All Products
Search

This Product

    Container Service for Kubernetes:Use CNFS to manage NAS file systems

    Document Center

    Container Service for Kubernetes:Use CNFS to manage NAS file systems

    Last Updated:Apr 10, 2024

    Container Network File System (CNFS) creates Kubernetes CustomResourceDefinitions (CRDs) for Alibaba Cloud file stores and allows you to manage them separately. You can create, delete, describe, mount, monitor, and expand these CRDs. To improve the performance of Apsara File Storage NAS (NAS) file systems, you can use CNFS to achieve independent management of NAS file systems. This topic describes how to use CNFS to manage NAS file systems and how to use CNFS to mount volumes to workloads.

    Prerequisites

    • A Container Service for Kubernetes (ACK) cluster is created. The Container Storage Interface (CSI) plug-in is used as the volume plug-in. For more information, see Create an ACK managed cluster.

    • The versions of csi-plugin and csi-provisioner are 1.20.5-ff6490f-aliyun or later. For more information about how to update csi-plugin and csi-provisioner, see Update csi-plugin and csi-provisioner.

    • The version of storage-operator is 1.18.8.56-2aa33ba-aliyun or later. For more information about how to update storage-operator, see Manage components.

    • A kubectl client is connected to your cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.

    • Only General-purpose NAS file systems are supported. Extreme NAS file systems are not supported. To use Key Management Service (KMS) to encrypt NAS file systems, activate KMS first. For more information, see Activate KMS.

    Overview

    You can use CNFS to manage NAS file systems by using one of the following methods:

    Method 1: Use CNFS to create a default NAS file system

    Use the following template to create a default CNFS file system and mount a dynamically provisioned NAS volume to the automatically created NAS file system. Then, mount the dynamically provisioned NAS volume to a Deployment and a StatefulSet at the same time. 

    # Create the following objects: a CNFS, a StorageClass, a Deployment, and a StatefulSet. 
cat << EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain # Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained. 
  parameters:
    encryptType: SSE-KMS # This parameter is optional. If you leave this parameter empty, the created NAS file system is not encrypted. A value of SSE-KMS indicates that the created NAS file system is encrypted by KMS. 
    enableTrashCan: "true" # This parameter is optional. If you leave this parameter empty, the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled. 
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alibabacloud-cnfs-nas
mountOptions:
  - nolock,tcp,noresvport
  - vers=3
parameters:
  volumeAs: subpath
  containerNetworkFileSystem: cnfs-nas-filesystem
  path: "/"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain
allowVolumeExpansion: true # This parameter is optional. A value of true indicates that the NAS file system can be expanded. 
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: cnfs-nas-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alibabacloud-cnfs-nas
  resources:
    requests:
      storage: 70Gi # If you enable the directory quota feature, the storage field takes effect. A value of 70Gi indicates that the maximum size of data that can be written into a dynamically created directory is 70 GiB. 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cnfs-nas-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: cnfs-nas-pvc
      volumes:
      - name: cnfs-nas-pvc
        persistentVolumeClaim:
          claimName: cnfs-nas-pvc
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: cnfs-nas-sts
  labels:
    app: nginx
spec:
  serviceName: "nginx"
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: www
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "alibabacloud-cnfs-nas"
      resources:
        requests:
          storage: 50Gi # If you enable the directory quota feature, the storage field takes effect. A value of 50Gi indicates that the maximum size of data that can be written into a dynamically created directory is 50 GiB. 
EOF
    Important

    Create a Capacity NAS file system or Performance NAS file system in the virtual private cloud (VPC) where the cluster is deployed. Extreme NAS file systems are not supported. If the region of the cluster does not support NAS file systems of the NAS Capacity type, a NAS file system of the NAS Performance type is created. By default, the created NAS file system is not encrypted.

    Method 2: Use CNFS to create a custom NAS file system

    Use CNFS to create a custom NAS file system and use a statically or dynamically provisioned NAS volume to mount the created custom NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.

    1. Create a custom NAS file system.

      1. Run the following command to create a custom file system: 

        cat <<EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain
  parameters:
    filesystemType: standard
    storageType: Capacity
    protocolType: NFS
    encryptType: SSE-KMS
    enableTrashCan: "true"
    trashCanReservedDays: "5"
    vSwitchId: vsw-2ze9l3ppwzg6bl02j****
EOF

        Parameter

        Description

        description

        The description of the file system.

        type

        The type of the volume that you want to create.

        reclaimPolicy

        The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.

        parameters.filesystemType

        The type of the file system. Default value: standard. The default value indicates the General-purpose NAS type.

        parameters.storageType

        The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.

        parameters.protocolType

        The Network File System (NFS) protocol is used. Only NFSv3 is supported.

        parameters.encryptType

        The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.

        parameters.enableTrashCan

        Specifies whether to enable the recycle bin feature. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.

        parameters.trashCanReservedDays

        The maximum number of days that the files in the recycle bin are retained. Default value: 7. In this example, trashCanReservedDays: 5 is used, which indicates that the files in the recycle bin are retained for up to five days.

        parameters.vSwitchId

        The ID of the vSwitch that is used by the created NAS file system.

      2. Run the following command to query the created NAS file system: 

        kubectl get cnfs

        Expected output:

        NAME                  AGE
cnfs-nas-filesystem   6d

      3. Run the following command to query the details about the NAS file system: 

        kubectl get cnfs/cnfs-nas-filesystem -o yaml

        Expected output:

        apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"storage.alibabacloud.com/v1beta1","kind":"ContainerNetworkFileSystem","metadata":{"annotations":{},"name":"nas-load-mount-target"},"spec":{"description":"filesystem4","parameters":{"filesystemId":"17f7e4****","server":"17f7e4****-h****.cn-beijing.nas.aliyuncs.com"},"reclaimPolicy":"Retain","type":"nas"}}
  creationTimestamp: "2021-05-14T08:20:09Z"
  finalizers:
  - protection.alibabacloud.com/cnfs
  generation: 6
  name: cnfs-nas-filesystem
  resourceVersion: "122342382"
  selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target
  uid: a9e9650c-68b2-405b-8274-0f5b6063****
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain
  parameters:
    filesystemType: standard
    storageType: Capacity
    protocolType: NFS
    encryptType: SSE-KMS
    vSwitchId: vsw-XXX
    enableTrashCan: "true"
status:
  conditions:
  - lastProbeTime: "2021-05-14 16:20:15"
    reason: The nas filesystem and mount target complete initialization.
    status: Ready
  fsAttributes:
    accessGroupName: DEFAULT_VPC_GROUP_NAME
    encryptType: SSE-KMS
    enableTrashCan: "true"
    filesystemId: 17f7e48ece
    filesystemType: standard
    protocolType: NFS
    regionId: cn-beijing
    server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com
    storageType: Capacity
    vSwitchId: vsw-2ze9l3ppwzg6bl02j****
    vpcId: vpc-2ze9sgmehjvwv5x74****
    zoneId: cn-beijing-h
  status: Available

        Parameter

        Description

        status

        The status of the CNFS. Valid values: Pending, Creating, Initialization, Available, Unavailable, Fatal, and Terminating.

        conditions.lastProbeTime

        The time when the last probe was sent.

        conditions.reason

        The reason for the current state.

        conditions.status

        Indicates whether the file system is ready. Valid values: Ready and NotReady.

        fsAttributes.accessGroupName

        The name of the permission group used by the mount target. Set the value to DEFAULT_VPC_GROUP_NAME. This indicates the default permission group for VPCs.

        fsAttributes.encryptType

        The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.

        fsAttributes.enableTrashCan

        Indicates whether the recycle bin feature is enabled. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.

        fsAttributes.filesystemId

        The ID of the file system.

        fsAttributes.filesystemType

        The type of the file system. Default value: standard. The default value indicates the General-purpose NAS type.

        fsAttributes.protocolType

        The file transfer protocol. NFS is supported.

        fsAttributes.regionId

        The region to which the CNFS file system belongs.

        fsAttributes.server

        The domain name of the mount target of the CNFS file system.

        fsAttributes.storageType

        The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.

        fsAttributes.vSwitchId

        The vSwitch used by the CNFS file system.

        fsAttributes.vpcId

        The VPC to which the CNFS file system belongs.

        fsAttributes.zoneId

        The zone to which the CNFS file system belongs.

    2. Create a persistent volume (PV) and associate it with the NAS file system.

      Create a statically provisioned PV or a dynamic StorageClass that is associated with the NAS file system.

      • Create a statically provisioned PV.

        1. Use the following template to create a statically provisioned PV and associate it with the NAS file system: 

          cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
  name: cnfs-nas-pv
  labels:
    alicloud-pvname: cnfs-nas-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  csi:
    driver: nasplugin.csi.alibabacloud.com
    volumeHandle: cnfs-nas-pv # The value must be the same as the PV name. 
    volumeAttributes:
      containerNetworkFileSystem: cnfs-nas-filesystem
      path: "/"
  mountOptions:
    - nolock,tcp,noresvport
    - vers=3
EOF

          Parameter

          Description

          containerNetworkFileSystem

          The name of the CNFS file system that you want to use.

          path

          The path of the CNFS file system used by the PV.

        2. Run the following command to check whether the PV is created: 

          kubectl get pv

          Expected output:

          NAME          CAPACITY   ACCESS MODES     RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
cnfs-nas-pv   5Gi        RWX              Retain           Available                                   4s

      • Create a dynamic StorageClass.

        Use the following template to create a dynamic StorageClass and associate it with the NAS file system: 

        cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alibabacloud-nas-cnfs
mountOptions:
  - nolock,tcp,noresvport
  - vers=3
parameters:
  volumeAs: subpath
  containerNetworkFileSystem: nas-load-mount-target
  path: "/"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain
allowVolumeExpansion: true
EOF
        Note

        allowVolumeExpansion specifies whether to enable the Quota feature and volume expansion. Valid values: true and false.

    3. Create a persistent volume claim (PVC).

      1. Use the following template to create a PVC that is used to mount the NAS file system: 

        cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cnfs-nas-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alibabacloud-nas-cnfs
  resources:
    requests:
      storage: 70Gi
EOF

    4. Create an application.

      1. Use the following template to create an application that uses the PVC: 

        cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cnfs-nas-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:1.14.2
          ports:
            - containerPort: 80
          volumeMounts:
            - name: cnfs-nas-pvc
              mountPath: "/data"
      volumes:
        - name: cnfs-nas-pvc
          persistentVolumeClaim:
            claimName: cnfs-nas-pvc
EOF

      2. Run the following command to query the status of the application: 

        kubectl get pod

        Expected output:

        NAME                             READY   STATUS    RESTARTS   AGE
cnfs-nas-deployment-86959b****   1/1     Running   0          2s

        The output shows that the created Deployment is in the Running state. This means that the CNFS file system is used by the Deployment.

    Method 3: Create a CNFS file system by using an existing NAS file system

    Use CNFS to configure an existing NAS file system and use a statically or dynamically provisioned NAS volume to mount the existing NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.

    1. Create a CNFS file system by using an existing NAS file system.

      1. Use the following template to create a CNFS file system based on an existing NAS file system: 

        # Load the existing NAS file system. 
cat <<EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain
  parameters:
    server: 17f7e4****-h****.cn-beijing.nas.aliyuncs.com
EOF

        Parameter

        Description

        description

        The description of the file system.

        type

        The type of the volume that you want to create.

        reclaimPolicy

        The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.

        parameters.server

        The URL of the mount target of the NAS file system.

      2. Run the following command to query the NAS file system: 

        kubectl get cnfs

        Expected output:

        NAME                  AGE
cnfs-nas-filesystem   6d

      3. Run the following command to query the details about the NAS file system: 

        kubectl get cnfs/cnfs-nas-filesystem -o yaml

        Expected output:

        apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"storage.alibabacloud.com/v1beta1","kind":"ContainerNetworkFileSystem","metadata":{"annotations":{},"name":"nas-load-mount-target"},"spec":{"description":"filesystem4","parameters":{"filesystemId":"17f7e4****","server":"17f7e48ece-h****.cn-beijing.nas.aliyuncs.com"},"reclaimPolicy":"Retain","type":"nas"}}
  creationTimestamp: "2021-05-14T08:20:09Z"
  finalizers:
  - protection.alibabacloud.com/cnfs
  generation: 6
  name: cnfs-nas-filesystem
  resourceVersion: "122342382"
  selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target
  uid: a9e9650c-68b2-405b-8274-0f5b6063****
spec:
  description: cnfs
  parameters:
    server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com
  reclaimPolicy: Retain
  type: nas
status:
  conditions:
  - lastProbeTime: "2021-05-14 16:20:15"
    reason: The nas filesystem and mount target complete initialization.
    status: Ready
  fsAttributes:
    accessGroupName: DEFAULT_VPC_GROUP_NAME
    encryptType: None
    enableTrashCan: "true"
    filesystemId: 17f7e4****
    filesystemType: standard
    protocolType: NFS
    regionId: cn-beijing
    server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com
    storageType: Capacity
    vSwitchId: vsw-2ze9l3ppwzg6bl02j****
    vpcId: vpc-2ze9sgmehjvwv5x74****
    zoneId: cn-beijing-h
  status: Available

    2. Use CNFS to create a NAS volume. For more information, see Step 2 to Step 4 in Method 2: Use CNFS to create a custom NAS file system.

    What to do next

    For more information about how to monitor NAS resources on the node side, see Examples of monitoring NAS file systems.