Use Baidu Object Storage (BOS)
Preparation
The user can mount the BOS instance in the container only after the following preparations are made.
- Register account, and complete identity verification.
- Enter the BOS page to create a Bucket.
- Create an available container cluster.
Create Bucket
- To create a BOS Bucket, please see Create Bucket for operation steps
Note: The created BOS Bucket and mount point must be in the same vpc/subnet as the cluster node.
Create Container Cluster
1.Create a container cluster. Refer to Create Cluster for operation steps .
2.Download the command-line client kubectl and connect to the cluster. Refer to Connect to the Kubernetes Cluster through Kubectl.
Note: K8S cluster version>=1.11
Operation Guide
Static PV/PVC Mounting BOS
1.The content of secret, kubectl create -f secret-demo.yaml, secret-demo of ak/sk created in the cluster is as follows:
apiVersion: v1
kind: Secret
metadata:
name: csi-bos-secret
namespace: default
data:
ak: ak-encoded-by-base64
sk: sk-encoded-by-base64 Note: Ak/Sk in yaml needs to pass through base64, and this secret is used to mount bos. You need to get it from the security authentication page at the top right corner of cloud platform, and then write the acquired ak/sk into yaml after base64 encoding. Base64 encoding for ak and sk does not need code line breaks.
2.Create PV and PVC resources in the cluster.
Use kubectl to execute kubectl create -f bos-pv.yaml to complete PV creation.
The corresponding bos-pv.yaml file is as follows:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-bos
namespace: "default"
spec:
accessModes:
- ReadWriteOnce
- ReadOnlyMany
capacity:
storage: 5Gi
storageClassName: csi-bos
csi:
driver: "csi-bosplugin"
volumeHandle: "v-XXXXXX"
nodePublishSecretRef:
name: "csi-bos-secret"
namespace: "default"
volumeAttributes:
options: "-o meta_expires=0"
persistentVolumeReclaimPolicy: Retain Notes and Parameter Description:
- VolumeHandle in yaml: It corresponds to the bucketName of BOS, and supports mounting the sub-directory of BOS Bucket , such as: bucketName/dirName.
- nodePublishSecretRef: Fill in the secret name in step 1.
- Parameters under volumeAttributes are optiona.
- region: It is used to support BOS mounting across regions. The supporting parameters are: su, bj, whf, gz, hkg, bd (Suzhou, Beijing, Wuhan, Guangzhou, Hong Kong, Baoding). At the same time, eip shall be opened by virtual machine. The region parameter defaults to the region of the machine.
- multipart_size, multipart_threshold, multipart_parallel are the parameters related to BOS fragmentation transmission. For details, see "BOS parameter description".
- option: For other parameters, see "BOS parameter description".
- BOS supports one write and multiple reads, but the read-only pod cannot read the latest written data: The corresponding accessMode only ReadWriteOnce + ReadOnlyMany.
After creating a PV, enter kubectl get pv to see a PV in available status, as shown below:
$ kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
bos-pv 5Gi RWO,ROX Retain Available csi-bos 3s 3.Establish a PVC that can be bound to the PV.
Using kubectl, execute kubectl create -f bos-pvc.yaml to complete the creation of PVC.
The corresponding bos-pvc.yaml file is as follows:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: bos-pvc
spec:
accessModes:
- ReadWriteOnce
- ReadOnlyMany
resources:
requests:
storage: 5Gi
storageClassName: csi-bos Note: The storageClassName field in yaml is used to associate with PV. It is recommended to fill in this field, if the PV of multi class storage system is used in the cluster.
PVC is in pending state before binding.
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
bos-pvc Pending csi-bos 2s After binding, the PV and PVC status changes to Bound.
$ kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
bos-pv 5Gi RWX Retain Bound default/bos-pvc 36s
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
bos-pvc Bound bos-pv 5Gi RWO,ROX csi-bos 1m For more descriptions of PV and PVC settings and fields, see K8S Official Document
4.Mount PVC in pod.
Specify the corresponding PVC name in the Pod Spec, and use kubectl to execute kubectl create -f demo-bos-pod.yaml to complete the creation of pod.
The corresponding demo-bos-pod.yaml file is as follows:
apiVersion: v1
kind: Pod
metadata:
name: nginx01
namespace: default
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx01
volumeMounts:
- mountPath: /var/lib/www/html
name: bos-pvc
- mountPath: /var/lib/www/html000
name: bos-pvc
readOnly: true
volumes:
- name: bos-pvc
persistentVolumeClaim:
claimName: bos-pvc
readOnly: false After the Pod is created, you can read and write the //in the container The path /var/lib/www/html can access the content on the corresponding BOS storage. At the same time, the path supports reading and writing. The path var/lib/www/html000 supports read-only.
At the same time, it supports mounting read-only disks on other machines, and kubectl create -f demo-bos-pod1.yaml creates a Pod containing read-only bos Bucket.
apiVersion: v1
kind: Pod
metadata:
name: nginx01-bbaa
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx01
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/www/html000
name: bos-pvc
readOnly: true
volumes:
- name: bos-pvc
persistentVolumeClaim:
claimName: bos-pvc
readOnly: true 5.Release PV and PVC resources.
After the use of storage resources is completed, PVC and PV resources can be released.
Use the following command to release PVC.
$ kubectl delete -f bos-pvc.yaml After PVC is released, the PV state bound to it will change to Release as follows:
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
bos-pv 5Gi RWO,ROX Retain Released default/bos-pvc csi-bos 16m Enter the following command to release the PV resource.
$ kubectl delete -f bos-pv.yaml