阿里云Kubernetes CSI实践 - 静态OSS卷

环境准备

集群创建、依赖配置、CSI插件部署等请参考：CSI部署详解

创建OSS Bucket

到OSS控制台创建OSS Bucekt：参考文档

注意：相同region的OSS Bucket 可以使用内网地址进行挂载；

创建Secret、静态PV、PVC

本示例通过Secret来配置用户的AK信息：

apiVersion: v1
kind: Secret
metadata:
  name: oss-secret
  namespace: default
stringData:
  akId: ***
  akSecret: ***

通过上面模板创建secret，注意namespace需要和应用所在namespaces一致；

配置：akId、akSecret参数；

通过下面模板创建静态卷PV、PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: oss-pvc
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: oss-csi-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  csi:
    driver: ossplugin.csi.alibabacloud.com
    volumeHandle: data-id
    nodePublishSecretRef:
      name: oss-secret
      namespace: default
    volumeAttributes:
      bucket: "oss"
      url: "oss-cn-hangzhou.aliyuncs.com"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"

nodePublishSecretRef：定义挂载pv时通过secret对象来获取ak信息；

volumeHandle：PV Handler，可以配置为一个随机值；

bucket、url、otherOpts：分别表示OSS Bucket、挂载点、挂载可选参数；

# kubectl get pvc
NAME      STATUS   VOLUME       CAPACITY   ACCESS MODES   STORAGECLASS   AGE
oss-pvc   Bound    oss-csi-pv   5Gi        RWX                           20s

# kubectl get pv
NAME         CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM             STORAGECLASS   REASON   AGE
oss-csi-pv   5Gi        RWX            Retain           Bound    default/oss-pvc                           21s

直接配置PV、PVC的AK

上面步骤是通过secret为plugin提供ak信息，也可以直接在pv中配置AK信息。如下面模板所示：

apiVersion: v1
kind: PersistentVolume
metadata:
  name: oss-csi-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  csi:
    driver: ossplugin.csi.alibabacloud.com
    volumeHandle: data-id
    volumeAttributes:
      bucket: "oss"
      url: "oss-cn-hangzhou.aliyuncs.com"
      otherOpts: "-o max_stat_cache_size=0 -o allow_other"
      akId: "***"
      akSecret: "***"

创建应用

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.7.9
        ports:
        - containerPort: 80
        volumeMounts:
          - name: oss-pvc
            mountPath: "/data"
      volumes:
        - name: oss-pvc
          persistentVolumeClaim:
            claimName: oss-pvc

验证挂载、高可用

查看pod，验证OSS挂载成功，创建测试文件；
# kubectl get pod
NAME                               READY   STATUS    RESTARTS   AGE
nginx-deployment-f57ddc9b9-xthj8   1/1     Running   0          31s
# kubectl exec nginx-deployment-f57ddc9b9-xthj8 ls /data
hello
test
# kubectl exec nginx-deployment-f57ddc9b9-xthj8 mount | grep oss
ossfs on /data type fuse.ossfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)

# kubectl exec nginx-deployment-f57ddc9b9-xthj8 touch /data/testnew
# kubectl exec nginx-deployment-f57ddc9b9-xthj8 ls /data
hello
test
testnew

删除Pod，查看重建Pod是否数据稳定；
# kubectl delete pod nginx-deployment-f57ddc9b9-xthj8
pod "nginx-deployment-f57ddc9b9-xthj8" deleted
# kubectl get pod
NAME                               READY   STATUS    RESTARTS   AGE
nginx-deployment-f57ddc9b9-pfqql   1/1     Running   0          6s
# kubectl exec nginx-deployment-f57ddc9b9-pfqql ls /data
hello
test
testnew