Cloud Native 17 min read

Access On-Premises Data from Alibaba Cloud ECI with ACK Fluid & MinIO

This guide walks through using ACK Fluid to connect Alibaba Cloud Elastic Compute Instances (ECI) with on‑premises MinIO storage, covering prerequisites, deployment of MinIO, building a custom ThinRuntime image, creating Fluid profiles and datasets, and accessing data via a PVC‑mounted pod.

Alibaba Cloud Native

Sep 7, 2023

Access On-Premises Data from Alibaba Cloud ECI with ACK Fluid & MinIO

Overview

ACK (Alibaba Cloud Container Service for Kubernetes) can expose on‑premises storage to public‑cloud compute resources. ACK Fluid’s ThinRuntime mechanism lets containers mount third‑party storage such as MinIO directly from Elastic Compute Instances (ECI) without moving data to the cloud, preserving security and reducing latency.

Hybrid‑Cloud Data‑Access Challenges

Long security and cost evaluation for migrating data to cloud storage.

Public‑cloud ECI supports only a limited set of distributed storage types (e.g., NAS, OSS, CPFS) and lacks native support for many third‑party systems.

Developing and maintaining CSI plugins that are compatible with ECI is complex.

Need for a transparent, trustworthy data‑access mechanism.

Applications must run unchanged.

ACK Fluid Advantages

Simple development model – only a Dockerfile is required; typical integration takes 2‑3 hours.

Secure, controllable data access via container‑based FUSE clients.

No code changes for applications; adding a label to a PVC enables access.

Supports both CSI and FUSE sidecar deployment modes.

Provides observability and resource‑control for third‑party storage clients.

Step‑by‑Step Demonstration Using MinIO

1. Prerequisites

ACK Pro cluster version 1.18 or later.

Cloud‑Native AI Suite installed with the ack‑fluid component (uninstall any open‑source Fluid first).

ACK Virtual Node (Virtual Node) deployed to run ECI pods. kubectl configured to access the ACK cluster.

2. Deploy MinIO in the ACK Cluster

Create minio.yaml:

apiVersion: v1
kind: Service
metadata:
  name: minio
spec:
  type: ClusterIP
  ports:
    - port: 9000
      targetPort: 9000
      protocol: TCP
  selector:
    app: minio
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: minio
spec:
  selector:
    matchLabels:
      app: minio
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: minio
    spec:
      containers:
        - name: minio
          image: bitnami/minio
          env:
            - name: MINIO_ROOT_USER
              value: "minioadmin"
            - name: MINIO_ROOT_PASSWORD
              value: "minioadmin"
            - name: MINIO_DEFAULT_BUCKETS
              value: "my-first-bucket:public"
          ports:
            - containerPort: 9000
              hostPort: 9000

Deploy the service and deployment: $ kubectl create -f minio.yaml Upload a test file to the bucket:

$ POD=$(kubectl get pods -l app=minio -o jsonpath='{.items[0].metadata.name}')
$ kubectl exec -it $POD -- bash -c "echo fluid-minio-test > testfile"
$ kubectl exec -it $POD -- bash -c "mc cp ./testfile local/my-first-bucket/"
$ kubectl exec -it $POD -- bash -c "mc cat local/my-first-bucket/testfile"
# Expected output: fluid-minio-test

3. Build a Custom ThinRuntime Image

Python script fluid-config-parse.py reads the Fluid JSON config and generates a mount script for goofys:

import json
with open("/etc/fluid/config.json", "r") as f:
    rawStr = f.readlines()[0]
script = """#!/bin/sh
set -ex
export AWS_ACCESS_KEY_ID=`cat $akId`
export AWS_SECRET_ACCESS_KEY=`cat $akSecret`
mkdir -p $targetPath
exec goofys -f --endpoint \"$url\" \"$bucket\" $targetPath
"""
obj = json.loads(rawStr)
with open("mount-minio.sh", "w") as f:
    f.write(f"targetPath=\"{obj['targetPath']}\"
")
    f.write(f"url=\"{obj['mounts'][0]['options']['minio-url']}\"
")
    mp = obj['mounts'][0]['mountPoint']
    if mp.startswith('minio://'):
        bucket = mp[len('minio://'):]
    else:
        bucket = mp
    f.write(f"bucket=\"{bucket}\"
")
    f.write(f"akId=\"{obj['mounts'][0]['options']['minio-access-key']}\"
")
    f.write(f"akSecret=\"{obj['mounts'][0]['options']['minio-access-secret']}\"
")
    f.write(script)

Dockerfile (based on cloudposse/goofys) adds Python and the parser script:

FROM cloudposse/goofys
RUN apk add python3 bash
COPY ./fluid-config-parse.py /fluid-config-parse.py

Build and push the image (replace <your image repo> with your registry):

$ IMG_REPO=<your image repo>
$ docker build -t $IMG_REPO/fluid-minio-goofys:demo .
$ docker push $IMG_REPO/fluid-minio-goofys:demo

4. Create a ThinRuntimeProfile for MinIO

apiVersion: data.fluid.io/v1alpha1
kind: ThinRuntimeProfile
metadata:
  name: minio
spec:
  fileSystemType: fuse
  fuse:
    image: $IMG_REPO/fluid-minio-goofys
    imageTag: demo
    imagePullPolicy: IfNotPresent
    command:
      - sh
      - -c
      - "python3 /fluid-config-parse.py && chmod u+x ./mount-minio.sh && ./mount-minio.sh"

Apply the profile:

$ kubectl create -f profile.yaml

5. Create Dataset and ThinRuntime CRs

Create a secret that stores MinIO credentials:

$ kubectl create secret generic minio-secret \
  --from-literal=minio-access-key=minioadmin \
  --from-literal=minio-access-secret=minioadmin

Dataset and ThinRuntime definition ( dataset.yaml):

apiVersion: data.fluid.io/v1alpha1
kind: Dataset
metadata:
  name: minio-demo
spec:
  mounts:
    - mountPoint: minio://my-first-bucket
      name: minio
      options:
        minio-url: http://minio:9000
      encryptOptions:
        - name: minio-access-key
          valueFrom:
            secretKeyRef:
              name: minio-secret
              key: minio-access-key
        - name: minio-access-secret
          valueFrom:
            secretKeyRef:
              name: minio-secret
              key: minio-access-secret
---
apiVersion: data.fluid.io/v1alpha1
kind: ThinRuntime
metadata:
  name: minio-demo
spec:
  profileName: minio

Deploy the resources:

$ kubectl create -f dataset.yaml

After a short wait, the Dataset status becomes Bound, indicating the PVC is ready.

6. Access MinIO from an ECI Pod

Pod specification that consumes the Fluid‑created PVC:

apiVersion: v1
kind: Pod
metadata:
  name: test-minio
  labels:
    alibabacloud.com/fluid-sidecar-target: eci
    alibabacloud.com/eci: "true"
spec:
  restartPolicy: Never
  containers:
    - name: app
      image: nginx:latest
      command: ["bash"]
      args:
        - -c
        - "ls -lh /data && cat /data/testfile && sleep 180"
      volumeMounts:
        - mountPath: /data
          name: data-vol
  volumes:
    - name: data-vol
      persistentVolumeClaim:
        claimName: minio-demo

Create the pod and view the logs:

$ kubectl create -f pod.yaml
$ kubectl logs test-minio -c app
# Expected output includes the test file content "fluid-minio-test"

7. Cleanup

$ kubectl delete -f pod.yaml
$ kubectl delete -f dataset.yaml
$ kubectl delete -f profile.yaml
$ kubectl delete -f minio.yaml

Note: The MinIO deployment in this example is for demonstration only. Production use should follow security best practices, such as using strong credentials, TLS, and network policies.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.

Kubernetes Minio hybrid cloud ACK Fluid ECI ThinRuntime

Written by

Alibaba Cloud Native

We publish cloud-native tech news, curate in-depth content, host regular events and live streams, and share Alibaba product and user case studies. Join us to explore and share the cloud-native insights you need.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.