Mount an OSS bucket to an elastic container instance as a volume - Elastic Container Instance

Object Storage Service (OSS) is a secure, cost-effective, and highly reliable Alibaba Cloud storage service that allows you to store large volumes of unstructured data, such as images and audio and video data. This topic describes how to mount an OSS bucket to an elastic container instance as a volume.

Precautions

OSS is billed based on usage and supports the pay-as-you-go, resource plan, and storage capacity unit (SCU) billing methods. For more information, see Billing overview.
OSS is a shared storage service. An OSS bucket can be mounted to multiple instances.
We recommend that you store no more than 1,000 files in a mount directory.
If you store excess files in a mount directory, the OSS client consumes a large amount of memory, which may cause an out of memory (OOM) event on the instance.

Make preparations

Create an OSS bucket.
1. Log on to the OSS console.
2. Create an OSS bucket.
  For more information, see Create buckets.
Use one of the following methods to grant the permissions to access OSS:
- Use a RAM role to grant permissions.
  Create a RAM role and grant the RAM role the permissions to access OSS buckets. For more information, see Create a RAM role for a trusted Alibaba Cloud service and Grant permissions to a RAM role.
  When you create a RAM role, select Alibaba Cloud Service for the Select Trusted Entity parameter, Normal Service Role for the Role Type parameter, and Elastic Compute Service for the Select Trusted Service parameter. When you grant permissions to the RAM role, attach the AliyunOSSFullAccess policy to the RAM role.
- (Not recommended) Use an AccessKey pair to grant permissions.
  Obtain the AccessKey ID and AccessKey secret. For more information, see Obtain an AccessKey pair.

Configuration description (API mode)

When you call the CreateContainerGroup API operation to create an elastic container instance, you can use Volume-related parameters to specify volumes, and then use Container.VolumeMount-related parameters to mount the volumes to containers. The following part describes the relevant parameters. For more information, see CreateContainerGroup.

Specify the volume to be mounted

When you use Volume-related parameters to specify volumes, you must first specify the types and names of the volumes. Then, you must configure other Volume-related parameters based on the value of the Volume.N.Type parameter.

Parameter	Type	Example	Description
Volume.N.Name	String	oss-demo	The name of volume N.
Volume.N.Type	String	FlexVolume	Set the value to FlexVolume. The value specifies a volume that is mounted by using the FlexVolume plug-in.
Volume.N.FlexVolume.Driver	String	alicloud/oss	The driver type when you use the FlexVolume plug-in to mount the volume. The value of `alicloud/oss` indicates that an Alibaba Cloud OSS bucket is mounted.
Volume.N.FlexVolume.Options	String	{"bucket":"test","url": "oss-cn-hangzhou.aliyuncs.com","path":"/path","ramRole":"role-test"}	The options when you set Volume.N.Type to FlexVolume. Each option is a key-value pair in a JSON string. When you use the FlexVolume plug-in to mount an OSS bucket, Options represents the configuration parameters of OSS volumes. The following parameters can be configured: bucket: the name of the OSS bucket. Only OSS buckets can be mounted to elastic container instances. Subdirectories or files in OSS buckets cannot be mounted to elastic container instances. url: the endpoint of the OSS bucket. You can log on to the OSS console and obtain the endpoint on the Overview page of the bucket. For more information, see Regions and endpoints. path: The path relative to the root directory of the OSS bucket. Default value: `/`. The custom options that are specified to mount the OSS bucket. Format: `-o * -o *`. Example: `-o max_stat_cache_size=0 -o allow_other`. akId: the AccessKey ID used if you use AccessKey pairs to grant permissions to access OSS. akSecret: the AccessKey secret used if you use AccessKey pairs to grant permissions to access OSS. ramRole: the RAM role that is used to grant permissions. Specify this parameter if you use a RAM role to grant permissions.

Mount volumes

After you specify volumes, you can use VolumeMount-related parameters to mount the volumes to containers.

Parameter	Type	Example	Description
Container.N.VolumeMount.N.Name	String	test-volume	The name of volume N to be mounted to container N. This value is the value of Volume.N.Name.
Container.N.VolumeMount.N.MountPath	String	/usr/share	The directory to which volume N is mounted. Data under this directory is overwritten by the data on the volume. Make sure that this value is correct.
Container.N.VolumeMount.N.SubPath	String	/usr/sub	The subdirectory of the volume. This parameter specifies different subdirectories of the same volume that the instance can mount to different subdirectories of containers.
Container.N.VolumeMount.N.ReadOnly	Boolean	false	Specifies whether the mount directory is read-only. Default value: false.
Container.N.VolumeMount.N.MountPropagation	String	None	The mount propagation setting of volume N. Mount propagation allows you to share volumes that are mounted to one container to other containers in the same elastic container instance, or even to other elastic container instances on the same host. Valid values: None: The volume mount does not receive subsequent mounts that are mounted to this volume or its subdirectories. HostToContainer: The volume mount receives all subsequent mounts that are mounted to this volume or its subdirectories. Bidirectional: This value has a similar effect as HostToContainer. The volume mount receives all subsequent mounts that are mounted to this volume or its subdirectories. In addition, all volume mounts created by container N are propagated back to the host and to all containers of all elastic container instances that use the same volume. Default value: None.

Note

Volumes can also be mounted to init containers. The required parameters are similar to the parameters in the preceding table. You only need to change Container to InitContainer.

Configuration description (console mode)

When you create an elastic container instance on the Elastic Container Instance buy page, you can specify volumes in the Container Group Configurations section and then mount the volumes to containers in the Container Configurations section.

Specify the volume to be mounted

In the Container Group Configurations section of the Basic Settings step of the Create Container Group wizard, click Advanced Settings.
In the Storage section, click the OSS Persistence tab and click Add.
Configure the parameters for the OSS volume.
- Name: the name of the OSS volume.
- Bucket: the name of the OSS bucket.
- RAM Role: the RAM role that has permissions to access OSS.

Mount the volume

In the Container Configurations section of the Basic Settings step of the Create Container Group wizard, select a container and click Advanced Settings of the container.
Turn on Storage and click Add.
You can only add the volumes that you specified in the Container Group Configurations section.

Note

If you want to mount volumes to multiple containers, select more containers and repeat the preceding operations.

Configuration example

Create Elastic Container Instance A (Instance A) and mount an OSS volume to Instance A.

The following example shows the parameters used to create Instance A by calling the CreateContainerGroup API operation. For more information, see CreateContainerGroup.

ContainerGroupName=test-oss-a
# Specify the volume to be mounted.
Volume.1.Name=oss-demo
Volume.1.Type=FlexVolume
Volume.1.FlexVolume.Driver=alicloud/oss
Volume.1.FlexVolume.Options={"bucket":"test","url": "oss-cn-hangzhou.aliyuncs.com","path":"/path","ramRole":"eci-oss
"}
# Mount the volume to a container.
Container.1.Name=nginx
Container.1.Image=registry-vpc.cn-hangzhou.aliyuncs.com/eci_open/nginx:1.14.2
Container.1.VolumeMount.1.Name=oss-demo
Container.1.VolumeMount.1.MountPath=/data-a

Connect to Instance A and add a file to the mount directory.
For more information, see Connect to an elastic container instance.
Delete Instance A.

Create Elastic Container Instance B (Instance B) and mount the same OSS volume to Instance B.

ContainerGroupName=test-oss-b
# Specify the volume to be mounted.
Volume.1.Name=oss-demo
Volume.1.Type=FlexVolume
Volume.1.FlexVolume.Driver=alicloud/oss
Volume.1.FlexVolume.Options={"bucket":"test","url": "oss-cn-hangzhou.aliyuncs.com","path":"/path","ramRole":"AliyunOSSFullAccess"}
# Mount the volume to a container.
Container.1.Name=nginx
Container.1.Image=registry-vpc.cn-hangzhou.aliyuncs.com/eci_open/nginx:1.14.2
Container.1.VolumeMount.1.Name=oss-demo
Container.1.VolumeMount.1.MountPath=/data-b

Connect to Instance B and check whether the files in the mount directory are the same as the files in the mount directory of the OSS volume on Instance A.
Instance A and Instance B share the same OSS volume, and OSS volumes are persistent storage. After Instance A is deleted, you can still use Instance B to obtain the file in the OSS bucket that you added to Instance A.