This topic describes how to use the Container Storage Interface (CSI) plug-in provided by Alibaba Cloud in a registered cluster of ACK One to mount File Storage NAS (NAS) file systems on a Kubernetes cluster.
Prerequisites
A registered cluster is created and an external cluster is connected to the registered cluster. For more information, see Create a registered cluster in the Container Service for Kubernetes (ACK) console.
The Kubernetes version of the registered cluster is 1.24 or later.
If the external cluster is deployed in a data center, make sure that the data center is connected to Alibaba Cloud by using an Express Connect circuit before you mount Alibaba Cloud storage resources to nodes in the cluster as volumes.
A kubectl client is connected to the registered cluster. For more information, see Obtain the kubeconfig file of a cluster and use kubectl to connect to the cluster.
Precautions
If the external cluster is deployed on Alibaba Cloud and Elastic Compute Service (ECS) instances are added to the cluster, you must add labels to the ECS instances. For more information about how to add labels to ECS instances, see Add labels to ECS instances in an external cluster that is registered with ACK.
If you use the node pool feature to add ECS instances to the external cluster, the
alibabacloud.com/external=true
label is automatically added to the ECS instances.
Step 1: Grant a RAM user the permissions to manage the CSI plug-in
Use onectl
Install onectl on your on-premises machine. For more information, see Use onectl to manage registered clusters.
onectl uses the AccessKey pair of a Resource Access Management (RAM) user to access Alibaba Cloud resources. Run the following command to grant the RAM user the permissions to manage the CSI component:
onectl ram-user grant --addon csi-plugin
Expected output:
Ram policy ack-one-registered-cluster-policy-csi-plugin granted to ram user ack-one-user-ce313528c3 successfully.
Use the console
Before you install the CSI plug-in in a registered external cluster, you must set an AccessKey pair in the cluster to access related cloud resources. Before you set the AccessKey pair, create a RAM user and grant the RAM user the permissions to access Alibaba Cloud resources.
Create a RAM user. For more information, see Create a RAM user.
Create a custom policy.
For more information about how to create a custom policy, see Create a custom policy.
The following examples are custom permission policies that you can use to grant the permissions to manage disks, snapshots, snapshot policies, resource labels, instances, file systems, and repositories. For more information about relevant API operations, see List of operations by function.
Attach the custom policy to the RAM user. For more information, see Grant permissions to a RAM user.
Create an AccessKey pair for the RAM user. For more information, see Obtain an AccessKey pair.
Use the AccessKey pair to create a Secret named alibaba-addon-secret in the registered cluster.
The system automatically uses the AccessKey pair to access cloud resources when you install the CSI component.
kubectl -n kube-system create secret generic alibaba-addon-secret --from-literal='access-key-id=<your access key id>' --from-literal='access-key-secret=<your access key secret>'
NoteReplace
<your access key id>
and<your access key secret>
with the AccessKey pair that you obtained in the previous step.
Step 2: Install the CSI plug-in
Use onectl
Run the following commands to install the CSI plug-in:
onectl addon install csi-plugin
onectl addon install csi-provisioner
Expected output:
Addon csi-plugin, version **** installed.
Addon csi-provisioner, version **** installed.
Use the console
Log on to the ACK console. In the left-side navigation pane, click Clusters.
On the Clusters page, find the cluster that you want to manage and click its name. In the left-side navigation pane, choose .
Click the Storage tab, find csi-plugin and csi-provisioner, and then click Install.
In the Note message, confirm the versions of the plug-ins and click OK.
Mount a NAS file system by using a built-in Kubernetes volume
You can use the following methods to mount a NAS file system to persist application data: