Mount statically provisioned OSS volumes to persist data - Container Compute Service

If your applications need to store unstructured data, such as images, audio files, and video files, you can mount Object Storage Service (OSS) volumes to your applications as persistent volumes (PVs). This topic describes how to mount a statically provisioned OSS volume to an application and how to check whether the OSS volume can be used to share and persist data.

Background information

OSS is a secure, cost-effective, high-capacity, and highly-reliable cloud storage service provided by Alibaba Cloud. OSS is suitable for data that is not frequently modified and unstructured data, such as images, audio files, and video files. For more information, see Storage overview.

Note

Alibaba Cloud Container Compute Service (ACS) supports only statically provisioned OSS volumes. Dynamically provisioned OSS volumes are not supported by ACS.

Prerequisites

The latest version of managed-csiprovisioner is installed in your Alibaba Cloud Container Compute Service (ACS) cluster.

Note

Go to the ACS cluster management page in the ACS console. In the left-side navigation pane of the cluster management page, choose Operations > Add-ons. On the Storage tab, you can check whether managed-csiprovisioner is installed.

Usage notes

OSS is a shared storage service. You can mount an OSS bucket to multiple pods.
We recommend that you store no more than 1,000 files in the mount directory.
When you use ossfs to perform List operations, HTTP requests are sent to OSS to retrieve the metadata of the requested files. If the listed directory contains large numbers of files, ossfs occupies large amounts of system memory. As a result, out of memory (OOM) errors may occur in pods. To resolve this issue, you can divide the directory or mount a subdirectory in the OSS bucket.

Create an OSS bucket and obtain the bucket information

Create an OSS bucket.

Log on to the OSS console. In the left-side navigation pane, click Buckets.
Click Create Bucket.

In the Create Bucket panel, configure the parameters and click Create. Then, proceed to the subsequent steps.

The following table describes the parameters. For more information, see Create buckets.

Parameter	Description
Bucket Name	Specify a custom name for the OSS bucket. The name must be unique among all OSS buckets. You cannot change the name after you create the bucket. The name must follow the format requirements displayed in the console.
Region	We recommend that you select Specific Region. Then, select the region where your ACS cluster resides. This way, pods in your ACS clusters can access the bucket over the internal network.

Optional. If you want to mount a subdirectory in an OSS bucket, you must first create a subdirectory in the bucket.
1. On the Buckets page, click the name of the OSS bucket you created.
2. In the left-side navigation pane of the bucket details page, choose Object Management > Objects.
3. Click Create Directory to create a directory in the bucket.
Obtain the endpoint of the OSS bucket.
1. On the Buckets page, find the bucket that you want to use and click the bucket name.
2. On the bucket details page, click the Overview tab. In the Port section, copy an endpoint based on the following description:
  - If the bucket and your cluster are deployed in the same region, copy the internal endpoint.
  - If the bucket and your cluster are deployed in different regions, copy the public endpoint.
Obtain the AccessKey pair used to access the OSS bucket. For more information, see Obtain an AccessKey pair.
Note
If you want to mount an OSS bucket that belongs to another Alibaba Cloud account, you must obtain an AccessKey pair of the account.

Mount a statically provisioned OSS volume

kubectl

Step 1: Create a PV

Connect to your ACS cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster and Use kubectl on Cloud Shell to manage ACS clusters.

Create a file named oss-pv.yaml and copy the following content to the file:

apiVersion: v1
kind: Secret
metadata:
  name: oss-secret
  namespace: default
stringData:
  akId: <your AccessKey ID>
  akSecret: <your AccessKey Secret>
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: oss-pv
  labels:
    alicloud-pvname: oss-pv
spec:
  storageClassName: test 
  capacity:
    storage: 20Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  csi:
    driver: ossplugin.csi.alibabacloud.com
    volumeHandle: oss-pv
    nodePublishSecretRef:
      name: oss-secret
      namespace: default
    volumeAttributes:
      bucket: "<your OSS Bucket Name>"
      url: "<your OSS Bucket Endpoint>"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"

Note

The preceding file is used to create a Secret and a PV. Using Secrets to store AccessKey pairs provides a secure method to specify AccessKey pairs in PVs. Replace the value of akId with the AccessKey ID you obtained and the value of akSecret with the AccessKey secret you obtained.

The following table describes the parameters in the PV.

Parameter	Description
`alicloud-pvname`	The labels that you want to add to the PV. The label is used to select and bind a PVC to the PV.
`storageClassName`	This configuration is only used to bind a PVC to the PV. You do not need to associate a StorageClass with the PV.
`storage`	The capacity of the OSS volume. Note The capacity of a statically provisioned OSS volume is only for reference. The actual capacity is unlimited. To view the available capacity of OSS volumes, go to the OSS console.
`accessModes`	The access mode.
`persistentVolumeReclaimPolicy`	The reclaim policy.
`driver`	The type of the volume driver that is used to provision the volume. In this example, the parameter is set to `ossplugin.csi.alibabacloud.com`, which indicates that the Container Storage Interface (CSI) plug-in provided by Alibaba Cloud for OSS is used.
`volumeHandle`	The unique identifier of the PV. The value must be the same as the value of `metadata.name`.
`nodePublishSecretRef`	The Secret from which the AccessKey pair is retrieved for authorization.
`bucket`	The name of the OSS bucket. Replace the value of `bucket` with the name of the OSS bucket you created.
`url`	The endpoint of the OSS bucket. Replace the value of `url` with the endpoint of the OSS bucket you created. If the bucket and your cluster are deployed in the same region, specify the internal endpoint of the bucket. Example: `oss-cn-shanghai-internal.aliyuncs.com`. If the bucket and your cluster are deployed in different regions, specify the public endpoint of the bucket. Example: `oss-cn-shanghai.aliyuncs.com`.
`otherOpts`	The parameters that are required to mount the OSS bucket. The value must be in the `-o * -o *` format. Example: `-o max_stat_cache_size=0 -o allow_other`.

Create a Secret and a PV.
```
kubectl create -f oss-pv.yaml
```

Check the PV.

kubectl get pv

Expected output:

NAME     CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
oss-pv   20Gi       RWX            Retain           Available           test           <unset>                          9s

Step 2: Create a PVC

Create a file named oss-pvc.yaml and copy the following content to the file:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: oss-pvc
spec:
  storageClassName: test
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi
  selector:
    matchLabels:
      alicloud-pvname: oss-pv

The following table describes the parameters in the preceding code block.

Parameter	Description
`storageClassName`	This configuration is only used to bind a PV to the PVC. You do not need to associate a StorageClass with the PVC. The value must be the same as the value of the `spec.storageClassName` parameter of the PV that you want to bind.
`accessModes`	The access mode.
`storage`	The storage capacity allocated to the pod. The allocated capacity cannot exceed the total capacity of the OSS volume bound to the PVC.
`alicloud-pvname`	The label that is used to select and bind a PV to the PVC. The value must be the same as the `metadata.labels.alicloud-pvname` parameter of the PV that you want to bind.

Create a PVC.
```
kubectl create -f oss-pvc.yaml
```

Check the PVC.

kubectl get pvc

The following output shows that the PV you created in Step 1 is bound to the PVC.

NAME      STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
oss-pvc   Bound    oss-pv   20Gi       RWX            test           <unset>                 6s

Step 3: Create an application and mount the OSS volume to the application

Create a file named oss-test.yaml and copy the following content to the file.

The following code block specifies the configuration of a Deployment that provisions two pods. Both pods apply for storage resources by using the oss-pvc PVC, which is mounted to the /data path of the pods.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: oss-test
  labels:
    app: nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
        ports:
        - containerPort: 80
        volumeMounts:
          - name: pvc-oss
            mountPath: /data
      volumes:
        - name: pvc-oss
          persistentVolumeClaim:
            claimName: oss-pvc

Create a Deployment and mount the OSS volume to the Deployment.
```
kubectl create -f oss-test.yaml
```

Check the status of the pods created by the Deployment.

kubectl get pod | grep oss-test

The following output shows that two pods are created.

oss-test-****-***a   1/1     Running   0          28s
oss-test-****-***b   1/1     Running   0          28s

View files in the mount path.
Run the following command to view files in the mount path. The data in the mount directory of the OSS bucket is expected to be returned. By default, no data is returned.
```
kubectl exec oss-test-****-***a -- ls /data
```

Console

Step 1: Create a PV

Log on to the ACS console.
On the Clusters, click the ID of the cluster to go to the cluster management page.
In the left-side navigation pane of the cluster management page, choose Volumes > Persistent Volumes.
On the Persistent Volumes page, click Create.

In the Create PV dialog box, configure the parameters and click Create.

Parameter	Description	Example
PV Type	Select OSS.	OSS
Volume Name	Specify a custom name for the PV. The name must follow the format requirements displayed in the console.	oss-pv
Capacity	The capacity of the OSS volume. Note The capacity of a statically provisioned OSS volume is only for reference. The actual capacity is unlimited. To view the available capacity of OSS volumes, go to the OSS console.	20Gi
Access Mode	Select an access mode based on the following description: ReadOnlyMany: The volume is mounted to multiple pods in read-only mode. ReadWriteMany: The volume is mounted to multiple pods in read-write mode.	ReadWriteMany
Access Certificate	To ensure data security, you can store the AccessKey pair in a Secret. In this example, Create Secret is selected.	Create Secret Namespace: default. Name: oss-secret. AccessKey ID: ******. AccessKey Secret: ******.
Bucket ID	Select the ID of the OSS bucket you created.	oss-acs-***
OSS Path	Select the directory that you want to mount in the bucket. The default value is `/`, which is the root directory. You can specify a subdirectory, such as `/dir`. You must create a subdirectory before you can specify the subdirectory.	/
Endpoint	The endpoint of the OSS bucket. If the bucket and your cluster are deployed in the same region, select Internal Endpoint. If the bucket and your cluster are deployed in different regions, select Public Endpoint.	Internal Endpoint

After you create the PV, you can view the PV on the Persistent Volumes page. No PVC is mounted to the PV.

Step 2: Create a PVC

In the left-side navigation pane of the cluster management page, choose Volumes > Persistent Volume Claims.
On the Persistent Volume Claims page, click Create.

In the Create PVC dialog box, configure the parameters and click Create.

Parameter	Description	Example
PVC Type	Select OSS.	OSS
Name	Specify a custom name for the PVC. The name must follow the format requirements displayed in the console.	oss-pvc
Allocation Mode	Select Existing Volumes.	Existing Volumes
Existing Volumes	Select the PV you created.	oss-pv
Capacity	The storage capacity allocated to the pod. The allocated capacity cannot exceed the total capacity of the OSS volume bound to the PVC.	20Gi

After you create the PVC, you can view the PVC on the Persistent Volume Claims page. The OSS volume you created is bound to the PVC.

Step 3: Create an application and mount the OSS volume to the application

In the left-side navigation pane of the cluster management page, choose Workloads > Deployments.
On the Deployments tab, click Create from Image.

Configure the parameters of the Deployment and click Create.

The following table describes some of the parameters. Use the default values for other parameters. For more information, see Create a stateless application by using a Deployment.

Wizard page	Parameter	Description	Example
Basic Information	Name	Specify a custom name for the Deployment. The name must follow the format requirements displayed in the console.	oss-test
Basic Information	Replicas	The number of pod replicas provisioned by the Deployment.	2
Container	Image Name	The address of the image used to deploy the application.	registry.cn-hangzhou.aliyuncs.com/acs-sample/nginx:latest
	Required Resources	Specify the number of vCores and the amount of memory required by the application.	0.25 vCores and 0.5 GiB of memory
	Volume	Click Add PVC and configure the parameters. Mount Source: Select the PVC you created. Container Path: Specify the container path to which you want to mount the OSS bucket.	Mount Source: oss-pvc. Container Path: /data.

Check whether the application is deployed.
1. On the Deployments page, click the name of the application you created.
2. On the Pods tab, check whether the pods are in the Running state.

Check whether the OSS volume can share and persist data

The Deployment you created provisions two pods. The same OSS bucket is mounted to both pods. You can use the following methods to check whether the OSS volume can share and persist data:

Create a file in one pod and access the file from the other pod. If the access succeeds, data sharing is enabled.
Recreate the Deployment. Access the OSS volume from a recreated pod to check whether the original data still exists in the OSS bucket. If the data still exists, data persistence is enabled.

View the pod information.

kubectl get pod | grep oss-test

Sample output:

oss-test-****-***a   1/1     Running   0          40s
oss-test-****-***b   1/1     Running   0          40s

Check whether data sharing is enabled.
1. Create a file in a pod.
  In this example, the oss-test-****-***a pod is used.
```
kubectl exec oss-test-****-***a -- touch /data/test.txt
```
2. View the file you created from the other pod.
  In this example, the oss-test-****-***b pod is used.
```
kubectl exec oss-test-****-***b -- ls /data
```
  The following output shows that the test.txt file you created in the oss-test-****-***a pod can be accessed from the oss-test-****-***b pod.
```
test.txt
```
Check whether data persistence is enabled.
1. Recreate the Deployment.
```
kubectl rollout restart deploy oss-test
```
2. After the pods are recreated, check the new pods.
```
kubectl get pod | grep oss-test
```
  Sample output:
```
oss-test-****-***c   1/1     Running   0          67s
oss-test-****-***d   1/1     Running   0          49s
```
3. Access the file from a new pod to check whether data still exists in the file system.
  In this example, the oss-test-c*** pod is used.
```
kubectl exec oss-test-****-***c -- ls /data
```
  The following output shows that the data still exists in the OSS bucket and can be accessed from the mount directory in the recreated pods.
```
test.txt
```