Using an OBS Bucket Through a Dynamic PV
This section describes how to automatically create an OBS bucket. It is applicable when no underlying storage volume is available.
Constraints
- If OBS volumes are used, the owner group and permission of the mount point cannot be modified.
- Hard links are not supported when common buckets are mounted.
- OBS allows a single user to create a maximum of 100 buckets. If a large number of dynamic PVCs are created, the number of buckets may exceed the upper limit, and no more OBS buckets can be created. In this case, use OBS by calling its API or SDK and do not mount OBS buckets to workloads.
Automatically Creating an OBS Volume on the Console
- Log in to the CCE console and click the cluster name to access the cluster console.
- Dynamically create a PVC and PV.
- In the navigation pane on the left, choose Storage. Then click the PVCs tab. In the upper right corner, click Create PVC. In the displayed dialog box, configure the parameters.
Parameter
Description
PVC Type
In this example, select OBS.
OBS Endpoint
To access OBS in a CCE Autopilot cluster, you need to create an OBS endpoint.
PVC Name
Enter the PVC name, which must be unique in the same namespace.
Creation Method
- If no underlying storage is available, select Dynamically provision to create a PVC, PV, and underlying storage on the console in cascading mode.
- If underlying storage is available, select either Use existing or Create new. For details about static creation, see Using an Existing OBS Bucket Through a Static PV.
In this example, select Dynamically provision.
Storage Classes
The storage class of OBS volumes is csi-obs.
Instance Type
- Parallel file system: a high-performance file system provided by OBS. It provides millisecond-level access latency, TB/s-level bandwidth, and million-level IOPS. Parallel file systems are recommended.
- Object bucket: a container that stores objects in OBS. All objects in a bucket are at the same logical level.
OBS Class
You can select the following object bucket types:- Standard: Applicable when a large number of hotspot files or small-sized files need to be accessed frequently (multiple times per month on average) and require fast access response.
- Infrequent access: Applicable when data is not frequently accessed (fewer than 12 times per year on average) but requires fast access response.
Access Mode
OBS volumes support only ReadWriteMany, indicating that a storage volume can be mounted to multiple nodes in read/write mode. For details, see Volume Access Modes.
Access Key (AK/SK)
Custom: Customize a secret if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
Only secrets with the secret.kubernetes.io/used-by = csi label can be selected. The secret type is cfe/secure-opaque. If no secret is available, click Create Secret to create one.- Name: Enter a secret name.
- Namespace: Select the namespace where the secret is located.
- Access Key (AK/SK): Upload a key file in .csv format. For details, see Obtaining an Access Key.
- Click Create to create a PVC and a PV.
In the navigation pane on the left, choose Storage. View the created PVC and PV on the PVCs and PVs tabs, respectively.
- In the navigation pane on the left, choose Storage. Then click the PVCs tab. In the upper right corner, click Create PVC. In the displayed dialog box, configure the parameters.
- Create a workload.
- In the navigation pane on the left, choose Workloads. Then click the Deployments tab.
- In the upper right corner, click Create Workload. On the displayed page, click Data Storage in the Container Settings area and click Add Volume to select PVC.
Mount and use storage volumes, as shown in Table 1. For details about other parameters, see Creating a Workload.
Table 1 Mounting a storage volume Parameter
Description
PVC
Select an existing object storage volume.
Mount Path
Enter a mount path, for example, /tmp.
This parameter indicates the container path that the volume will be mounted to. Do not mount the volume to a system directory such as / or /var/run. This may cause container errors. Mount the volume to an empty directory. If the directory is not empty, ensure that there are no files that affect container startup. If there are such files, they will be replaced, which will lead to a container startup or workload creation failure.NOTICE:If a volume is mounted to a high-risk directory, use an account with minimum permissions to start the container, or high-risk files on the host may be damaged.
Subpath
Enter the subpath of the storage volume and mount a path in the storage volume to the container. In this way, different folders of the same storage volume can be used in a single pod. tmp, for example, indicates that data in the mount path of the container is stored in the tmp directory of the storage volume. If this parameter is left blank, the root path is used by default.
Permission
- Read-only: You can only read the data in the mounted volume.
- Read-write: You can modify the volume mounted to the path. Newly written data will not be migrated if the container is migrated, which may cause data loss.
In this example, the volume is mounted to the /data path of the container. The container data generated in this path is stored in the OBS bucket.
- Configure other parameters and click Create Workload.
After the workload is created, the data in the container mount directory will be persistently stored. Verify the storage by referring to Verifying Data Persistence and Sharing.
(kubectl) Automatically Creating an OBS Volume
- Use kubectl to connect to the cluster.
- Use StorageClass to dynamically create a PVC and PV.
- Create the pvc-obs-auto.yaml file.
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc-obs-auto namespace: default annotations: everest.io/obs-volume-type: STANDARD # Object storage type. csi.storage.k8s.io/fstype: obsfs # Instance type. csi.storage.k8s.io/node-publish-secret-name: <your_secret_name> # Custom secret name. csi.storage.k8s.io/node-publish-secret-namespace: <your_namespace> # Namespace of the custom secret. spec: accessModes: - ReadWriteMany # The value must be ReadWriteMany for object storage. resources: requests: storage: 1Gi # OBS volume capacity. storageClassName: csi-obs # The StorageClass type of OBS
Table 2 Key parameters Parameter
Mandatory
Description
everest.io/obs-volume-type
Yes
OBS storage class.
- If fsType is set to s3fs, STANDARD (standard bucket) and WARM (infrequent access bucket) are supported.
- This parameter is invalid when fsType is set to obsfs.
csi.storage.k8s.io/fstype
Yes
Instance type. The value can be obsfs or s3fs.
- obsfs: Parallel file system, which is mounted using obsfs.
- s3fs: Object bucket, which is mounted using s3fs.
csi.storage.k8s.io/node-publish-secret-name
No
Custom secret name.
(Recommended) Select this option if you want to assign different user permissions to different OBS storage devices. For details, see Using a Custom Access Key (AK/SK) to Mount an OBS Volume.
csi.storage.k8s.io/node-publish-secret-namespace
No
Namespace of a custom secret.
storage
Yes
Requested capacity in the PVC, in Gi.
For OBS, this field is used only for verification (cannot be empty or 0). Its value is fixed at 1, and any value you set does not take effect for OBS.
storageClassName
Yes
Storage class name. The storage class name of OBS volumes is csi-obs.
- Run the following command to create a PVC:
kubectl apply -f pvc-obs-auto.yaml
- Create the pvc-obs-auto.yaml file.
- Create a workload.
- Create a file named web-demo.yaml. In this example, the OBS volume is mounted to the /data path.
apiVersion: apps/v1 kind: Deployment metadata: name: web-demo namespace: default spec: replicas: 2 selector: matchLabels: app: web-demo template: metadata: labels: app: web-demo spec: containers: - name: container-1 image: nginx:latest volumeMounts: - name: pvc-obs-volume #Volume name, which must be the same as the volume name in the volumes field. mountPath: /data # Location where the storage volume is mounted. imagePullSecrets: - name: default-secret volumes: - name: pvc-obs-volume # Custom volume name persistentVolumeClaim: claimName: pvc-obs-auto # Name of the created PVC.
- Run the following command to create a workload that the OBS volume is mounted to:
kubectl apply -f web-demo.yaml
After the workload is created, you can try Verifying Data Persistence and Sharing.
- Create a file named web-demo.yaml. In this example, the OBS volume is mounted to the /data path.
Verifying Data Persistence and Sharing
- View the deployed application and files.
- Run the following command to view the created pod:
kubectl get pod | grep web-demo
Expected output:web-demo-846b489584-mjhm9 1/1 Running 0 46s web-demo-846b489584-wvv5s 1/1 Running 0 46s
- Run the following commands in sequence to view the files in the /data path of the pods:
kubectl exec web-demo-846b489584-mjhm9 -- ls /data kubectl exec web-demo-846b489584-wvv5s -- ls /data
If no result is returned for both pods, no file exists in the /data path.
- Run the following command to view the created pod:
- Run the following command to create a file named static in the /data path:
kubectl exec web-demo-846b489584-mjhm9 -- touch /data/static
- Run the following command to check the files in the /data path:
kubectl exec web-demo-846b489584-mjhm9 -- ls /data
Expected output:
static
- Verify data persistence.
- Run the following command to delete the pod named web-demo-846b489584-mjhm9:
kubectl delete pod web-demo-846b489584-mjhm9
Expected output:
pod "web-demo-846b489584-mjhm9" deleted
After the deletion, the Deployment controller automatically creates a replica.
- Run the following command to view the created pod:
kubectl get pod | grep web-demo
The expected output is as follows, in which web-demo-846b489584-d4d4j is the newly created pod:web-demo-846b489584-d4d4j 1/1 Running 0 110s web-demo-846b489584-wvv5s 1/1 Running 0 7m50s
- Run the following command to check whether the files in the /data path of the new pod have been modified:
kubectl exec web-demo-846b489584-d4d4j -- ls /data
Expected output:
static
The static file is retained, indicating that the data in the file system can be stored persistently.
- Run the following command to delete the pod named web-demo-846b489584-mjhm9:
- Verify data sharing.
- Run the following command to view the created pod:
kubectl get pod | grep web-demo
Expected output:web-demo-846b489584-d4d4j 1/1 Running 0 7m web-demo-846b489584-wvv5s 1/1 Running 0 13m
- Run the following command to create a file named share in the /data path of either pod: In this example, select the pod named web-demo-846b489584-d4d4j.
kubectl exec web-demo-846b489584-d4d4j -- touch /data/share
Check the files in the /data path of the pod.kubectl exec web-demo-846b489584-d4d4j -- ls /data
Expected output:
share static
- Check whether the share file exists in the /data path of another pod (web-demo-846b489584-wvv5s) as well to verify data sharing.
kubectl exec web-demo-846b489584-wvv5s -- ls /data
Expected output:
share static
After you create a file in the /data path of a pod, if the file is also created in the /data path of the other pod, the two pods share the same volume.
- Run the following command to view the created pod:
Related Operations
Operation |
Description |
Procedure |
---|---|---|
Updating an access key |
Update the access key of object storage on the CCE console. |
|
Viewing events |
You can view event names, event types, number of occurrences, Kubernetes events, first occurrence time, and last occurrence time of the PVC or PV. |
|
Viewing a YAML file |
You can view, copy, and download the YAML files of a PVC or PV. |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot