Use Alibaba Cloud CNFS as network storage and share NAS

foreword

I wrote before that K8S uses Alibaba Cloud storage volumes , and used it in the process of helm installing redis, rabbitmq and alicloud-nas-fs , but later found that each installation will generate NAS repeatedly, but each NAS account can add at most 20, so this does not meet the requirements. After communicating with Alibaba engineers, they recommended CNFS as the storage medium. All services share the same NAS file system, which is now recorded and shared with everyone.

CNFS overview

Traditional shared file systems have problems such as lack of precise control of capacity quota, inability to recover accidentally deleted files, lack of monitoring indicators such as storage volume capacity performance, lack of secure encryption, and delay in reading and writing small files. Alibaba Cloud Container Service ACK launched the container network file system CNFS to improve the performance and QoS control of NAS file systems. This article introduces the functions, storage specifications, applicable scenarios, usage restrictions, and billing instructions of the container network file system CNFS.

Using CNF

This is the official operation document: use CNFS to host the NAS file system , we only need to look at 方式一：使用CNFS创建默认NAS文件系统 .

 # 创建CNFS、storageclass和deployment、statefulset对象。
cat << EOF | kubectl apply -f -
apiVersion: storage.alibabacloud.com/v1beta1
kind: ContainerNetworkFileSystem
metadata:
  name: cnfs-nas-filesystem
spec:
  description: "cnfs"
  type: nas
  reclaimPolicy: Retain #只支持Retain策略，删除CNFS时并不会删除NAS文件系统。
  parameters:
    encryptType: SSE-KMS #可选参数，不指定表示对文件不使用NAS托管加密，指定SSE-KMS表示开启此功能。
    enableTrashCan: "true" #可选参数，不指定表示不打开回收站功能，指定true表示开启此功能。
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: alibabacloud-cnfs-nas
mountOptions:
  - nolock,tcp,noresvport
  - vers=3
parameters:
  volumeAs: subpath
  containerNetworkFileSystem: cnfs-nas-filesystem
  path: "/"
provisioner: nasplugin.csi.alibabacloud.com
reclaimPolicy: Retain
allowVolumeExpansion: true #可选参数，指定为true表示允许对NAS文件系统进行扩容。
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: cnfs-nas-pvc
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: alibabacloud-cnfs-nas
  resources:
    requests:
      storage: 70Gi #如果打开目录限额功能，则storage字段会生效，动态创建目录写入数据量最大为70 GiB。
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cnfs-nas-deployment
  labels:
    app: nginx
spec:
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: cnfs-nas-pvc
      volumes:
      - name: cnfs-nas-pvc
        persistentVolumeClaim:
          claimName: cnfs-nas-pvc
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: cnfs-nas-sts
  labels:
    app: nginx
spec:
  serviceName: "nginx"
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        volumeMounts:
        - mountPath: "/data"
          name: www
  volumeClaimTemplates:
  - metadata:
      name: www
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "alibabacloud-cnfs-nas"
      resources:
        requests:
          storage: 50Gi #如果打开目录限额功能，则storage字段会生效，动态创建目录写入数据量最大为50 GiB。
EOF

Execute this Yaml file, k create -f xxx.yaml to check the generation.

 # 执行以下命令查看创建的NAS文件系统
kubectl get cnfs
# 执行以下命令查看NAS文件系统的详细信息
kubectl get cnfs/cnfs-nas-filesystem -o yaml

In the same way, you can use alicloud-cnfs-nas this StorageClass to create NAS shared storage when installing redis, rabbitmq, and elasticsearch. At the same time, by viewing the Alibaba console, NAS only creates one share.

Summarize

1. If you want to expand CNFS, you can check the use of CNFS to automatically expand NAS storage volumes