Mount a NAS file system to a sandboxed container - Container Service for Kubernetes

You can mount an File Storage NAS (NAS) file system to a sandboxed container to improve I/O performance. This topic describes how to mount a NAS file system to a sandboxed container and provides examples.

Prerequisites

A node pool that runs sandboxed containers is created. For more information, see Create a node pool that runs sandboxed containers.
The kubeconfig file of your cluster is obtained and a kubectl client is connected to your cluster. For more information, see Obtain the kubeconfig file of your cluster and use kubectl to connect to the cluster.

Background Information

virtio-fs is a shared file system. Container Service for Kubernetes (ACK) allows you to use virtio-fs to add volumes, Secrets, and ConfiMaps to the guest operating system of a VM. This directly mounts a NAS file system to a cluster. This method mounts the NAS file system to the host. Applications in the container can write data to and read data from the NAS file system only through virtio-fs. This may cause performance degradation.

Sandboxed containers allow you to directly mount NAS file systems. This method first unmounts NAS mount targets from the host. The NAS file system is mounted to the guest operating system. Then, the system creates a bind mount for the NAS file system. This way, applications in the container can directly write data to and read data from the NAS file system without performance degradation.

How it works

A NAS file system is mounted to a sandboxed container in the following process.

Step	Description
1	kubelet requests the CSI plug-in to mount a NAS file system.
2	The CSI plug-in mounts the NAS file system to the host.
3	kubelet requests Kangaroo-Runtime to create a pod.
4	Kangaroo-Runtime parses the unmounting information, passes the information to the guest operating system, and then unmounts the NAS file system from the host.
5	Kangaroo-Runtime requests the agent to create a pod.
6	The agent mounts the NAS file system to the guest operating system.
7	The agent creates a bind mount for the NAS file system that is mounted to the guest operating system.

Examples

The following example describes how to mount a NAS file system to a sandboxed container. In this example, an NAS file system is created and a YAML file template is used to create resource objects.

Create an NAS file system. For more information, see the Create a General-purpose NAS file system in the NAS console section of the ""Create a file system" topic.
Important
The NAS file system must be deployed in the same virtual private cloud (VPC) as the cluster.
Obtain the mount target of the NAS file system. The following figure shows that system-id.region.nas.aliyuncs.com in the Mount Command column is the mount target.
Note
file-system-id.region.nas.aliyuncs.com indicates the address of the mount target. To obtain the address of the mount target of an NAS file system, perform the following operations: Log on to the NAS console, find the NAS file system and click its name. In the left-side pane of the details page of the NAS file system, click Mount Targets. On the Mount Target tab, find the address of the mount target in the Mount Command column.

Use the following template to create resource objects:

View YAML content

cat <<EOF | kubectl create -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nas-pvc-csi
  namespace: default
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      alicloud-pvname: nas-pv-csi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  labels:
    alicloud-pvname: nas-pv-csi
  name: nas-pv-csi
spec:
  accessModes:
    - ReadWriteMany
  capacity:
    storage: 5Gi
  csi:
    driver: nasplugin.csi.alibabacloud.com
    volumeAttributes:
      options: noresvport,nolock
      path: /csi
      server: ${nas-server-address}
      vers: "3"
    volumeHandle: nas-pv-csi
  persistentVolumeReclaimPolicy: Retain
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deploy-nas-csi
spec:
  replicas: 2
  selector:
    matchLabels:
      app: busybox
  template:
    metadata:
      labels:
        app: busybox
      annotations:
        storage.alibabacloud.com/enable_nas_passthrough: "true"
    spec:
      runtimeClassName: runv
      containers:
        - name: busybox
          image: registry.cn-hangzhou.aliyuncs.com/acs/busybox:v1.29.2
          command: 
          - tail
          - -f
          - /dev/null
          volumeMounts:
            - name: nas-pvc
              mountPath: "/data"
      restartPolicy: Always
      volumes:
        - name: nas-pvc
          persistentVolumeClaim:
            claimName: nas-pvc-csi
EOF

Replace ${nas-server-address} in the template with the address of the mount target of the NAS file system.
```
server: ${nas-server-address}
```
By default, NAS file systems cannot be mounted to pods. You must add an annotation to the template to enable the NAS file systems to be mounted to pods.
```
annotations:
        storage.alibabacloud.com/enable_nas_passthrough: "true"
```

Run the following commands to query the ID of the pod and query the type of the file system that is mounted to the pod:
```
kubectl get pods
```
```
kubectl exec -it ${podid} sh
```
```
mount | grep /data | grep nfs
```
If results are returned, the NAS file system is mounted to the pod.