If you are using Alibaba Cloud Container Service for Kubernetes (ACK), the CSI drivers will be deployed automatically. You can manage them as a component through the ACK console.
If you deploy Kubernetes yourself, you can still use registered cluster to manage the CSI drivers.
Read on if you want to deploy the drivers manually.
- Kubernetes version >= 1.26
kubectl
configured to communicate with the cluster- Helm 3
- different drivers have their own requirements, please refer to their specific documentation
The driver requires RAM permissions to invoke Alibaba Cloud OpenAPIs to manage the volume on user's behalf. Different drivers requires different permissions, please refer to the example policies.
There are several methods to grant the driver RAM permissions:
-
If the CSI is deployed on ECS, you may use instance RAM role. Attach the above policies to the instance RAM role and turn on access to ECS metadata for the instances on which the driver Deployment runs. For Disk driver, all the instances in the cluster need this.
-
use a secret for access key.
- Create a RAM user, enable OpenAPI access. Once the user is created, record the AccessKey ID and AccessKey Secret.
- Create a policy, paste in the policies.
- Authorize the new policy for the new RAM user.
- Store the AccessKey to Cluster as a secret.
kubectl create secret -n kube-system generic csi-access-key \ --from-literal=id='LTA******************GWN' \ --from-literal=secret='***********'
You can deploy the drivers using Helm.
The default values mimic the config of the drivers in ACK cluster. We provides some configuration presets. Select one of them:
- values-ecs.yaml: for deploy on self-built cluster on ECS.
- values-nonecs.yaml: for deploy on non-ECS cluster. Disk driver is disabled.
git clone https://github.com/kubernetes-sigs/alibaba-cloud-csi-driver.git
cd alibaba-cloud-csi-driver/deploy
helm upgrade --install alibaba-cloud-csi-driver ./chart --values chart/values-ecs.yaml --namespace kube-system
Please review the values file before installing. Some important configurations are:
- deploy.accessKey.enabled: if you are using instance RAM role, disable this.
- csi.<driver>.enabled: enable or disable each driver.
disk driver supports volume snapshot feature. This helm chart installs the CRDs for you, but it will not upgrade them. You may need to manage the CRDs manually.
The Common Snapshot Controller only needs to be deployed once in a cluster.
If you have other drivers that also supports volume snapshot, You can manage the controller yourself.
Please set volumeSnapshot.controller.enabled
to false
and
refer to CSI Snapshotter Usage for how to deploy the controller.
Check the driver pods are running and ready:
kubectl get pods -n kube-system -l app=csi-plugin
kubectl get pods -n kube-system -l app=csi-provisioner