File Storage NAS volumes are ideal for scenarios such as big data analytics, data sharing, web applications, and log persistence. In addition to using static persistent volumes, you can create a persistent volume claim (PVC) and configure a StorageClass to dynamically allocate storage resources. This allows the system to automatically provision a persistent volume (PV), which eliminates the need to manually create and configure storage resources in advance. You can mount a dynamically provisioned NAS volume using the subpath, sharepath, or filesystem method.
Prerequisites
The CSI plug-in is installed in the cluster. If an upgrade is required, refer to Upgrade csi-plugin and csi-provisioner.
NoteIf your cluster uses FlexVolume, upgrade to CSI, because FlexVolume is deprecated. For details, see Upgrade from FlexVolume to CSI. To verify your storage component type, go to the Add-ons page, and click the Storage tab.
The File Storage NAS service is activated.
If you are using File Storage NAS for the first time, follow the on-screen instructions on the File Storage NAS product page to activate the service.
Limits
Mounting NAS file systems that use the SMB protocol is not supported.
NAS file systems can be mounted only to pods within the same VPC. Cross-VPC mounting is not supported.
NoteWithin the same VPC, NAS volumes can be mounted across different zones.
General-purpose NAS and Extreme NAS file systems have different constraints on connectivity, the number of file systems, and protocol types. For more information, see Limits.
Usage notes
NAS is a shared storage service. A single NAS volume can be mounted to multiple pods. If multiple pods write data simultaneously, applications must independently ensure data consistency.
For more information about the limits on concurrent writes to NAS, see How do I prevent exceptions that may occur when multiple processes or clients concurrently write data to a log file? and How do I resolve the latency in writing data to an NFS file system?
If your application template includes the
securityContext.fsgroupparameter, kubelet performschmodorchownoperations after mounting, which can increase mount time.Avoid this setting to reduce latency. For more details, see Extended mount times for NAS volumes.
Do not delete the NAS mount target after mounting. Doing so may cause the system to become unresponsive.
Mounting methods
The volumeAs parameter in a StorageClass defines the relationship between a PV and a NAS file system or its subdirectory. You can select a mounting method based on your requirements.
Mounting method | Description | Use cases |
Creates a subdirectory-type PV, where each PV corresponds to a unique subdirectory within the same NAS file system. |
| |
Creates PVs that all point to the same shared directory specified in the StorageClass. No new subdirectories are created per PV. | Multiple pods across different namespaces need to mount the same NAS subdirectory. | |
Mount using the filesystem method (Not recommended) | Automatically creates a NAS file system for each PV. One PV corresponds to an entire NAS file system. | A separate NAS file system is used that is dynamically created and deleted along with its mount targets. |
Mount using the subpath method
The subpath method requires CSI component version 1.31.4 or later. To upgrade the component, see Upgrade CSI components.
Step 1: Get NAS file system and mount target information
Log on to the NAS console. In the navigation pane on the left, choose .
Create a NAS file system and a mount target.
Only NAS file systems that use the NFS protocol can be mounted. The mount target and cluster nodes must be in the same VPC.
If you have an existing NAS file system, make sure that it meets the requirements.
If you do not have an available NAS file system, create a NAS file system and a mount target that meet the requirements. For more information, see Create a file system and Manage mount targets.
Obtain the mount target information.
Click the file system ID. In the navigation pane on the left, click Mount and Use.
In the Mount Target section, confirm that the status of the mount target is Available and then obtain the mount target address.
Step 2: Create a StorageClass
kubectl
Modify the following YAML content and save it as alicloud-nas-subpath.yaml.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: alicloud-nas-subpath mountOptions: - nolock,tcp,noresvport - vers=3 parameters: volumeAs: subpath server: "0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com:/k8s" archiveOnDelete: "true" provisioner: nasplugin.csi.alibabacloud.com reclaimPolicy: Retain allowVolumeExpansion: trueParameter
Description
mountOptionsThe mount options for the NAS volume, including the NFS protocol version. By default, the NFSv3 protocol is used for mounting. You can specify the protocol version, for example,
vers=4.0. For more information about the NFS protocols supported by different NAS types, see NFS protocol.parametersvolumeAsThe mount method. In this example, the value is set to
subpathto create a subdirectory-type PV. One PV corresponds to one subdirectory in a NAS file system.serverThe address of the mount target and the subdirectory of the NAS file system to mount. The format is
<NAS mount target address>:<mount directory>. If you do not specify a subdirectory, the root directory/is mounted by default.archiveOnDeleteSpecifies whether to delete the backend storage data when
reclaimPolicyis set toDelete. This parameter is added for confirmation because NAS is a shared storage service.true(default): The directory or file is retained and is renamed toarchived-{pvName}.{timestamp}.false: The backend storage resource is permanently deleted.
NoteFor high-traffic workloads, setting this parameter to false is not recommended. For more information, see The task queue of the controller is full and no new PVs can be created when you use a dynamically provisioned NAS volume.
To completely delete the backend storage data, you must set
parameters.archiveOnDeletetofalseusing kubectl.
provisionerThe driver type. The value must be set to
nasplugin.csi.alibabacloud.com, which indicates that the Alibaba Cloud NAS CSI plug-in is used.reclaimPolicyThe PV reclaim policy. The default value is
Delete.Retainis also supported.Delete: This value must be used witharchiveOnDelete.When
archiveOnDeleteistrue, the files in the NAS file system are renamed but not deleted when the PVC is deleted.When
archiveOnDeleteisfalse, the files in the NAS file system are deleted when the PVC is deleted.ImportantThe subpath directory and its files in the NAS file system will be deleted. The NAS file system itself is retained. To delete the NAS file system, see Delete a file system.
Retain: When the PVC is deleted, the PV and the files in the NAS file system are retained. You must manually delete them.
If data security is a high priority, we recommend that you set this parameter to
Retainto prevent accidental data loss.allowVolumeExpansionThis parameter is supported only for General-purpose NAS file systems. If you enable this parameter, a directory quota is configured for the PV that is dynamically created by the StorageClass to limit the available capacity. You can also update the PVC to expand the volume capacity. For more information, see Set directory quotas for dynamically provisioned NAS volumes.
NoteThe NAS quota takes effect asynchronously. After a PV is dynamically created, the directory quota may not take effect immediately. If you write a large amount of data in a short period, the storage usage may exceed the capacity limit. For more information about NAS directory quotas, see Directory quotas.
Create the StorageClass.
kubectl create -f alicloud-nas-subpath.yaml
Console
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of the target cluster. In the navigation pane on the left, choose .
On the StorageClasses page, click Create.
In the Create dialog box, configure the StorageClass parameters and click Create.
The following are the main configuration items.
Configuration item
Description
Example value
Name
The name of the StorageClass. For more information about the format requirements, see the instructions in the console.
alicloud-nas-subpath
Persistent Volume Type
Select NAS.
NAS
Select Mount Target
The address of the NAS file system's mount target.
0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com
Volume Mode
The access mode of the volume. In this example, select Subdirectory to use the subpath method. A unique subdirectory is automatically created under the mount path for each PV. Data is stored at
<NAS mount target>:<mount path>/<pv-name>/.NoteThe Subdirectory mode requires CSI component version 1.31.4 or later. Otherwise, the system defaults to Shared Directory mode.
Subdirectory
Mount Path
The subdirectory on the NAS file system to mount.
If not set, the root directory is mounted by default.
If the specified directory does not exist, it will be automatically created and then mounted.
NoteThe root directory is
/for a General-purpose NAS file system and/sharefor an Extreme NAS file system. When you mount a subdirectory on an Extreme NAS file system, thepathmust start with/share, such as/share/data./k8s
Reclaim Policy
The reclaim policy for the PV. We recommend that you select Retain to prevent accidental data loss.
Delete: This parameter must be configured with
archiveOnDelete. In the console, selecting Delete does not take effect. This means that the PV and the data on the NAS volume are not deleted when you delete the PVC. This is because the underlyingarchiveOnDeleteparameter cannot be configured through the UI. To configurearchiveOnDelete, create the PV using a YAML manifest. For a YAML template, see the kubectl tab.Retain: When the PVC is deleted, the PV and the data on the NAS volume are not deleted. You must manually delete them.
Retain
Mount Options
The mount options for the NAS volume, including the NFS protocol version. By default, the NFSv3 protocol is used for mounting. You can specify the protocol version, for example,
vers=4.0. For more information about the NFS protocols supported by different NAS types, see NFS protocol.Keep the default value
After the StorageClass is created, you can view it in the StorageClasses list.
Step 3: Create a PVC
kubectl
Modify the YAML content and save it as nas-pvc.yaml.
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nas-csi-pvc spec: accessModes: - ReadWriteMany storageClassName: alicloud-nas-subpath resources: requests: storage: 20GiParameter
Description
accessModesThe access mode for the volume. The default value is
ReadWriteMany.ReadWriteOnceandReadOnlyManyare also supported.storageClassNameThe name of the StorageClass to bind.
storageThe capacity of the volume that you want to request.
ImportantBy default, the actual available capacity of a NAS volume is not limited by this configuration. The capacity is determined by the specifications of the NAS file system. For more information, see General-purpose NAS and Extreme NAS.
If you use a General-purpose NAS file system and set
allowVolumeExpansionof the StorageClass totrue, the CSI component sets a directory quota based on this configuration to limit the available capacity of the NAS volume.
Create the PVC.
kubectl create -f nas-pvc.yamlView the PV.
kubectl get pvcThe output shows that the CSI component automatically created a PV based on the StorageClass and bound the PV to the PVC.
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS VOLUMEATTRIBUTESCLASS REASON AGE nas-a7540d97-0f53-4e05-b7d9-557309****** 20Gi RWX Retain Bound default/nas-csi-pvc alicloud-nas-subpath <unset> 5m
Console
In the left-side navigation pane of the details page, choose .
On the Persistent Volume Claims page, click Create.
In the Create PVC dialog box, configure the parameters and click Create.
Configuration item
Description
Example value
PVC Type
Select NAS.
NAS
Name
The name of the PVC. The name must be unique within the namespace.
pvc-nas
Allocation Mode
In this example, select Use StorageClass.
Use StorageClass
Existing StorageClass
Click Select StorageClass and select the StorageClass that you created in the preceding step.
alicloud-nas-subpath
Capacity
The capacity of the volume. This setting does not limit the maximum capacity that the application can use.
ImportantBy default, the actual available capacity of a NAS volume is not limited by this configuration. The capacity is determined by the specifications of the NAS file system. For more information, see General-purpose NAS and Extreme NAS.
If you use a General-purpose NAS file system and set
allowVolumeExpansionof the StorageClass totrue, the CSI component sets a directory quota based on this configuration to limit the available capacity of the NAS volume.
20Gi
Access Mode
The default value is ReadWriteMany. You can also select ReadWriteOnce or ReadOnlyMany.
ReadWriteMany
Step 4: Create an application and mount the NAS volume
kubectl
Create two deployments and mount the same PVC to them. This allows them to share the same subdirectory in the same NAS file system.
To mount different subdirectories of the same NAS file system to multiple pods, create different StorageClasses and PVCs for the subdirectories and mount the PVCs to the pods.
Modify the following YAML content and save the files as nginx-1.yaml and nginx-2.yaml.
The following YAML templates show that the configurations in nginx-1.yaml and nginx-2.yaml are the same, except for the
metadata.namevalue. The two applications are bound to the same PVC.nginx-1.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test-1 labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" # The path where the NAS volume is mounted in the container. volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvc # Bind the PVC.nginx-2.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test-2 labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" # The path where the NAS volume is mounted in the container. volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvc # Bind the PVC.Create the two deployments.
kubectl create -f nginx-1.yaml -f nginx-2.yamlView pod information.
kubectl get pod -l app=nginxThe output indicates that the same subdirectory of the same NAS file system is mounted to different applications.
NAME READY STATUS RESTARTS AGE nas-test-1-b75d5b6bc-vqwq9 1/1 Running 0 51s nas-test-2-b75d5b6bc-8k9vx 1/1 Running 0 44s
Console
Repeat the following steps to create two deployments that mount the same PVC. This enables them to share a single subdirectory within the NAS file system.
In the navigation pane on the left of the cluster details page, go to .
On the Deployments page, click Create From Image.
Configure the parameters to create the application.
The following table describes the key parameters. You can keep the default settings for other parameters. For more information, see Create a stateless workload (Deployment).
Configuration item
Parameter
Description
Example
Basic Information
Name
Enter a custom name for the deployment. The name must meet the format requirements displayed in the console.
deployment-nas-1
Number of Replicas
The number of deployment replicas.
1
Container Configuration
Image Name
The address of the image used to deploy the application.
anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
Required Resources
The required vCPU and memory resources.
0.25 vCPU, 512 MiB
Volume
Click Add PVC and configure the parameters.
Mount Source: Select the PVC that you created.
Container Path: Specify the container path to which you want to mount the NAS file system.
Mount Source: pvc-nas
Container Path: /data
View the application deployment status.
On the Stateless page, click the application name.
On the Pods tab, confirm that the pod is in the Running state.
Mount using the sharepath method
Step 1: Get NAS file system and mount target information
Log on to the NAS console. In the navigation pane on the left, choose .
Create a NAS file system and a mount target.
Only NAS file systems that use the NFS protocol can be mounted. The mount target and cluster nodes must be in the same VPC.
If you have an existing NAS file system, make sure that it meets the requirements.
If you do not have an available NAS file system, create a NAS file system and a mount target that meet the requirements. For more information, see Create a file system and Manage mount targets.
Obtain the mount target information.
Click the file system ID. In the navigation pane on the left, click Mount and Use.
In the Mount Target section, confirm that the status of the mount target is Available and then obtain the mount target address.
Step 2: Create a StorageClass
kubectl
Save the following content to the alicloud-nas-sharepath.yaml file and modify the parameters as needed.
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: alicloud-nas-sharepath mountOptions: - nolock,tcp,noresvport - vers=3 parameters: volumeAs: sharepath server: "0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com:/sharepath" provisioner: nasplugin.csi.alibabacloud.com reclaimPolicy: RetainParameter
Description
mountOptionsThe mount options for the NAS volume, including the NFS protocol version. By default, the NFSv3 protocol is used for mounting. You can specify the protocol version, for example,
vers=4.0. For more information about the NFS protocols supported by different NAS types, see NFS protocol.parametersvolumeAsThe mount method. In this example, the value is set to
sharepath, which indicates that when a PV is created, no actual directory is created. Instead, the path specified in the StorageClass is used. This means that each PV maps to the same NAS directory.serverThe mount target address and the subdirectory of the NAS file system to be mounted. The format is
<NAS mount target address>:<mount directory>.If you do not specify a subdirectory, the root directory
/is mounted by default.If the directory does not exist in the NAS file system, it is automatically created and then mounted.
The root directory of a General-purpose NAS file system is
/, and the root directory of an Extreme NAS file system is/share. When you mount a subdirectory of an Extreme NAS file system, thepathmust start with/share, such as/share/data.provisionerThe driver type. The value must be set to
nasplugin.csi.alibabacloud.com, which indicates that the Alibaba Cloud NAS CSI plug-in is used.reclaimPolicyThe PV reclaim policy. When you use the sharepath method, you must set this parameter to
Retain.Create the StorageClass.
kubectl create -f alicloud-nas-sharepath.yaml
Console
Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, click the name of the target cluster. In the navigation pane on the left, choose .
On the StorageClasses page, click Create.
In the Create dialog box, configure the StorageClass parameters and click Create.
The main configuration items are described below.
Configuration item
Description
Example value
Name
The name of the StorageClass. For more information about the format requirements, see the instructions in the console.
alicloud-nas-sharepath
PV Type
Select NAS.
NAS
Select Mount Target
The address of the NAS file system's mount target.
0cd8b4a576-g****.cn-hangzhou.nas.aliyuncs.com
Volume Mode
The access mode of the volume. In this example, select Shared Directory to use the sharepath method. When a PV is created, no actual directory is created. Instead, the path specified in the StorageClass is used. This means that each PV maps to the same NAS directory. This method is ideal for scenarios where you need to share a directory across namespaces.
Shared Directory
Mount Path
The subdirectory on the NAS file system to mount.
If not set, the root directory is mounted by default.
If the specified directory does not exist, it will be automatically created and then mounted.
NoteThe root directory is
/for a General-purpose NAS file system and/sharefor an Extreme NAS file system. When you mount a subdirectory on an Extreme NAS file system, thepathmust start with/share, such as/share/data./sharepath
Reclaim Policy
When you use the sharepath method, you must set this parameter to
Retain.Retain
Mount Options
The mount options for the NAS volume, including the NFS protocol version. By default, the NFSv3 protocol is used for mounting. You can specify the protocol version, for example,
vers=4.0. For more information about the NFS protocols supported by different NAS types, see NFS protocol.Keep the default value
After the StorageClass is created, you can view it in the StorageClasses list.
Step 3: Create a PVC
The following example shows how to create PVCs in two different namespaces.
kubectl
To mount a NAS volume to pods in different namespaces, first create two namespaces.
Create the ns1 and ns2 namespaces.
kubectl create ns ns1 kubectl create ns ns2Modify the following YAML content and save it as pvc.yaml.
kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nas-csi-pvc namespace: ns1 spec: accessModes: - ReadWriteMany storageClassName: alicloud-nas-sharepath resources: requests: storage: 20Gi --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: nas-csi-pvc namespace: ns2 spec: accessModes: - ReadWriteMany storageClassName: alicloud-nas-sharepath resources: requests: storage: 20GiParameter
Description
accessModesThe access mode for the volume. The default value is
ReadWriteMany.ReadWriteOnceandReadOnlyManyare also supported.storageClassNameThe name of the StorageClass to bind.
storageThe capacity of the volume that you want to request.
ImportantBy default, the actual available capacity of a NAS volume is not limited by this configuration. The capacity is determined by the specifications of the NAS file system. For more information, see General-purpose NAS and Extreme NAS.
If you use a General-purpose NAS file system and set
allowVolumeExpansionof the StorageClass totrue, the CSI component sets a directory quota based on this configuration to limit the available capacity of the NAS volume.
Create the PVCs.
kubectl create -f pvc.yamlView the PVs.
kubectl get pvThe output shows that the CSI component automatically created two PVs based on the StorageClass and bound them to the two PVCs in different namespaces.
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS VOLUMEATTRIBUTESCLASS REASON AGE nas-0b448885-6226-4d22-8a5b-d0768c****** 20Gi RWX Retain Bound ns1/nas-csi-pvc alicloud-nas-sharepath <unset> 74s nas-bcd21c93-8219-4a11-986b-fd934a****** 20Gi RWX Retain Bound ns2/nas-csi-pvc alicloud-nas-sharepath <unset> 74s
Console
Create the ns1 and ns2 namespaces. For more information, see Create a namespace.
In the left-side navigation pane of the details page, choose .
Create a persistent volume claim (PVC) in the ns namespace.
On the Persistent Volume Claims page, set Namespace to ns1 and click Create.
In the Create PVC dialog box, configure the parameters and click Create.
Configuration item
Description
Example value
PVC Type
Select NAS.
NAS
Name
The name of the PVC. The name must be unique within the namespace.
pvc-nas
Allocation Mode
In this example, select Use StorageClass.
Dynamic provisioning with a StorageClass
Existing StorageClass
Click Select StorageClass and select the StorageClass that you created.
alicloud-nas-sharepath
Capacity
The capacity of the volume.
20Gi
Access Mode
The default value is ReadWriteMany. You can also select ReadWriteOnce or ReadOnlyMany.
ReadWriteMany
Repeat the preceding step to create another PVC in the ns2 namespace.
Return to the Persistent Volume Claims page. In the ns1 and ns2 namespaces, make sure that the two PVCs are bound to the automatically created PVs.
Step 4: Create an application and mount the NAS volume
Create applications in two different namespaces and mount the PVCs in the corresponding namespaces. The applications will share the NAS directory defined in the StorageClass.
kubectl
Modify the following YAML content and save the files as nginx-ns1.yaml and nginx-ns2.yaml.
The following YAML templates show that the configurations in nginx-ns1.yaml and nginx-ns2.yaml are the same, except for the
metadata.namespacevalue. The two applications are bound to the PVC in their respective namespaces.nginx-ns1.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test namespace: ns1 spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvcnginx-ns2.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: nas-test namespace: ns2 spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6 ports: - containerPort: 80 volumeMounts: - name: nas-pvc mountPath: "/data" volumes: - name: nas-pvc persistentVolumeClaim: claimName: nas-csi-pvcCreate the two deployments.
kubectl create -f nginx-ns1.yaml -f nginx-ns2.yamlView pod information.
kubectl get pod -A -l app=nginxThe output indicates that the same subdirectory of the same NAS file system is mounted to pods in different namespaces.
NAMESPACE NAME READY STATUS RESTARTS AGE ns1 nas-test-b75d5b6bc-ljvfd 1/1 Running 0 2m19s ns2 nas-test-b75d5b6bc-666hn 1/1 Running 0 2m11s
Console
In the navigation pane on the left of the cluster details page, go to .
Create a deployment in the ns1 namespace and mount the corresponding PVC.
Set Namespace to ns1 and click Create from Image.
Configure the parameters to create the application.
The following table describes the key parameters. You can keep the default settings for other parameters. For more information, see Create a stateless workload (Deployment).
Configuration item
Parameter
Description
Example
Basic Information
Name
Enter a custom name for the deployment. The name must meet the format requirements displayed in the console.
nginx
Replicas
The number of deployment replicas.
2
Container Configuration
Image Name
The address of the image used to deploy the application.
anolis-registry.cn-zhangjiakou.cr.aliyuncs.com/openanolis/nginx:1.14.1-8.6
Required Resources
The required vCPU and memory resources.
0.25 vCPU, 512 MiB
Volume
Click Add PVC and configure the parameters.
Mount Source: Select the PVC that you created.
Container Path: Specify the container path to which you want to mount the NAS file system.
Mount Source: pvc-nas
Container Path: /data
Repeat the preceding step to create another deployment in the ns2 namespace and mount the corresponding PVC.
Return to the Stateless page and check the status of the two Deployments in the ns1 and ns2 namespaces to confirm that the Pods are running and have the corresponding PVCs attached.
Mount using the filesystem method
If your application needs to dynamically create and delete NAS file systems and mount targets, use the filesystem method to mount a NAS volume. When you use the filesystem method, each PV corresponds to a new NAS file system and mount target.
By default, when a filesystem-type dynamically provisioned PV is deleted, the corresponding NAS file system and mount target are retained. To automatically delete the file system and mount target when the PV is deleted, you must set reclaimPolicy to Delete and deleteVolume to true in the StorageClass.
Step 1: Set and grant RAM permissions (Required for ACK dedicated clusters only)
Filesystem-type NAS volumes involve the dynamic creation and deletion of NAS file systems and mount targets. Therefore, you must grant the required permissions to the csi-provisioner component for an ACK dedicated cluster.
The following code block shows the minimum set of permissions that are required by the RAM policy.
{
"Action": [
"nas:DescribeMountTargets",
"nas:CreateMountTarget",
"nas:DeleteFileSystem",
"nas:DeleteMountTarget",
"nas:CreateFileSystem"
],
"Resource": [
"*"
],
"Effect": "Allow"
}You can grant the permissions in one of the following ways:
Edit the custom policy of the Master RAM role for the ACK dedicated cluster to add the NAS-related permissions. For more information, see Modify the document and description of a custom policy.
Create a RAM user, grant the RAM policy, generate an AccessKey, and add the AccessKey to the
envvariable of the csi-provisioner.env: - name: CSI_ENDPOINT value: unix://socketDir/csi.sock - name: ACCESS_KEY_ID value: "" - name: ACCESS_KEY_SECRET value: ""
Step 2: Create a StorageClass
Step 3: Create a PVC
Step 4: Create an application and mount the NAS volume
Verify the shared and persistent storage of NAS
The pods created in the preceding examples mount the same NAS file system. You can perform the following operations to verify the storage:
Create a file in one pod and then view the file from another pod to verify shared storage.
Recreate the deployment and check whether the data in the file system still exists in the newly created pod to verify persistent storage.
View the pod information.
kubectl get pod | grep nas-testSample result:
nas-test-*****a 1/1 Running 0 40s nas-test-*****b 1/1 Running 0 40sVerify shared storage.
Create a file in a pod.
In this example, the
nas-test-*****apod is used:kubectl exec nas-test-*****a -- touch /data/test.txtView the file from the other pod.
In this example, the
nas-test-*****bpod is used:kubectl exec nas-test-*****b -- ls /dataExpected output shows that the newly created file
test.txtis shared:test.txt
Verify persistent storage.
Recreate the Deployment.
kubectl rollout restart deploy nas-testWait until the pods are recreated.
kubectl get pod | grep nas-testSample result:
nas-test-*****c 1/1 Running 0 67s nas-test-*****d 1/1 Running 0 49sLog on to a recreated pod and check whether the file still exists in the file system.
In this example, the
nas-test-*****cpod is used:kubectl exec nas-test-*****c -- ls /dataThe following output shows that the file still exists in the NAS file system and can be accessed from the mount directory in the recreated pod.
test.txt
FAQs
If you encounter issues when mounting or using NAS volumes, refer to:
References
You can use Container Network File System (CNFS) to independently manage NAS file systems and to enhance their performance and Quality of Service (QoS) control. For more information, see Use CNFS to manage NAS file systems.
General-purpose NAS file systems mounted using the subpath method support the directory quota feature. You can set capacity limits for subdirectory PVs to improve resource utilization. For more information, see Set directory quotas for dynamically provisioned NAS volumes.