All Products
Search

This Product

    Container Service for Kubernetes:Mount a statically provisioned OSS volume

    Document Center

    Container Service for Kubernetes:Mount a statically provisioned OSS volume

    Last Updated:Feb 24, 2025

    This topic describes how to mount a statically provisioned Object Storage Service (OSS) volume by using a Secret.

    Usage notes

    If the securityContext.fsgroup parameter is configured in the application template, the kubelet performs the chmod or chown operation after the volume is mounted. This increases the mounting time.

    Note

    For more information about how to accelerate the mounting process when the securityContext.fsgroup parameter is configured, see Why does it require a long time to mount an OSS volume?

    Example

    1. Create a PV.

      You can create a persistent volume (PV) in the Container Service for Kubernetes (ACK) console or by using kubectl.

      kubectl

      When you create the PV, you can reference the Secret that stores an AccessKey pair of your Alibaba Cloud account.

      1. Run the following command to create the Secret:

        Replace <your AccessKey ID> and <your AccessKey Secret> in the following command with the actual AccessKey ID and AccessKey secret of your Alibaba Cloud account. To obtain the AccessKey pair of your Alibaba Cloud account, go to the ACK console, move your pointer over the user icon and click AccessKey. 

        kubectl create secret generic osssecret --from-literal=akId='<your AccessKey ID>' --from-literal=akSecret='<your AccessKey Secret>' --type=alicloud/oss -n default

        osssecret: the name of the Secret. You can specify a custom name.

        akId: the AccessKey ID.

        akSecret: the AccessKey secret.

        --type: the type of Secret. In this example, the value is set to alicloud/oss. The Secret and the pod that uses the Secret must belong to the same namespace.

      2. Use the following oss-pv.yaml file to create a PV: 

        apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-oss
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  storageClassName: oss
  flexVolume:
    driver: "alicloud/oss"
    secretRef:
      name: "osssecret"  # Replace the value with the name of the Secret you created in the preceding step. 
    options:
      bucket: "docker"
      url: "oss-cn-hangzhou.aliyuncs.com"
      path: "/path"  
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"

      ACK console

      1. Log on to the ACK console. In the left-side navigation pane, click Clusters.

      2. On the Clusters page, find the cluster that you want to manage and click its name. In the left-side pane, choose Volumes > Persistent Volumes.

      3. On the Persistent Volumes page, click Create. In the Create PV dialog box, set the parameters. After you set the parameters, click Create.

        Parameter

        Description

        PV Type

        In this example, OSS is selected.

        Volume Name

        The name of the PV you created. The name must be unique in the cluster. In this example, pv-oss is specified.

        Volume Plug-in

        In this example, FlexVolume is selected.

        Capacity

        The capacity of the PV that you created.

        Access Mode

        Default value: ReadWriteMany.

        Access Certificate

        Select a Secret that is used to access the OSS bucket.

        • Select Existing Secret: Select a namespace and a Secret.

        • Create Secret: Set Namespace, Name, AccessKey ID, and AccessKey Secret.

        Optional Parameters

        Enter custom parameters in the -o *** -o *** format.

        Bucket ID

        The name of the OSS bucket that you want to mount. Click Select Bucket. In the dialog box that appears, select the OSS bucket that you want to mount and click Select.

        Endpoint

        Select Public Endpoint if the OSS bucket and the Elastic Compute Service (ECS) instances in the cluster are deployed in different regions. Select Internal Endpoint if the OSS bucket is deployed in the classic network.

        Label

        Add labels to the PV.

    2. Create a persistent volume claim (PVC).

      Use the following oss-pvc.yaml file to create a PVC. 

      kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc-oss
spec:
  storageClassName: oss
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi

    3. Create a pod.

      Use the following oss-deploy.yaml file to create a pod. 

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: oss-static
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
        ports:
        - containerPort: 80
        volumeMounts:
          - name: pvc-oss
            mountPath: "/data"
        livenessProbe:
          exec:
            command:
            - sh
            - -c
            - cd /data
          initialDelaySeconds: 30
          periodSeconds: 30
      volumes:
      - name: pvc-oss
        persistentVolumeClaim:
          claimName: pvc-oss