You can use Object Storage Service (OSS) volumes in Container Service for Kubernetes (ACK) clusters. This topic describes the features, storage types, use scenarios, limits, and billing rules of OSS volumes.
Overview
Object Storage Service (OSS) is a secure, cost-effective, and high-persistence cloud storage service provided by Alibaba Cloud. OSS allows you to store large amounts of data in the cloud.
OSS provides rich security capabilities, including server-side encryption, client-side encryption, hotlink protection whitelists, fine-grained permission control, log auditing, and retention policies (WROM). OSS provides complete security protection for your data stored in Alibaba Cloud to meet your security and compliance requirements for your enterprise data.
Storage classes
Object Storage Service (OSS) provides the following storage classes: Standard, Infrequent Access (IA), Archive, and Cold Archive. These storage classes cover various data storage scenarios from hot data to cold data. For more information, see Overview of storage classes.
Use scenarios
To meet business requirements, you can perform the following operations on OSS volumes.
Business requirement | Reference |
Store application data |
|
Encrypt data stored in OSS volumes | Only server-side encryption is supported. For more information, see Server-side encryption. For more information, see Encrypt an OSS volume. |
Limits
OSS volumes mount objects to local paths through FUSE. Compared with local storage and ext4 block storage, OSS volumes have certain limits. You need to avoid random write or append operations and avoid directly perform compress or extract operations in the paths to which OSS volumes are mounted. Container Service for Kubernetes (ACK) is not responsible for any metadata or data inconsistency issues caused by write operations.
You can use the SDK or ossutil to perform write operations. To directly write data to OSS volumes, we recommend that you use ossfs 1.91 or later. For more information, see Introduction to ossfs 1.91 and later versions and stress testing.
Take note of the following items when you configure and use OSS volumes.
An OSS bucket can be shared by multiple pods.
The names of PVs used by each application must be unique.
To mount a subdirectory in an OSS bucket, we recommend that you set the path field of the PV instead of using subPath. If subPath or subPathExpr is used in your business, to avoid mounting errors caused by permission issues, we recommend that you read What do I do if a mounting error occurs when I use subPath or subPathExpr to mount an OSS volume?.
OSS volumes are FUSE file systems mounted by using ossfs.
OSS volumes are suitable for scenarios where you need to read objects. For example, use OSS volumes when you need to read configuration files, video files, or images. For more information about the limits, see ossfs limits.
OSS volumes are not suitable for scenarios where you need to write objects. We recommend that you use the SDK when you need to write objects. For more information about how to use the SDK to write objects, see Best practice for OSS read/write splitting. To directly write data to OSS volumes, we recommend that you use ossfs 1.91 or later. For more information, see Introduction to ossfs 1.91 and later versions and stress testing.
When you use a CSI version earlier than 1.28, ossfs runs as a process on each node. It supports the following node OSs: CentOS, Alibaba Cloud Linux, ContainerOS, and Anolis OS. If the OS of the nodes is not supported, update CSI to run ossfs.
You cannot perform the chmod or chown operation when OSS volumes are mounted to the root path. To perform these operations, modify the mp_umask setting. For more information, see How do I manage the permissions related to OSS volume mounting?.
ossfs limits
Random write or append operations generate new objects in the local environment and then upload the objects to the OSS server.
Due to remote access to the OSS server, the efficiency of metadata operations such as list directory is compromised.
File or folder rename operations are not atomic operations.
When multiple clients share the same OSS bucket, you need to coordinate the operations performed by different clients in case the clients write the same file at the same time.
Hard links are not supported.
When a CIS version earlier than 1.20.7 is used, only local changes are detected. External changes made by other clients or tools cannot be identified.
To avoid overloading the system, do not use ossfs in high-concurrency scenarios.
Billing
For more information about the billing and metering methods of OSS, see Billing overview.