如何遷移Flexvolume儲存外掛程式 - Container Service for Kubernetes

由於Flexvolume儲存外掛程式已棄用，建立叢集已不再支援Flexvolume儲存外掛程式。對於現有使用Flexvolume外掛程式的叢集，建議遷移改用CSI外掛程式。本文介紹如何將Flexvolume類型的OSS靜態儲存卷遷移至CSI。

外掛程式區別

CSI和Flexvolume儲存外掛程式的區別如下表所示。

外掛程式

組成

kubelet參數

相關文檔

CSI

CSI-Provisioner（Deployment）
實現儲存卷、快照自動建立的能力。支援儲存誤刪除後的恢複功能、CNFS儲存等功能。
CSI-Plugin（DaemonSet）
實現儲存卷的自動掛載和卸載能力。支援多種儲存類型。

外掛程式運行依賴的kubelet參數不同。

配置kubelet的enable-controller-attach-detach為true。

儲存

Flexvolume

Disk-Controller（Deployment）
實現雲端硬碟卷的自動建立能力。
Flexvolume（DaemonSet）
實現儲存卷的掛載和卸載能力。

外掛程式運行依賴的kubelet參數不同。

配置kubelet的enable-controller-attach-detach為false。

儲存Flexvolume概述

使用情境

叢集已使用Flexvolume掛載OSS靜態儲存卷，即當前叢集中包含Flexvolume類型的OSS靜態儲存卷。如果您的叢集中也有Flexvolume類型的雲端硬碟儲存卷，請參考通過csi-compatible-controller組件遷移Flexvolume至CSI。

注意事項

外掛程式遷移時，PVC重建會導致Pod重建和業務中斷。請在合適時間進行外掛程式遷移、PVC重建和應用變更等重啟操作。

準備工作

操作前，請先在叢集中手動安裝CSI組件。

使用以下內容，分別建立csi-plugin.yaml和csi-provisioner.yaml檔案。

展開查看csi-plugin.yaml檔案

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: csi-admin
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: alicloud-csi-plugin
rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "create", "list"]
  - apiGroups: [""]
    resources: ["persistentvolumes"]
    verbs: ["get", "list", "watch", "update", "create", "delete", "patch"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: [""]
    resources: ["persistentvolumeclaims/status"]
    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["csinodes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["endpoints"]
    verbs: ["get", "watch", "list", "delete", "update", "create"]
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get", "watch", "list", "delete", "update", "create"]
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["csi.storage.k8s.io"]
    resources: ["csinodeinfos"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]
    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotclasses"]
    verbs: ["get", "list", "watch", "create"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents"]
    verbs: ["create", "get", "list", "watch", "update", "delete"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots"]
    verbs: ["get", "list", "watch", "update", "create"]
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions"]
    verbs: ["create", "list", "watch", "delete", "get", "update", "patch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["get", "create", "list", "watch", "delete", "update"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshotcontents/status"]
    verbs: ["update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments/status"]
    verbs: ["patch"]
  - apiGroups: ["snapshot.storage.k8s.io"]
    resources: ["volumesnapshots/status"]
    verbs: ["update"]
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "list"]
  - apiGroups: [""]
    resources: ["pods","pods/exec"]
    verbs: ["create", "delete", "get", "post", "list", "watch", "patch", "update"]
  - apiGroups: ["storage.alibabacloud.com"]
    resources: ["rules"]
    verbs: ["get"]
  - apiGroups: ["storage.alibabacloud.com"]
    resources: ["containernetworkfilesystems"]
    verbs: ["get","list", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: alicloud-csi-plugin
subjects:
  - kind: ServiceAccount
    name: csi-admin
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: alicloud-csi-plugin
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
  name: diskplugin.csi.alibabacloud.com
spec:
  attachRequired: true
  podInfoOnMount: true
---
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
  name: nasplugin.csi.alibabacloud.com
spec:
  attachRequired: false
  podInfoOnMount: true
---
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
  name: ossplugin.csi.alibabacloud.com
spec:
  attachRequired: false
  podInfoOnMount: true
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: csi-plugin
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: csi-plugin
  template:
    metadata:
      labels:
        app: csi-plugin
    spec:
      tolerations:
        - operator: Exists
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
      nodeSelector:
        kubernetes.io/os: linux
      serviceAccount: csi-admin
      priorityClassName: system-node-critical
      hostNetwork: true
      hostPID: true
      dnsPolicy: ClusterFirst
      containers:
        - name: disk-driver-registrar
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar:v2.3.1-038aeb6-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--v=5"
            - "--csi-address=/var/lib/kubelet/csi-plugins/diskplugin.csi.alibabacloud.com/csi.sock"
            - "--kubelet-registration-path=/var/lib/kubelet/csi-plugins/diskplugin.csi.alibabacloud.com/csi.sock"
          volumeMounts:
            - name: kubelet-dir
              mountPath: /var/lib/kubelet
            - name: registration-dir
              mountPath: /registration
        - name: nas-driver-registrar
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar:v2.3.1-038aeb6-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--v=5"
            - "--csi-address=/var/lib/kubelet/csi-plugins/nasplugin.csi.alibabacloud.com/csi.sock"
            - "--kubelet-registration-path=/var/lib/kubelet/csi-plugins/nasplugin.csi.alibabacloud.com/csi.sock"
          volumeMounts:
            - name: kubelet-dir
              mountPath: /var/lib/kubelet/
            - name: registration-dir
              mountPath: /registration
        - name: oss-driver-registrar
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-node-driver-registrar:v2.3.1-038aeb6-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--v=5"
            - "--csi-address=/var/lib/kubelet/csi-plugins/ossplugin.csi.alibabacloud.com/csi.sock"
            - "--kubelet-registration-path=/var/lib/kubelet/csi-plugins/ossplugin.csi.alibabacloud.com/csi.sock"
          volumeMounts:
            - name: kubelet-dir
              mountPath: /var/lib/kubelet/
            - name: registration-dir
              mountPath: /registration
        - name: csi-plugin
          securityContext:
            privileged: true
            allowPrivilegeEscalation: true
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-plugin:v1.24.6-55c95dd-aliyun
          args:
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=2"
            - "--driver=oss,nas,disk"
          env:
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  apiVersion: v1
                  fieldPath: spec.nodeName
            - name: CSI_ENDPOINT
              value: unix://var/lib/kubelet/csi-plugins/driverplugin.csi.alibabacloud.com-replace/csi.sock
            - name: MAX_VOLUMES_PERNODE
              value: "15"
            - name: SERVICE_TYPE
              value: "plugin"
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          livenessProbe:
            httpGet:
              path: /healthz
              port: healthz
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 5
            failureThreshold: 5
          ports:
            - name: healthz
              containerPort: 11260
          volumeMounts:
            - name: kubelet-dir
              mountPath: /var/lib/kubelet/
              mountPropagation: "Bidirectional"
            - name: etc
              mountPath: /host/etc
            - name: host-log
              mountPath: /var/log/
            - name: ossconnectordir
              mountPath: /host/usr/
            - name: container-dir
              mountPath: /var/lib/container
              mountPropagation: "Bidirectional"
            - name: host-dev
              mountPath: /dev
              mountPropagation: "HostToContainer"
            - mountPath: /var/addon
              name: addon-token
              readOnly: true
            - mountPath: /host/var/run/
              name: fuse-metrics-dir
      volumes:
        - name: fuse-metrics-dir
          hostPath:
            path: /var/run/
            type: DirectoryOrCreate
        - name: registration-dir
          hostPath:
            path: /var/lib/kubelet/plugins_registry
            type: DirectoryOrCreate
        - name: container-dir
          hostPath:
            path: /var/lib/container
            type: DirectoryOrCreate
        - name: kubelet-dir
          hostPath:
            path: /var/lib/kubelet
            type: Directory
        - name: host-dev
          hostPath:
            path: /dev
        - name: host-log
          hostPath:
            path: /var/log/
        - name: etc
          hostPath:
            path: /etc
        - name: ossconnectordir
          hostPath:
            path: /usr/
        - name: addon-token
          secret:
            defaultMode: 420
            optional: true
            items:
            - key: addon.token.config
              path: token-config
            secretName: addon.csi.token
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 30%
    type: RollingUpdate

展開查看csi-provisioner.yaml檔案

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: csi-provisioner
  namespace: kube-system
spec:
  selector:
    matchLabels:
      app: csi-provisioner
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  replicas: 2
  template:
    metadata:
      labels:
        app: csi-provisioner
    spec:
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 1
            preference:
              matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: Exists
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: type
                operator: NotIn
                values:
                - virtual-kubelet
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - csi-provisioner
              topologyKey: kubernetes.io/hostname
      tolerations:
      - effect: NoSchedule
        operator: Exists
        key: node-role.kubernetes.io/master
      - effect: NoSchedule
        operator: Exists
        key: node.cloudprovider.kubernetes.io/uninitialized
      serviceAccount: csi-admin
      hostPID: true
      priorityClassName: system-node-critical
      containers:
        - name: external-disk-provisioner
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-provisioner:v3.0.0-080f01e64-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--csi-address=$(ADDRESS)"
            - "--feature-gates=Topology=True"
            - "--volume-name-prefix=disk"
            - "--strict-topology=true"
            - "--timeout=150s"
            - "--leader-election=true"
            - "--retry-interval-start=500ms"
            - "--extra-create-metadata=true"
            - "--default-fstype=ext4"
            - "--v=5"
          env:
            - name: ADDRESS
              value: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com/csi.sock
          volumeMounts:
            - name: disk-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com
        - name: external-disk-attacher
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-attacher:v3.3-72dd428b-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election=true"
          env:
            - name: ADDRESS
              value: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com/csi.sock
          volumeMounts:
            - name: disk-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com
        - name: external-disk-resizer
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-resizer:v1.3-ca84e84-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 8Gi
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com/csi.sock
          volumeMounts:
            - name: disk-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com
        - name: external-nas-provisioner
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-provisioner:v3.0.0-080f01e64-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--csi-address=$(ADDRESS)"
            - "--volume-name-prefix=nas"
            - "--timeout=150s"
            - "--leader-election=true"
            - "--retry-interval-start=500ms"
            - "--default-fstype=nfs"
            - "--v=5"
          env:
            - name: ADDRESS
              value: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com/csi.sock
          volumeMounts:
            - name: nas-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com
        - name: external-nas-resizer
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-resizer:v1.3-ca84e84-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 8Gi
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election"
          env:
            - name: ADDRESS
              value: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com/csi.sock
          volumeMounts:
            - name: nas-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com
        - name: external-oss-provisioner
          args:
            - --csi-address=$(ADDRESS)
            - --volume-name-prefix=oss
            - --timeout=150s
            - --leader-election=true
            - --retry-interval-start=500ms
            - --default-fstype=ossfs
            - --v=5
          env:
          - name: ADDRESS
            value: /var/lib/kubelet/csi-provisioner/ossplugin.csi.alibabacloud.com/csi.sock
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-provisioner:v3.0.0-080f01e64-aliyun
          resources:
            limits:
              cpu: 500m
              memory: 1Gi
            requests:
              cpu: 10m
              memory: 16Mi
          volumeMounts:
          - mountPath: /var/lib/kubelet/csi-provisioner/ossplugin.csi.alibabacloud.com
            name: oss-provisioner-dir
        - name: external-csi-snapshotter
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-snapshotter:v4.0.0-a230d5b3-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--v=5"
            - "--csi-address=$(ADDRESS)"
            - "--leader-election=true"
            - "--extra-create-metadata=true"
          env:
            - name: ADDRESS
              value: /csi/csi.sock
          volumeMounts:
            - name: disk-provisioner-dir
              mountPath: /csi
        - name: external-snapshot-controller
          image: registry.cn-hangzhou.aliyuncs.com/acs/snapshot-controller:v4.0.0-a230d5b3-aliyun
          resources:
            requests:
              cpu: 10m
              memory: 16Mi
            limits:
              cpu: 500m
              memory: 1024Mi
          args:
            - "--v=5"
            - "--leader-election=true"
        - name: csi-provisioner
          securityContext:
            privileged: true
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-plugin:v1.24.6-55c95dd-aliyun
          args:
            - "--endpoint=$(CSI_ENDPOINT)"
            - "--v=2"
            - "--driver=nas,disk,oss"
          env:
            - name: CSI_ENDPOINT
              value: unix://var/lib/kubelet/csi-provisioner/driverplugin.csi.alibabacloud.com-replace/csi.sock
            - name: MAX_VOLUMES_PERNODE
              value: "15"
            - name: SERVICE_TYPE
              value: "provisioner"
            - name: "CLUSTER_ID"
              value: "CLUSTER_ID"
          livenessProbe:
            httpGet:
              path: /healthz
              port: healthz
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 30
            timeoutSeconds: 5
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: /healthz
              port: healthz
            initialDelaySeconds: 5
            periodSeconds: 20
          ports:
            - name: healthz
              containerPort: 11270
          volumeMounts:
            - name: host-log
              mountPath: /var/log/
            - name: disk-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/diskplugin.csi.alibabacloud.com
            - name: nas-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/nasplugin.csi.alibabacloud.com
            - name: oss-provisioner-dir
              mountPath: /var/lib/kubelet/csi-provisioner/ossplugin.csi.alibabacloud.com
            - mountPath: /var/addon
              name: addon-token
              readOnly: true
            - mountPath: /mnt
              mountPropagation: Bidirectional
              name: host-dev
            - mountPath: /host/etc
              name: etc
          resources:
            limits:
              cpu: 500m
              memory: 1024Mi
            requests:
              cpu: 100m
              memory: 128Mi
      volumes:
        - name: disk-provisioner-dir
          emptyDir: {}
        - name: nas-provisioner-dir
          emptyDir: {}
        - name: oss-provisioner-dir
          emptyDir: {}
        - name: host-log
          hostPath:
            path: /var/log/
        - name: etc
          hostPath:
            path: /etc
            type: ""
        - name: host-dev
          hostPath:
            path: /mnt
            type: ""
        - name: addon-token
          secret:
            defaultMode: 420
            optional: true
            items:
            - key: addon.token.config
              path: token-config
            secretName: addon.csi.token

在ACK叢集中部署csi-plugin和csi-provisioner。

kubectl apply -f csi-plugin.yaml -f csi-provisioner.yaml

查看CSI外掛程式是否正常。

kubectl get pods -nkube-system | grep csi

預期輸出：

csi-plugin-577mm                              4/4     Running   0          3d20h
csi-plugin-k9mzt                              4/4     Running   0          41d
csi-provisioner-6b58f46989-8wwl5              9/9     Running   0          41d
csi-provisioner-6b58f46989-qzh8l              9/9     Running   0          6d20h

存在以上預期輸出，說明叢集中CSI外掛程式正常運行。

操作步驟

下文以1個StatefulSet使用Flexvolume類型的OSS靜態儲存卷，儲存卷的密鑰資訊儲存在oss-secret中為例，介紹如何將Flexvolume類型的OSS靜態儲存卷遷移至CSI。流程如下圖所示。 oss

步驟一：查看叢集儲存狀態

查看Pod狀態。

kubectl get pod

預期輸出：

NAME       READY   STATUS    RESTARTS   AGE
oss-sts-1  1/1     Running   0          11m

查看Pod使用的PVC。

kubectl describe pod oss-sts-1 |grep ClaimName

預期輸出：

ClaimName:  oss-pvc

查看當前PVC狀態。

kubectl get pvc

預期輸出：

NAME      STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   AGE
oss-pvc   Bound    oss-pv   5Gi        RWX                           7m23s

步驟二：建立CSI類型OSS靜態儲存的PVC和PV

方式一：通過Flexvolume2CSI命令列工具轉換

將Flexvolume類型的PVC和PV轉換為CSI類型的PVC和PV。具體操作，請參見使用FlexVolume2CSI命令列工具批量轉換YAML。
建立CSI類型OSS靜態儲存的PVC和PV對象。
其中，oss-pv-pvc-csi.yaml檔案為通過Flexvolume2CSI命令列工具轉換得到的CSI類型的PVC和PV的YAML檔案。
```
kubectl apply -f oss-pv-pvc-csi.yaml
```

查看當前PVC狀態。

kubectl get pvc

預期輸出：

NAME         STATUS   VOLUME       CAPACITY   ACCESS MODES   STORAGECLASS   AGE
oss-pvc-csi   Bound    oss-pv-csi   5Gi        RWO                           7m15s
oss-pvc       Bound    oss-pv       5Gi        RWX                           52m

方式二：通過手動儲存Flexvolume類型PVC和PV並修改儲存驅動的方式轉換

儲存Flexvolume類型的PVC和PV模板。

儲存Flexvolume類型的PVC對象。

kubectl get pvc oss-pvc -oyaml > oss-pvc-flexvolume.yaml
cat oss-pvc-flexvolume.yaml

預期輸出：

apiVersion: v1
kind: PersistentVolumeClaim
  name: oss-pvc
  namespace: default
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  volumeMode: Filesystem
  volumeName: oss-pv

儲存Flexvolume類型的PV對象。

kubectl get pv oss-pv -oyaml > oss-pv-flexvolume.yaml
cat oss-pv-flexvolume.yaml

預期輸出：

apiVersion: v1
kind: PersistentVolume
metadata:
  name: oss-pv
spec:
  accessModes:
  - ReadWriteMany
  capacity:
    storage: 5Gi
  claimRef:
    apiVersion: v1
    kind: PersistentVolumeClaim
    name: oss-pvc
    namespace: default
  flexVolume:
    driver: alicloud/oss
    nodePublishSecretRef:
      name: oss-secret
      namespace: default
    options:
      bucket: xxx
      otherOpts: -o max_stat_cache_size=0 -o allow_other
      url: xxx.aliyuncs.com
  persistentVolumeReclaimPolicy: Retain
  volumeMode: Filesystem

建立CSI類型OSS靜態儲存的PVC和PV。

使用以下YAML內容，建立CSI類型OSS靜態儲存的oss-pv-pvc-csi.yaml檔案。

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: oss-pvc-csi
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      alicloud-pvname: oss-pv-csi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: oss-pv-csi
  labels:
    alicloud-pvname: oss-pv-csi
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  csi:
    driver: ossplugin.csi.alibabacloud.com
    volumeHandle: oss-pv-csi
    nodePublishSecretRef:
      name: oss-secret
      namespace: default
    volumeAttributes:
      bucket: "***"
      url: "***.aliyuncs.com"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"

建立CSI類型OSS靜態儲存的PVC和PV對象。
```
kubectl apply -f oss-pv-pvc-csi.yaml
```

查看當前PVC狀態。

kubectl get pvc

預期輸出：

NAME         STATUS   VOLUME       CAPACITY   ACCESS MODES   STORAGECLASS   AGE
oss-pvc-csi   Bound    oss-pv-csi   5Gi        RWO                           7m15s
oss-pvc       Bound    oss-pv       5Gi        RWX                           52m

步驟三：更新應用關聯的PVC

執行以下命令，編輯應用設定檔。
```
kubectl edit sts oss-sts
```

修改PVC配置內容，將資料卷配置改為CSI類型的PVC。

      volumes:
      - name: oss
        persistentVolumeClaim:
          claimName: oss-pvc-csi

執行以下命令，查看Pod是否重啟成功。

kubectl get pod

預期輸出：

NAME       READY   STATUS    RESTARTS   AGE
oss-sts-1  1/1     Running   0          70s

執行以下命令，查看掛載資訊。

kubectl exec oss-sts-1 -- mount |grep ossfs

預期輸出：

# 查看掛載資訊。
***:/ on /var/lib/kubelet/pods/ac02ea3f-125f-4b38-9bcf-9b117f62eaf0/volumes/kubernetes.io~csi/oss-pv-csi/mount type ossfs (rw,relatime,max_stat_cache_size=0,allow_other)

存在以上預期輸出，表示Pod遷移成功。

步驟四：卸載Flexvolume外掛程式

登入OpenAPI平台，調用UnInstallClusterAddons卸載Flexvolume外掛程式。
- ClusterId：您的叢集ID。您可以通過叢集的基本資料頁面，查看叢集ID。
- name：Flexvolume。
具體操作，請參見卸載叢集組件。

刪除alicloud-disk-controller和alicloud-nas-controller。

kubectl delete deploy -n kube-system alicloud-disk-controller alicloud-nas-controller

檢查叢集中Flexvolume外掛程式是否卸載完成。
```
kubectl get pods -n kube-system | grep 'flexvolume\|alicloud-disk-controller\|alicloud-nas-controller'
```
輸出為空白，說明叢集中Flexvolume外掛程式已卸載完成。

刪除叢集中Flexvolume類型的StorageClass，Flexvolume類型的StorageClass PROVISIONER類型為alicloud/disk。

kubectl delete storageclass alicloud-disk-available alicloud-disk-efficiency alicloud-disk-essd alicloud-disk-ssd

預期輸出：

storageclass.storage.k8s.io "alicloud-disk-available" deleted
storageclass.storage.k8s.io "alicloud-disk-efficiency" deleted
storageclass.storage.k8s.io "alicloud-disk-essd" deleted
storageclass.storage.k8s.io "alicloud-disk-ssd" deleted

存在以上輸出，說明StorageClass刪除成功。

步驟五：使用OpenAPI安裝CSI外掛程式

登入OpenAPI平台，調用InstallClusterAddons安裝CSI外掛程式。
- ClusterId：您的叢集ID。
- name：csi-provisioner。
- version：最新CSI外掛程式版本。關於CSI版本資訊，請參見csi-provisioner。
具體操作，請參見安裝叢集組件。

檢查叢集中CSI外掛程式是否正常運行。

kubectl get pods -n kube-system | grep csi

預期輸出：

csi-plugin-577mm                              4/4     Running   0          3d20h
csi-plugin-k9mzt                              4/4     Running   0          41d
csi-provisioner-6b58f46989-8wwl5              9/9     Running   0          41d
csi-provisioner-6b58f46989-qzh8l              9/9     Running   0          6d20h

存在以上預期輸出，說明叢集中CSI外掛程式正常運行。

步驟六：修改現有節點配置

執行以下YAML內容，修改Kubelet參數以匹配CSI外掛程式的運行要求。該DaemonSet會將現有節點的kubelet參數--enable-controller-attach-detach修改為true，操作完成後，可以刪除該DaemonSet。

重要

執行以下YAML檔案時，會重啟kubelet，請評估對現有應用的影響。

kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: kubelet-set
spec:
  selector:
    matchLabels:
      app: kubelet-set
  template:
    metadata:
      labels:
        app: kubelet-set
    spec:
      tolerations:
        - operator: "Exists"
      hostNetwork: true
      hostPID: true
      containers:
        - name: kubelet-set
          securityContext:
            privileged: true
            capabilities:
              add: ["SYS_ADMIN"]
            allowPrivilegeEscalation: true
          image: registry.cn-hangzhou.aliyuncs.com/acs/csi-plugin:v1.26.5-56d1e30-aliyun
          imagePullPolicy: "Always"
          env:
          - name: enableADController
            value: "true"
          command: ["sh", "-c"]
          args:
          - echo "Starting kubelet flag set to $enableADController";
            ifFlagTrueNum=`cat /host/etc/systemd/system/kubelet.service.d/10-kubeadm.conf | grep enable-controller-attach-detach=$enableADController | grep -v grep | wc -l`;
            echo "ifFlagTrueNum is $ifFlagTrueNum";
            if [ "$ifFlagTrueNum" = "0" ]; then
                curValue="true";
                if [ "$enableADController" = "true" ]; then
                    curValue="false";
                fi;
                sed -i "s/enable-controller-attach-detach=$curValue/enable-controller-attach-detach=$enableADController/" /host/etc/systemd/system/kubelet.service.d/10-kubeadm.conf;
                restartKubelet="true";
                echo "current value is $curValue, change to expect "$enableADController;
            fi;
            if [ "$restartKubelet" = "true" ]; then
                /nsenter --mount=/proc/1/ns/mnt systemctl daemon-reload;
                /nsenter --mount=/proc/1/ns/mnt service kubelet restart;
                echo "restart kubelet";
            fi;
            while true;
            do
                sleep 5;
            done;
          volumeMounts:
          - name: etc
            mountPath: /host/etc
      volumes:
        - name: etc
          hostPath:
            path: /etc