All Products
Search

This Product

    Container Service for Kubernetes:Mount a statically provisioned OSS volume

    Document Center

    Container Service for Kubernetes:Mount a statically provisioned OSS volume

    Last Updated:Jan 11, 2024

    This topic describes how to mount a statically provisioned Object Storage Service (OSS) volume by using a persistent volume (PV) and a persistent volume claim (PVC), and how to use a Secret with a PV.

    Precautions

    If the securityContext.fsgroup parameter is set in the application template, kubelet performs the chmod or chown operation after the volume is mounted, which increases the time consumption.

    Note

    For more information about how to speed up the mounting process when the securityContext.fsgroup parameter is set, see Why does it require a long time to mount an OSS volume?.

    Mount a statically provisioned OSS volume by using a PV and a PVC

    1. Create a PV.

      You can create a PV in the Container Service for Kubernetes (ACK) console or by using a YAML file.

      • Create a PV by using a YAML file.

        Use the following oss-pv.yaml file to create a PV: 

        apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-oss
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  storageClassName: oss
  flexVolume:
    driver: "alicloud/oss"
    options:
      bucket: "docker"
      url: "oss-cn-hangzhou.aliyuncs.com"
      path: "/path"
      akId: "LTAI4G6E3whAAKnzdRPx****"
      akSecret: "uRJeIi0cbahgWOhxncpp54wR5b****"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"

      • Create a PV in the ACK console

        1. Log on to the ACK console.

        2. In the left-side navigation pane of the ACK console, click Clusters.

        3. On the Clusters page, find the cluster that you want to manage. Then, click the name of the cluster or click Details in the Actions column.

        4. In the left-side navigation pane of the cluster details page, choose Volumes > Persistent Volumes.

        5. Click the Persistent Volumes tab and click Create.

        6. In the Create PV dialog box, set the required parameters.

          Parameter

          Description

          PV Type

          In this example, OSS is selected.

          Volume Name

          The name of the PV that you want to create. The name must be unique in the cluster. In this example, pv-oss is entered.

          Volume Plug-in

          In this example, Flexvolume is selected.

          Capacity

          The capacity of the PV that you want to create.

          Access Mode

          Default value: ReadWriteMany.

          Access Certificate

          Select a Secret that is used to access the OSS bucket.

          • Select Existing Secret: Select a namespace and a Secret.

          • Create Secret: Set Namespace, Name, AccessKey ID, and AccessKey Secret.

          Optional Parameters

          Enter custom parameters in the format of -o *** -o ***.

          Bucket ID

          The name of the OSS bucket that you want to mount. Click Select Bucket. In the dialog box that appears, select the OSS bucket that you want to mount and click Select.

          Endpoint

          Select Public Endpoint if the OSS bucket and the Elastic Compute Service (ECS) instances in the cluster are deployed in different regions. Select Internal Endpoint if the OSS bucket is deployed in a classic network.

          Label

          Add labels to the PV.

        7. Click Create.

    2. Create a PVC.

      Use the following oss-pvc.yaml file to create a PVC. 

      kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc-oss
spec:
  storageClassName: oss
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi

    3. Create a pod.

      Use the following oss-deploy.yaml file to create a pod. 

      apiVersion: apps/v1
kind: Deployment
metadata:
  name: oss-static
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
        volumeMounts:
          - name: pvc-oss
            mountPath: "/data"
        livenessProbe:
          exec:
            command:
            - sh
            - -c
            - cd /data
          initialDelaySeconds: 30
          periodSeconds: 30
        volumes:
        - name: pvc-oss
          persistentVolumeClaim:
            claimName: pvc-oss

    Use a Secret to provide AccessKey information

    1. Run the following command to create a Secret: 

      kubectl create secret generic osssecret --from-literal=akId='LTAI4G6E3whAAKnzdRPx****' --from-literal=akSecret='uRJeIi0cbahgWOhxncpp54wR5b****' --type=alicloud/oss -n default

      • osssecret: the name of the Secret.

      • akId: the AccessKey ID.

      • akSecret: the AccessKey secret.

      • type: Set this parameter to alicloud/oss. The Secret and the pod that uses the Secret must belong to the same namespace.

    2. Use the Secret in a PV.

      Specify the Secret in the secretRef field of the PV. 

      apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-oss
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  storageClassName: oss
  flexVolume:
    driver: "alicloud/oss"
    secretRef:
      name: "osssecret"
    options:
      bucket: "docker"
      url: "oss-cn-hangzhou.aliyuncs.com"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"