Use CNFS to manage NAS file systems - User Guide for Kubernetes Clusters| Alibaba Cloud Documentation Center

To improve the performance of Apsara File Storage NAS (NAS) file systems, Container Service for Kubernetes (ACK) uses Container Network File System (CNFS) to achieve independent management of NAS file systems. This topic describes how to use CNFS to manage NAS file systems and how to use CNFS to mount volumes to workloads.

Prerequisites

An ACK cluster is created. The Container Storage Interface (CSI) plug-in is used as the volume plug-in. For more information, see Create an ACK managed cluster.
The versions of csi-plugin and csi-provisioner are 1.20.5-ff6490f-aliyun or later. For more information about how to upgrade csi-plugin and csi-provisioner, see Upgrade CSI-Plugin and CSI-Provisioner.
The version of storage-operator is 1.18.8.56-2aa33ba-aliyun or later. For more information about how to upgrade storage-operator, see Manage system components.
A kubectl client is connected to the cluster. For more information, see Connect to ACK clusters by using kubectl.
To use Key Management Service (KMS) to encrypt NAS file systems, activate KMS first. For more information, see Activate KMS.

Features

You can use CNFS to manage NAS file systems by using one of the following methods:

Method 1: Use CNFS to create a default NAS file system
Create a default CNFS file system and use a dynamically provisioned NAS volume to mount the automatically created NAS file system. Then, mount the dynamically provisioned NAS volume to a Deployment and a StatefulSet at the same time.
Method 2: Use CNFS to create a custom NAS file system
Use CNFS to create a custom NAS file system and use a statically or dynamically provisioned NAS volume to mount the created custom NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.
Method 3: Create a CNFS file system by using an existing NAS file system
Use CNFS to configure an existing NAS file system and use a statically or dynamically provisioned NAS volume to mount the existing NAS file system. Then, you can mount the statically or dynamically provisioned NAS volume to a Deployment.

Method 1: Use CNFS to create a default NAS file system

Use the following template to create a default CNFS file system and mount a dynamically provisioned NAS volume to the automatically created NAS file system. Then, mount the dynamically provisioned NAS volume to a Deployment and a StatefulSet at the same time.

# Create the following objects: a CNFS, a StorageClass, a Deployment, and a StatefulSet. 
cat << EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain # Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained. 
  parameters:
    encryptType: SSE-KMS # This parameter is optional. If you leave this parameter empty, the created NAS file system is not encrypted. A value of SSE-KMS indicates that the created NAS file system is encrypted by KMS. 
    enableTrashCan: "true" # This parameter is optional. If you leave this parameter empty, the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled. 
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alibabacloud-cnfs-nas
mountOptions:
  - nolock,tcp,noresvport
  - vers=3
parameters:
  volumeAs: subpath
  containerNetworkFileSystem: cnfs-nas-filesystem
  path: "/"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain
allowVolumeExpansion: true # This parameter is optional. A value of true indicates that the NAS file system can be expanded. 
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: cnfs-nas-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alibabacloud-cnfs-nas
  resources:
    requests:
      storage: 70Gi # If you enable the directory quota feature, the storage field takes effect. A value of 70Gi indicates that the maximum size of data that can be written into a dynamically created directory is 70 GiB. 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cnfs-nas-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: cnfs-nas-pvc
      volumes:
      - name: cnfs-nas-pvc
        persistentVolumeClaim:
          claimName: cnfs-nas-pvc
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: cnfs-nas-sts
  labels:
    app: nginx
spec:
  serviceName: "nginx"
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: www
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "alibabacloud-cnfs-nas"
      resources:
        requests:
          storage: 50Gi # If you enable the directory quota feature, the storage field takes effect. A value of 50Gi indicates that the maximum size of data that can be written into a dynamically created directory is 50 GiB. 
EOF

Notice The NAS file system is created in the virtual private cloud (VPC) where the cluster is deployed. If the region of the cluster does not support NAS file systems of the NAS Capacity type, a NAS file system of the NAS Performance type is created. By default, the created NAS file system is not encrypted.

Method 2: Use CNFS to create a custom NAS file system

Use CNFS to create a custom NAS file system and use a statically or dynamically provisioned NAS volume to mount the created custom NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.

Create a custom NAS file system.

Run the following command to create a custom file system:

cat <<EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain
  parameters:
    filesystemType: standard
    storageType: Capacity
    protocolType: NFS
    encryptType: SSE-KMS
    enableTrashCan: "true"
    trashCanReservedDays: "5"
    vSwitchId: vsw-2ze9l3ppwzg6bl02j****
EOF


Parameter	Description
description	The description of the NAS file system.
type	The type of the volume that you want to create.
reclaimPolicy	The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.
parameters.filesystemType	The type of the NAS file system. Default value: standard. The default value indicates the General-purpose NAS type.
parameters.storageType	The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.
parameters.protocolType	The Network File System (NFS) protocol that is used. Only NFSv3 is supported.
parameters.encryptType	The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.
parameters.enableTrashCan	Specifies whether to enable the recycle bin feature. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.
parameters.trashCanReservedDays	The maximum number of days that the files in the recycle bin are retained. Default value: 7. In this example, `trashCanReservedDays: 5` is used, which indicates that the files in the recycle bin are retained for up to five days.
parameters.vSwitchId	The ID of the vSwitch that is used by the created NAS file system.

Run the following command to query the created NAS file system:
```
kubectl get cnfs
```
Expected output:
```
NAME                  AGE
cnfs-nas-filesystem   6d
```

Run the following command to query the details about the NAS file system:

kubectl get cnfs/cnfs-nas-filesystem -o yaml

Expected output:

apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      null
  creationTimestamp: "2021-05-14T08:20:09Z"
  finalizers:
  - protection.alibabacloud.com/cnfs
  generation: 6
  name: cnfs-nas-filesystem
  resourceVersion: "122342382"
  selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target
  uid: a9e9650c-68b2-405b-8274-0f5b6063****
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain
  parameters:
    filesystemType: standard
    storageType: Capacity
    protocolType: NFS
    encryptType: SSE-KMS
    vSwitchId: vsw-XXX
    enableTrashCan: "true"
status:
  conditions:
  - lastProbeTime: "2021-05-14 16:20:15"
    reason: The nas filesystem and mount target complete initialization.
    status: Ready
  fsAttributes:
    accessGroupName: DEFAULT_VPC_GROUP_NAME
    encryptType: SSE-KMS
    enableTrashCan: "true"
    filesystemId: 17f7e48ece
    filesystemType: standard
    protocolType: NFS
    regionId: cn-beijing
    server: 17f7e48ece-hlm35.cn-beijing.nas.aliyuncs.com
    storageType: Capacity
    vSwitchId: vsw-2ze9l3ppwzg6bl02j****
    vpcId: vpc-2ze9sgmehjvwv5x74****
    zoneId: cn-beijing-h
  status: Available


Parameter	Description
status	The status of CNFS. Valid values: Pending, Creating, Initialization, Available, Unavailable, Fatal, and Terminating.
conditions.lastProbeTime	The time when the last probe was sent.
conditions.reason	The reason for the current status.
conditions.status	Indicates whether the file system is ready. Valid values: Ready and NotReady.
fsAttributes.accessGroupName	The name of the permission group used by the mount target. Set the value to DEFAULT_VPC_GROUP_NAME. This indicates the default permission group for VPCs.
fsAttributes.encryptType	The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.
fsAttributes.enableTrashCan	Specifies whether to enable the recycle bin feature. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.
fsAttributes.filesystemId	The ID of the file system.
fsAttributes.filesystemType	The type of the NAS file system. Default value: standard. The default value indicates the General-purpose NAS type.
fsAttributes.protocolType	The file transfer protocol. NFS is supported.
fsAttributes.regionId	The region to which the CNFS file system belongs.
fsAttributes.server	The domain name of the mount target of the CNFS file system.
fsAttributes.storageType	The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.
fsAttributes.vSwitchId	The vSwitch used by the CNFS file system.
fsAttributes.vpcId	The VPC to which the CNFS file system belongs.
fsAttributes.zoneId	The zone to which the CNFS file system belongs.

Create a persistent volume (PV) and associate it with the NAS file system.

Create a statically or dynamically provisioned PV and associate it with the NAS file system:

Create a statically provisioned PV.

Use the following template to create a statically provisioned PV and associate it with the NAS file system:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
  name: cnfs-nas-pv
  labels:
    alicloud-pvname: cnfs-nas-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  csi:
    driver: nasplugin.csi.alibabacloud.com
    volumeHandle: cnfs-nas-pv # The value must be the same as the PV name.
    volumeAttributes:
      containerNetworkFileSystem: cnfs-nas-filesystem
      path: "/"
      mode: "644"
  mountOptions:
    - nolock,tcp,noresvport
    - vers=3
EOF


Parameter	Description
containerNetworkFileSystem	The name of the CNFS file system that you want to use.
path	The path of the CNFS file system used by the PV.

Run the following command to check whether the PV is created:

kubectl get pv

Expected output:

NAME          CAPACITY   ACCESS MODES     RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
cnfs-nas-pv   5Gi        RWX              Retain           Available                                   4s

Create a dynamically provisioned PV.

Use the following template to create a dynamically provisioned PV and associate it with the NAS file system:

cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alibabacloud-nas-cnfs
mountOptions:
  - nolock,tcp,noresvport
  - vers=3
parameters:
  volumeAs: subpath
  containerNetworkFileSystem: nas-load-mount-target
  path: "/"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain
allowVolumeExpansion: true
EOF

Note The valid values of allowVolumeExpansion are true and false. This parameter specifies whether the PV is expandable and the volume quota is enabled.

Run the following command to check whether the PV is created:

kubectl get pv

Expected output:

NAME          CAPACITY   ACCESS MODES     RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
cnfs-nas-pv   5Gi        RWX              Retain           Available                                   4s

Create a persistent volume claim (PVC).

Use the following template to create a PVC that is used to mount the NAS file system:

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: cnfs-nas-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alibabacloud-nas-cnfs
  resources:
    requests:
      storage: 70Gi
EOF

Create an application.

Use the following template to create an application that uses the PVC:

cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cnfs-nas-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:1.14.2
          ports:
            - containerPort: 80
          volumeMounts:
            - name: cnfs-nas-pvc
              mountPath: "/data"
      volumes:
        - name: cnfs-nas-pvc
          persistentVolumeClaim:
            claimName: cnfs-nas-pvc
EOF

Run the following command to query the status of the application:
```
kubectl get pod
```
Expected output:
```
NAME                             READY   STATUS    RESTARTS   AGE
cnfs-nas-deployment-86959b****   1/1     Running   0          2s
```
The output shows that the created Deployment is in the Running state. This means that the CNFS file system is used by the Deployment.

Method 3: Create a CNFS file system by using an existing NAS file system

Use CNFS to configure an existing NAS file system and use a statically or dynamically provisioned NAS volume to mount the existing NAS file system. Then, you can mount the statically or dynamically provisioned NAS volume to a Deployment.

Create a CNFS file system by using an existing NAS file system.

Use the following template to create a CNFS file system by using an existing NAS file system:

# Load the existing NAS file system.
cat <<EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain
  parameters:
    server: 17f7e4****-hlm35.cn-beijing.nas.aliyuncs.com
EOF


Parameter	Description
description	The description of the NAS file system.
type	The type of the volume that you want to create.
reclaimPolicy	The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.
parameters.server	The URL of the mount target of the NAS file system.

Run the following command to query the NAS file system:
```
kubectl get cnfs
```
Expected output:
```
NAME                  AGE
cnfs-nas-filesystem   6d
```

Run the following command to query the details about the NAS file system:

kubectl get cnfs/cnfs-nas-filesystem -o yaml

Expected output:

apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      null
  creationTimestamp: "2021-05-14T08:20:09Z"
  finalizers:
  - protection.alibabacloud.com/cnfs
  generation: 6
  name: cnfs-nas-filesystem
  resourceVersion: "122342382"
  selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target
  uid: a9e9650c-68b2-405b-8274-0f5b6063****
spec:
  description: cnfs
  parameters:
    server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com
  reclaimPolicy: Retain
  type: nas
status:
  conditions:
  - lastProbeTime: "2021-05-14 16:20:15"
    reason: The nas filesystem and mount target complete initialization.
    status: Ready
  fsAttributes:
    accessGroupName: DEFAULT_VPC_GROUP_NAME
    encryptType: None
    enableTrashCan: "true"
    filesystemId: 17f7e4****
    filesystemType: standard
    protocolType: NFS
    regionId: cn-beijing
    server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com
    storageType: Capacity
    vSwitchId: vsw-2ze9l3ppwzg6bl02j****
    vpcId: vpc-2ze9sgmehjvwv5x74****
    zoneId: cn-beijing-h
  status: Available

Use the CNFS file system in NAS volumes. For more information, see Step 2 to Step 4 in Method 2: Use CNFS to create a custom NAS file system.

What to do next

For more information about how to monitor NAS resources at the node side, see Examples of monitoring NAS file systems.