Object Storage Service (OSS) is a secure, cost-effective, and highly reliable Alibaba Cloud storage service that allows you to store large volumes of unstructured data, such as images and audio and video data. You can use FlexVolume to mount OSS buckets as volumes on a self-managed Kubernetes cluster. This topic describes how to mount an OSS bucket to multiple elastic container instance-based pods without using a PVC.
A virtual node (VNode) is deployed on a self-managed Kubernetes cluster.
The version of the self-managed Kubernetes cluster is v1.16 or later, and the CSI-Provisioner component is deployed on the self-managed Kubernetes cluster.
If the self-managed Kubernetes cluster is deployed in a data center, the data center is connected to Alibaba Cloud.
Create an OSS bucket.
Use one of the following methods to grant the permissions to manage OSS buckets:
Use a RAM role for authorization.
Create a RAM role and grant the RAM role the permissions to manage OSS buckets. When you create a RAM role, select Alibaba Cloud Service for the Select Trusted Entity parameter, Normal Service Role for the Role Type parameter, and Elastic Compute Service for the Select Trusted Service parameter. When you grant permissions to the RAM role, attach the AliyunOSSFullAccess policy to the RAM role.
For more information, see Create a RAM role for a trusted Alibaba Cloud service and Grant permissions to a RAM role.
(Not recommended) Use your AccessKey pair for authorization.
Obtain your AccessKey ID and AccessKey secret. For more information, see Obtain an AccessKey pair.
Prepare the YAML file.
Create a file named test-flex-oss.yaml and copy the following template content into the file.
apiVersion: apps/v1 kind: Deployment metadata: name: test-flex-oss labels: app: nginx spec: replicas: 2 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: nodeSelector: k8s.aliyun.com/vnode: "true" tolerations: - key: k8s.aliyun.com/vnode operator: "Equal" value: "true" effect: "NoSchedule" containers: - name: nginx image: registry-vpc.cn-beijing.aliyuncs.com/eci_open/nginx:1.14.2 ports: - containerPort: 80 volumeMounts: - name: cache-volume mountPath: /cache-test volumes: - name: cache-volume flexVolume: driver: alicloud/oss fsType: fuse options: bucket: "oss-test" url: "oss-cn-beijing-internal.aliyuncs.com" otherOpts: "-o max_stat_cache_size=0 -o allow_other -o connect_timeout=5 -o readwrite_timeout=5" ramRole: "EciOssRoleShare"
In the preceding example, a RAM role is used for authorization. If you want to use your AccessKey pair for authorization, replace
ramRole: "<Your RAM role name>"with the following lines:
akId: "<your AccessKey ID>" akSecret: "<your AccessKey Secret>"
The following table describes the parameters in options.
Create two elastic container instance-based pods and mount the OSS bucket to the pods.
kubectl create -f test-flex-oss.yaml
View the results.
kubectl get pods -o wide
The following command output is expected to return:
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES test-flex-oss-74b7cf46ff-fsbzc 1/1 Running 0 17m 172.16.XX.XXX cn-beijing.vnd-2zedtmwhcv8kbuou**** <none> <none> test-flex-oss-74b7cf46ff-rqsbt 1/1 Running 0 17m 172.16.XX.XXX cn-beijing.vnd-2zedtmwhcv8kbuou**** <none> <none>
Check the file directories in the pod and verify that the
/cache-testmount directory is generated for the OSS bucket. In addition, verify that the files written to one pod are displayed in the other pod. This indicates that the two pods share the OSS bucket.