-windows:v1.0.1
        volumeMounts:
          - name: disk-smb
            mountPath: c:/openresty/logs
      volumes:
      - name: disk-smb
        persistentVolumeClaim:
          claimName: web-windows-smb

After the Deployment is deployed, run the following commands to query the Deployment of the application and the PV.

Run the following command to query the Deployment:

kubectl get pod

Expected output:

NAME                               READY   STATUS              RESTARTS   AGE
web-windows-smb-584676df65-t4mmh   1/1     Running             0          26d

Run the following command to query the PV:

kubectl get pv

Expected output:

NAME         CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                       STORAGECLASS      REASON   AGE
pv-smb-10g   10Gi       ReadWriteMany  Retain           Bound       default/web-windows-smb                                10d

Step 4: Verify that the NAS file system can be used to persist data

PVs are used to persist data. The access log of a pod stored in a PV is retained after the pod is deleted.

Run the following command to access the deployed Windows application web-windows-smb:

for i in {1..2}; do; curl $(kubectl get svc web-windows-smb --template '{{ (index .status.loadBalancer.ingress 0).ip }}'); done

Run the following command to print the log of the web-windows-smb-584676df65-t4mmh container:

kubectl logs web-windows-smb-584676df65-t4mmh

Expected output:

openresty started...
x.x.x.x - - [14/Aug/2021:18:28:28 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:28:32 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"

Run the following command to delete the web-windows-smb-584676df65-t4mmh container:
```
kubectl delete pod web-windows-smb-584676df65-t4mmh
```

Run the following command to access the redeployed Windows application web-windows-smb:

for i in {1..3}; do; curl $(kubectl get svc web-windows-smb --template '{{ (index .status.loadBalancer.ingress 0).ip }}'); done

Run the following command to query the pod:

kubectl get pod

Expected output:

NAME                               READY   STATUS              RESTARTS   AGE
web-windows-smb-584676df65-87bpz   1/1     Running             0          26d

Run the following command to print the log of the web-windows-smb-584676df65-87bpz container:

kubectl logs web-windows-smb-584676df65-87bpz

Expected output:

openresty started...
x.x.x.x - - [14/Aug/2021:18:28:28 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:28:32 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
openresty started...
x.x.x.x - - [14/Aug/2021:18:56:40 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:56:40 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"
x.x.x.x - - [14/Aug/2021:18:56:41 +0800] "GET / HTTP/1.1" 200 674 "-" "curl/7.64.1"

The log data of the redeployed web-windows-smb-**** container indicates that the log file is retained after the web-windows-smb-584676df65-t4mmh container is deleted.