Container Network File System (CNFS) creates Kubernetes CustomResourceDefinitions (CRDs) for Alibaba Cloud file stores and allows you to manage them separately. You can create, delete, describe, mount, monitor, and expand these CRDs. To improve the performance of Apsara File Storage NAS (NAS) file systems, you can use CNFS to achieve independent management of NAS file systems. This topic describes how to use CNFS to manage NAS file systems and how to use CNFS to mount volumes to workloads.
Prerequisites
A Container Service for Kubernetes (ACK) cluster is created. The Container Storage Interface (CSI) plug-in is used as the volume plug-in. For more information, see Create an ACK managed cluster.
The versions of csi-plugin and csi-provisioner are 1.20.5-ff6490f-aliyun or later. For more information about how to update csi-plugin and csi-provisioner, see Update csi-plugin and csi-provisioner.
The version of storage-operator is 1.18.8.56-2aa33ba-aliyun or later. For more information about how to update storage-operator, see Manage components.
A kubectl client is connected to your cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.
Only General-purpose NAS file systems are supported. Extreme NAS file systems are not supported. To use Key Management Service (KMS) to encrypt NAS file systems, activate KMS first. For more information, see Activate KMS.
Overview
You can use CNFS to manage NAS file systems by using one of the following methods:
Method 1: Use CNFS to create a default NAS file system
Create a default CNFS file system and use a dynamically provisioned NAS volume to mount the automatically created NAS file system. Then, mount the dynamically provisioned NAS volume to a Deployment and a StatefulSet at the same time.
Method 2: Use CNFS to create a custom NAS file system
Use CNFS to create a custom NAS file system and use a statically or dynamically provisioned NAS volume to mount the created custom NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.
Method 3: Create a CNFS file system by using an existing NAS file system
Use CNFS to configure an existing NAS file system and use a statically or dynamically provisioned NAS volume to mount the existing NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.
Method 1: Use CNFS to create a default NAS file system
Use the following template to create a default CNFS file system and mount a dynamically provisioned NAS volume to the automatically created NAS file system. Then, mount the dynamically provisioned NAS volume to a Deployment and a StatefulSet at the same time.
# Create the following objects: a CNFS, a StorageClass, a Deployment, and a StatefulSet.
cat << EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
name: cnfs-nas-filesystem
spec:
description: "cnfs"
type: nas
reclaimPolicy: Retain # Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.
parameters:
encryptType: SSE-KMS # This parameter is optional. If you leave this parameter empty, the created NAS file system is not encrypted. A value of SSE-KMS indicates that the created NAS file system is encrypted by KMS.
enableTrashCan: "true" # This parameter is optional. If you leave this parameter empty, the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: alibabacloud-cnfs-nas
mountOptions:
- nolock,tcp,noresvport
- vers=3
parameters:
volumeAs: subpath
containerNetworkFileSystem: cnfs-nas-filesystem
path: "/"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain
allowVolumeExpansion: true # This parameter is optional. A value of true indicates that the NAS file system can be expanded.
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: cnfs-nas-pvc
spec:
accessModes:
- ReadWriteMany
storageClassName: alibabacloud-cnfs-nas
resources:
requests:
storage: 70Gi # If you enable the directory quota feature, the storage field takes effect. A value of 70Gi indicates that the maximum size of data that can be written into a dynamically created directory is 70 GiB.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: cnfs-nas-deployment
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
volumeMounts:
- mountPath: "/data"
name: cnfs-nas-pvc
volumes:
- name: cnfs-nas-pvc
persistentVolumeClaim:
claimName: cnfs-nas-pvc
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: cnfs-nas-sts
labels:
app: nginx
spec:
serviceName: "nginx"
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
volumeMounts:
- mountPath: "/data"
name: www
volumeClaimTemplates:
- metadata:
name: www
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: "alibabacloud-cnfs-nas"
resources:
requests:
storage: 50Gi # If you enable the directory quota feature, the storage field takes effect. A value of 50Gi indicates that the maximum size of data that can be written into a dynamically created directory is 50 GiB.
EOF
Create a Capacity NAS file system or Performance NAS file system in the virtual private cloud (VPC) where the cluster is deployed. Extreme NAS file systems are not supported. If the region of the cluster does not support NAS file systems of the NAS Capacity type, a NAS file system of the NAS Performance type is created. By default, the created NAS file system is not encrypted.
Method 2: Use CNFS to create a custom NAS file system
Use CNFS to create a custom NAS file system and use a statically or dynamically provisioned NAS volume to mount the created custom NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.
Create a custom NAS file system.
Run the following command to create a custom file system:
cat <<EOF | kubectl apply -f - apiVersion: storage.alibabacloud.com/v1beta1 kind: ContainerNetworkFileSystem metadata: name: cnfs-nas-filesystem spec: description: "cnfs" type: nas reclaimPolicy: Retain parameters: filesystemType: standard storageType: Capacity protocolType: NFS encryptType: SSE-KMS enableTrashCan: "true" trashCanReservedDays: "5" vSwitchId: vsw-2ze9l3ppwzg6bl02j**** EOF
Parameter
Description
description
The description of the file system.
type
The type of the volume that you want to create.
reclaimPolicy
The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.
parameters.filesystemType
The type of the file system. Default value: standard. The default value indicates the General-purpose NAS type.
parameters.storageType
The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.
parameters.protocolType
The Network File System (NFS) protocol is used. Only NFSv3 is supported.
parameters.encryptType
The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.
parameters.enableTrashCan
Specifies whether to enable the recycle bin feature. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.
parameters.trashCanReservedDays
The maximum number of days that the files in the recycle bin are retained. Default value: 7. In this example,
trashCanReservedDays: 5
is used, which indicates that the files in the recycle bin are retained for up to five days.parameters.vSwitchId
The ID of the vSwitch that is used by the created NAS file system.
Run the following command to query the created NAS file system:
kubectl get cnfs
Expected output:
NAME AGE cnfs-nas-filesystem 6d
Run the following command to query the details about the NAS file system:
kubectl get cnfs/cnfs-nas-filesystem -o yaml
Expected output:
apiVersion: storage.alibabacloud.com/v1beta1 kind: ContainerNetworkFileSystem metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"storage.alibabacloud.com/v1beta1","kind":"ContainerNetworkFileSystem","metadata":{"annotations":{},"name":"nas-load-mount-target"},"spec":{"description":"filesystem4","parameters":{"filesystemId":"17f7e4****","server":"17f7e4****-h****.cn-beijing.nas.aliyuncs.com"},"reclaimPolicy":"Retain","type":"nas"}} creationTimestamp: "2021-05-14T08:20:09Z" finalizers: - protection.alibabacloud.com/cnfs generation: 6 name: cnfs-nas-filesystem resourceVersion: "122342382" selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target uid: a9e9650c-68b2-405b-8274-0f5b6063**** spec: description: "cnfs" type: nas reclaimPolicy: Retain parameters: filesystemType: standard storageType: Capacity protocolType: NFS encryptType: SSE-KMS vSwitchId: vsw-XXX enableTrashCan: "true" status: conditions: - lastProbeTime: "2021-05-14 16:20:15" reason: The nas filesystem and mount target complete initialization. status: Ready fsAttributes: accessGroupName: DEFAULT_VPC_GROUP_NAME encryptType: SSE-KMS enableTrashCan: "true" filesystemId: 17f7e48ece filesystemType: standard protocolType: NFS regionId: cn-beijing server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com storageType: Capacity vSwitchId: vsw-2ze9l3ppwzg6bl02j**** vpcId: vpc-2ze9sgmehjvwv5x74**** zoneId: cn-beijing-h status: Available
Parameter
Description
status
The status of the CNFS. Valid values: Pending, Creating, Initialization, Available, Unavailable, Fatal, and Terminating.
conditions.lastProbeTime
The time when the last probe was sent.
conditions.reason
The reason for the current state.
conditions.status
Indicates whether the file system is ready. Valid values: Ready and NotReady.
fsAttributes.accessGroupName
The name of the permission group used by the mount target. Set the value to DEFAULT_VPC_GROUP_NAME. This indicates the default permission group for VPCs.
fsAttributes.encryptType
The encryption method. A value of None indicates that the NAS file system is not encrypted. A value of SSE-KMS indicates that the NAS file system is encrypted by using KMS on the NAS server.
fsAttributes.enableTrashCan
Indicates whether the recycle bin feature is enabled. A value of false indicates that the recycle bin feature is disabled. A value of true indicates that the recycle bin feature is enabled.
fsAttributes.filesystemId
The ID of the file system.
fsAttributes.filesystemType
The type of the file system. Default value: standard. The default value indicates the General-purpose NAS type.
fsAttributes.protocolType
The file transfer protocol. NFS is supported.
fsAttributes.regionId
The region to which the CNFS file system belongs.
fsAttributes.server
The domain name of the mount target of the CNFS file system.
fsAttributes.storageType
The storage type. If you set filesystemType to standard, the valid values are Performance and Capacity.
fsAttributes.vSwitchId
The vSwitch used by the CNFS file system.
fsAttributes.vpcId
The VPC to which the CNFS file system belongs.
fsAttributes.zoneId
The zone to which the CNFS file system belongs.
Create a persistent volume (PV) and associate it with the NAS file system.
Create a statically provisioned PV or a dynamic StorageClass that is associated with the NAS file system.
Create a statically provisioned PV.
Use the following template to create a statically provisioned PV and associate it with the NAS file system:
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: PersistentVolume metadata: name: cnfs-nas-pv labels: alicloud-pvname: cnfs-nas-pv spec: capacity: storage: 5Gi accessModes: - ReadWriteMany csi: driver: nasplugin.csi.alibabacloud.com volumeHandle: cnfs-nas-pv # The value must be the same as the PV name. volumeAttributes: containerNetworkFileSystem: cnfs-nas-filesystem path: "/" mountOptions: - nolock,tcp,noresvport - vers=3 EOF
Parameter
Description
containerNetworkFileSystem
The name of the CNFS file system that you want to use.
path
The path of the CNFS file system used by the PV.
Run the following command to check whether the PV is created:
kubectl get pv
Expected output:
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE cnfs-nas-pv 5Gi RWX Retain Available 4s
Create a dynamic StorageClass.
Use the following template to create a dynamic StorageClass and associate it with the NAS file system:
cat <<EOF | kubectl apply -f - apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: alibabacloud-nas-cnfs mountOptions: - nolock,tcp,noresvport - vers=3 parameters: volumeAs: subpath containerNetworkFileSystem: nas-load-mount-target path: "/" provisioner: nasplugin.csi.alibabacloud.com reclaimPolicy: Retain allowVolumeExpansion: true EOF
NoteallowVolumeExpansion specifies whether to enable the Quota feature and volume expansion. Valid values: true and false.
Create a persistent volume claim (PVC).
Use the following template to create a PVC that is used to mount the NAS file system:
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: PersistentVolumeClaim metadata: name: cnfs-nas-pvc spec: accessModes: - ReadWriteMany storageClassName: alibabacloud-nas-cnfs resources: requests: storage: 70Gi EOF
Create an application.
Use the following template to create an application that uses the PVC:
cat <<EOF | kubectl apply -f - apiVersion: apps/v1 kind: Deployment metadata: name: cnfs-nas-deployment labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 volumeMounts: - name: cnfs-nas-pvc mountPath: "/data" volumes: - name: cnfs-nas-pvc persistentVolumeClaim: claimName: cnfs-nas-pvc EOF
Run the following command to query the status of the application:
kubectl get pod
Expected output:
NAME READY STATUS RESTARTS AGE cnfs-nas-deployment-86959b**** 1/1 Running 0 2s
The output shows that the created Deployment is in the Running state. This means that the CNFS file system is used by the Deployment.
Method 3: Create a CNFS file system by using an existing NAS file system
Use CNFS to configure an existing NAS file system and use a statically or dynamically provisioned NAS volume to mount the existing NAS file system. Then, mount the statically or dynamically provisioned NAS volume to a Deployment.
Create a CNFS file system by using an existing NAS file system.
Use the following template to create a CNFS file system based on an existing NAS file system:
# Load the existing NAS file system. cat <<EOF | kubectl apply -f - apiVersion: storage.alibabacloud.com/v1beta1 kind: ContainerNetworkFileSystem metadata: name: cnfs-nas-filesystem spec: description: "cnfs" type: nas reclaimPolicy: Retain parameters: server: 17f7e4****-h****.cn-beijing.nas.aliyuncs.com EOF
Parameter
Description
description
The description of the file system.
type
The type of the volume that you want to create.
reclaimPolicy
The reclaim policy of the NAS file system. Only the Retain policy is supported. If the CNFS file system is deleted, the related NAS file system is retained.
parameters.server
The URL of the mount target of the NAS file system.
Run the following command to query the NAS file system:
kubectl get cnfs
Expected output:
NAME AGE cnfs-nas-filesystem 6d
Run the following command to query the details about the NAS file system:
kubectl get cnfs/cnfs-nas-filesystem -o yaml
Expected output:
apiVersion: storage.alibabacloud.com/v1beta1 kind: ContainerNetworkFileSystem metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"storage.alibabacloud.com/v1beta1","kind":"ContainerNetworkFileSystem","metadata":{"annotations":{},"name":"nas-load-mount-target"},"spec":{"description":"filesystem4","parameters":{"filesystemId":"17f7e4****","server":"17f7e48ece-h****.cn-beijing.nas.aliyuncs.com"},"reclaimPolicy":"Retain","type":"nas"}} creationTimestamp: "2021-05-14T08:20:09Z" finalizers: - protection.alibabacloud.com/cnfs generation: 6 name: cnfs-nas-filesystem resourceVersion: "122342382" selfLink: /apis/storage.alibabacloud.com/v1beta1/containernetworkfilesystems/nas-load-mount-target uid: a9e9650c-68b2-405b-8274-0f5b6063**** spec: description: cnfs parameters: server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com reclaimPolicy: Retain type: nas status: conditions: - lastProbeTime: "2021-05-14 16:20:15" reason: The nas filesystem and mount target complete initialization. status: Ready fsAttributes: accessGroupName: DEFAULT_VPC_GROUP_NAME encryptType: None enableTrashCan: "true" filesystemId: 17f7e4**** filesystemType: standard protocolType: NFS regionId: cn-beijing server: 17f7e48ece-h****.cn-beijing.nas.aliyuncs.com storageType: Capacity vSwitchId: vsw-2ze9l3ppwzg6bl02j**** vpcId: vpc-2ze9sgmehjvwv5x74**** zoneId: cn-beijing-h status: Available
Use CNFS to create a NAS volume. For more information, see Step 2 to Step 4 in Method 2: Use CNFS to create a custom NAS file system.
What to do next
For more information about how to monitor NAS resources on the node side, see Examples of monitoring NAS file systems.