Mount NAS volumes in Container Compute Service (ACS) - File Storage NAS

This topic describes how to mount a File Storage NAS (NAS) file system on Container Compute Service (ACS) and how to verify the shared storage and data persistence capabilities of NAS.

Scenarios

NAS is a distributed file system service that features shared access, scalability, high reliability, and high performance. NAS is suitable for scenarios where data sharing and high IOPS are required. You can select an appropriate file system type and storage class based on the cost and performance requirements. For more information, see General-purpose NAS file systems, Extreme NAS file systems, and Select file systems.

Note

General-purpose NAS file systems and Extreme NAS file systems have different limits on mounting connectivity, the number of file systems, and file sharing protocols. For more information, see Limits.

Based on whether you already have a NAS file system, you can choose one of the following methods to mount and use NAS volumes:

If you already have an available NAS file system, you can directly mount and share it. For more information, see Use an existing NAS file system as a storage volume.
If you do not have an available NAS file system, you can automatically create one through StorageClass and mount it for use. For more information, see Create a new NAS file system as a storage volume.

Prerequisites

The managed-csiprovisioner component is installed in the ACS cluster.

Note

Go to the ACS cluster management page in the ACS console. In the left-side navigation pane of the cluster management page, choose Operations > Add-ons. On the Storage tab, you can check whether managed-csiprovisioner is installed.

Limits

You cannot mount NAS file systems that use the SMB protocol.
When you mount a NAS file system to multiple pods, the pods must be deployed in the same virtual private cloud (VPC). You cannot mount a NAS file system to pods in different VPCs.
Note
Within the same VPC, a NAS file system can be mounted across zones.
You can use only the NFSv3 protocol to mount a NAS file system.

Considerations

NAS is a shared storage service. You can mount a NAS volume to multiple pods. In this case, the application must be able to synchronize data across the pods if the data in the NAS file system is modified by multiple pods.
When you mount a NAS file system, do not configure securityContext.fsgroup in the YAML file of the application. Otherwise, the mounting may fail.
Note
The / directory of a NAS file system does not support modifications to permissions, owners, or groups.
After you mount a NAS file system, do not delete the mount target. Otherwise, an operating system hang issue may occur.

Use an existing NAS file system as a storage volume

Step 1: Obtain NAS file system information

Obtain the VPC and vSwitch IDs used by ACS pods.
Note
The following steps describe how to obtain the information in the console. You can also run the kubectl get cm -n kube-system acs-profile -o yaml command to view the YAML file of acs-profile and obtain the VPC ID and vSwitch ID used by pods from the vpcId and vSwitchIds fields.
1. Log on to the ACS console.
2. On the Clusters, click the name of the cluster to go to the cluster management page.
3. In the left navigation bar, choose Configuration Management > > ConfigMaps.
4. On the ConfigMaps page, change the namespace at the top to kube-system, find acs-profile, and click Edit YAML.
5. Obtain the VPC ID and vSwitch ID used by pods from the vpcId and vSwitchIds fields.
Verify that the existing NAS file system meets the requirements and obtain the mount target address.
1. Log on to the NAS console, and click File System List in the left navigation pane.
2. Find the target NAS file system and verify that the region, zone, and protocol type meet the requirements.
  - NAS file systems cannot be mounted across VPCs, which means they cannot be used across regions. Make sure that the region of the existing NAS file system is the same as that of the ACS cluster.
  - Within the same VPC, a NAS file system can be mounted across zones. However, it is recommended to use the same zone as the pods in the ACS cluster for better performance.
  - Verify that the protocol type of the NAS file system is NFS. You cannot mount NAS file systems that use the SMB protocol.
3. Verify that the mount target meets the requirements and obtain the mount target address.
  1. Click the file system ID.
  2. In the left navigation pane of the file system details page, click Mount Target.
  3. In the Mount Target section, verify that the existing mount target meets the requirements, and then obtain the mount target address.
    Note
    The system automatically creates a mount target for a General-purpose NAS file system. However, you need to manually create mount targets for Extreme NAS file systems.
    If the existing mount target does not meet the requirements, you can create a new one. For more information, see Manage mount targets.
    - The VPC of the mount target must be the same as the VPC used by pods in the ACS cluster. Otherwise, the mounting will fail.
    - It is recommended that the vSwitch of the mount target is the same as the vSwitch used by pods in the ACS cluster for better performance.
    - The status of the mount target is Available.

Step 2: Create a PVC

kubectll

Create a file named nas-pvc.yaml and copy the following content to the file:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: nas-pvc
  annotations:
    csi.alibabacloud.com/mountpoint: *******-mw***.cn-shanghai.nas.aliyuncs.com
    csi.alibabacloud.com/mount-options: nolock,tcp,noresvport
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi
  storageClassName: alibaba-cloud-nas

Field description:

Important

When you create a PVC based on the preceding YAML template, the system first creates a static PV based on the NAS configuration in the annotations field, and then creates a PVC that is associated with the PV.

Parameter	Description
`csi.alibabacloud.com/mountpoint`	The directory of the NAS file system that you want to mount. This parameter is used to associate with the previously created NAS file system. If you enter a mount target address, such as `**-.<region>.nas.aliyuncs.com`, it indicates that the root directory (`/`) of the NAS file system is mounted. If you enter a mount target address and a subdirectory, such as `-**.<region>.nas.aliyuncs.com:/dir`, it indicates that the `/dir` directory of the NAS file system is mounted. If the `/dir` directory does not exist, the system automatically creates it.
`csi.alibabacloud.com/mount-options`	The parameters that are required to mount the NAS file system. We recommend that you use `nolock,tcp,noresvport`.
`accessModes`	The access mode.
`storage`	The storage capacity allocated to pods. This refers to the capacity of the NAS volume that you want to create.

Create a PVC.
```
kubectl create -f nas-pvc.yaml
```

Check the PV.

kubectl get pv

The following output shows that a PV is automatically created based on the information about the NAS file system specified in the configuration of the PVC you created. The information includes the mount target of the file system.

NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM             STORAGECLASS        REASON   AGE
nas-ea7a0b6a-bec2-4e56-b767-47222d3a****   20Gi       RWX            Retain           Bound    default/nas-pvc   alibaba-cloud-nas            1m58s

View the PVC.

kubectl get pvc

The following output shows that a PV is automatically bound to the PVC.

NAME      STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS        VOLUMEATTRIBUTESCLASS  AGE
nas-pvc   Bound    nas-ea7a0b6a-bec2-4e56-b767-47222d3a****   20Gi       RWX            alibaba-cloud-nas   <unset>                2m14s

Console

Log on to the ACS console.
On the Clusters, click the name of the cluster to go to the cluster management page.
In the left-side navigation pane of the cluster management page, choose Volumes > Persistent Volume Claims.
On the Persistent Volume Claims page, click Create.

In the dialog box that appears, configure the parameters and click Create.

Parameter	Description	Example
PVC Type	Select NAS.	NAS
Name	Specify a custom name for the PVC. The name must follow the format requirements displayed on the UI.	nas-pvc
Allocation Mode	Select Use Mount Target Domain Name.	Use Mount Target Domain Name
Storage Driver	CSI is selected by default.	CSI
Total	The storage capacity allocated to the pod. This is also the capacity of the NAS volume.	20Gi
Access Mode	You can select ReadWriteMany or ReadWriteOnce.	ReadWriteMany
Mount Target Domain Name	The directory of the NAS file system that you want to mount. If you enter a mount target address, such as `**-.<region>.nas.aliyuncs.com`, it indicates that the root directory (`/`) of the NAS file system is mounted. If you enter a mount target address and a subdirectory, such as `-**.<region>.nas.aliyuncs.com:/dir`, it indicates that the `/dir` directory of the NAS file system is mounted. If the `/dir` directory does not exist, the system automatically creates it.	350514**-mw*.cn-shanghai.nas.aliyuncs.com

After the creation is complete, you can see the newly created PVC on the Persistent Volume Claims page. The PVC is bound to an automatically created PV (NAS storage volume). You can view the details of the corresponding PV on the Persistent Volumes page.

Step 3: Create an application and mount the NAS volume

kubectll

Create a file named nas-test.yaml and copy the following content to the file.

The following YAML template creates a Deployment that provisions two pods. Both pods request storage resources through a PVC named nas-pvc and mount the NAS volume to the /data directory.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nas-test
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
        ports:
        - containerPort: 80
        volumeMounts:
          - name: pvc-nas
            mountPath: /data
      volumes:
        - name: pvc-nas
          persistentVolumeClaim:
            claimName: nas-pvc

Create a Deployment and mount the NAS file system to the Deployment.
```
kubectl create -f nas-test.yaml
```

Check the status of the pods created by the Deployment.

kubectl get pod | grep nas-test

The following output shows that two pods are created.

nas-test-****-***a   1/1     Running   0          40s
nas-test-****-***b   1/1     Running   0          40s

View the mount path.
Run the following command to view files in the mount path. By default, no data is returned.
```
kubectl exec nas-test-****-***a -- ls /data
```

Console

In the left-side navigation pane of the cluster management page, choose Workloads > Deployments.
On the Deployments page, click Create From Image.

Configure the parameters for the Deployment and click Create.

The following table describes some of the parameters. Use the default values for other parameters. For more information, see Create a Deployment.

Configuration page	Parameter	Description	Example
Basic Information	Name	Enter a custom name for the Deployment. The name must follow the format requirements displayed on the UI.	nas-test
Basic Information	Replicas	The number of pod replicas provisioned by the Deployment.	2
Container Configuration	Image Name	The address of the image used to deploy the application.	registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
	Required Resources	Specify the number of vCores and the amount of memory required by the application.	0.25 vCores and 0.5 GiB of memory
	Volumes	Click Add PVC and configure the parameters. Mount Source: Select the PVC that you created. Container Path: Enter the path to which you want to mount the NAS file system in the container.	Mount Source: nas-pvc Container Path: /data

Check whether the application is deployed.
1. On the Deployments page, click the name of the application.
2. On the Pods tab, verify that the pods are running normally (the status is Running).

Create a new NAS file system as a storage volume

Step 1: Create a StorageClass

Create a file named nas-sc.yaml and copy the following template into the file. Modify the parameters in the template as required.

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alicloud-nas-fs
mountOptions:
- nolock,tcp,noresvport
- vers=3
parameters:
  volumeAs: filesystem
  fileSystemType: standard
  storageType: Performance
  regionId: cn-shanghai
  zoneId: cn-shanghai-e
  vpcId: "vpc-2ze2fxn6popm8c2mzm****"
  vSwitchId: "vsw-2zwdg25a2b4y5juy****"
  accessGroupName: DEFAULT_VPC_GROUP_NAME
  deleteVolume: "false"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain

The following table describes the parameters in the template.

Important

NAS file systems of different types and storage specifications support different regions and zones. Specify the region, zone, virtual private cloud (VPC), and vSwitch of the NAS file system and mount target that you want to create based on the storage requirements of your business, the region of the ACS cluster, and the VPC and vSwitch that are used by pods in the ACS cluster. For more information, see the following topics:

For information about the storage specifications, performance, billing, and supported regions and zones of different types of NAS file systems, see General-purpose NAS and Extreme NAS.
General-purpose NAS file systems and Extreme NAS file systems have different limits on mounting connectivity, the number of file systems, and file sharing protocols. For more information, see Limits.
You can run the kubectl get cm -n kube-system acs-profile -o yaml command to view the YAML file of acs-profile and obtain the VPC ID and vSwitch ID used by pods from the vpcId and vSwitchIds fields.

Parameter	Description
`volumeAs`	Only `filesystem` is supported. This value indicates that a NAS file system is automatically created. Each NAS volume corresponds to a NAS file system.
`fileSystemType`	The type of the NAS file system. `standard` (default): General-purpose NAS file system. For more information, see General-purpose NAS. `extreme`: Extreme NAS file system. For more information, see Extreme NAS.
`storageType`	The storage type of the NAS file system. For General-purpose NAS file systems, the following values are supported: `Performance` (default): Performance `Capacity`: Capacity For Extreme NAS file systems, the following values are supported: `standard` (default): medium `advanced`: advanced
`regionId`	The ID of the region to which the NAS file system belongs. The region ID must be the same as that of the ACS cluster.
`zoneId`	The ID of the zone to which the NAS file system belongs. Select a zone based on the vSwitch used by the pod in the ACS cluster. Note Within the same VPC, a NAS file system can be mounted across zones. We recommend that you select the same zone for better performance.
`vpcId`, `vSwitchId`	The IDs of the VPC and the vSwitch to which the mount target of the NAS file system belongs. Set the values to the IDs of VPC and vSwitch used by pods in the ACS cluster.
`accessGroupName`	The permission group to which the mount target of the NAS file system belongs. The default value is `DEFAULT_VPC_GROUP_NAME`.
`provisioner`	The driver type. Set the value to `nasplugin.csi.alibabacloud.com`, which indicates that the Alibaba Cloud NAS CSI plugin is used.
`reclaimPolicy`	The reclaim policy of the PV. Only `Retain` is supported. This value indicates that the NAS file system and its mount target are retained when the PV is deleted.

Create a StorageClass.
```
kubectl create -f nas-sc.yaml
```

Check the StorageClass.

kubectl get sc

Expected output:

NAME                             PROVISIONER                       RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
alicloud-nas-fs                  nasplugin.csi.alibabacloud.com    Retain          Immediate              false                  13m
......

Step 2: Create a PVC

Save the following content as a YAML file named nas-pvc-fs.yaml:

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: nas-pvc-fs
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alicloud-nas-fs
  resources:
    requests:
      storage: 20Gi

Field description:

Parameter	Description
`accessModes`	The access mode.
`storage`	The storage capacity allocated to the pod. This is also the capacity of the NAS volume that you want to create. Note Because Extreme NAS file systems have a minimum capacity limit of 100 GiB, if the NAS file system type defined in the StorageClass is Extreme NAS, the value of `storage` must be greater than or equal to 100 GiB. Otherwise, the corresponding PV cannot be created.
`storageClassName`	The name of the StorageClass that you want to associate.

Create a PVC.
```
kubectl create -f nas-pvc-fs.yaml
```

View the PVC.

kubectl get pvc

A command output similar to the following one is returned. The PVC is associated with the PV that is automatically created. You can go to the NAS console to view the corresponding NAS file system.

NAME         STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS      VOLUMEATTRIBUTESCLASS  AGE
nas-pvc-fs   Bound    nas-04a730ba-010d-4fb1-9043-476d8c38****   20Gi       RWX            alicloud-nas-fs   <unset>                14s

Step 3: Create an application and mount the NAS volume

Create a file named nas-test-fs.yaml and add the following content to the file:

The following YAML template creates a Deployment that provisions two pods. Both pods request storage resources through a PVC named nas-pvc-fs and mount the NAS volume to the /data directory.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nas-test
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
        ports:
        - containerPort: 80
        volumeMounts:
          - name: pvc-nas
            mountPath: /data
      volumes:
        - name: pvc-nas
          persistentVolumeClaim:
            claimName: nas-pvc-fs

Create a Deployment and mount the NAS file system.
```
kubectl create -f nas-test-fs.yaml
```

Check the status of the pods created by the Deployment.

kubectl get pod | grep nas-test

The following output shows that two pods are created.

nas-test-****-***a   1/1     Running   0          40s
nas-test-****-***b   1/1     Running   0          40s

View the mount path.
Run the following command to view files in the mount path. By default, no data is returned.
```
kubectl exec nas-test-****-***a -- ls /data
```

Verify the shared storage and data persistence capabilities of NAS

The Deployment created in the preceding example provisions two pods and a NAS file system is mounted to the pod. You can use the following methods to verify it:

Create a file in one pod and view the file from the other pod to verify shared storage.
Recreate the Deployment. Access the NAS volume from a recreated pod to check whether the original data still exists in the NAS file system. If the data still exists, data persistence is enabled.

View the pod information.

kubectl get pod | grep nas-test

The following output is returned:

nas-test-****-***a   1/1     Running   0          40s
nas-test-****-***b   1/1     Running   0          40s

Check whether data sharing is enabled.
1. Create a file in a pod.
  Use the pod named nas-test-****-***a as an example:
```
kubectl exec nas-test-****-***a -- touch /data/test.txt
```
2. View the file from the other pod.
  Use the pod named nas-test-****-***b as an example:
```
kubectl exec nas-test-****-***b -- ls /data
```
  The following output shows that the newly created file test.txt is shared.
```
test.txt
```
Verify persistent storage.
1. Recreate the Deployment.
```
kubectl rollout restart deploy nas-test
```
2. Wait until the pods are recreated.
```
kubectl get pod | grep nas-test
```
  The following output is returned:
```
nas-test-****-***c   1/1     Running   0          67s
nas-test-****-***d   1/1     Running   0          49s
```
3. Check whether data stored in the file system exists from the newly created pod.
  Use the pod named nas-test-c*** as an example:
```
kubectl exec nas-test-****-***c -- ls /data
```
  The following output shows that the file still exists in the NAS volume and can be accessed from the mount directory in the recreated pod.
```
test.txt
```