Configure Azure NetApp SMB Files volumes for Azure Kubernetes Service - Azure Kubernetes Service (2023)

After youConfigure Azure NetApp Files for Azure Kubernetes Service, you can configure Azure NetApp Archive volumes for Azure Kubernetes Service.

Volumes used by Azure NetApp Files supportnetwork file system(NFSv3 or NFSv4.1), SMBydouble agreement(NFSv3 and SMB, or NFSv4.1 and SMB).

• This article describes the details of statically or dynamically provisioning SMB volumes.
• For information on statically or dynamically configuring NFS volumes , seeServe Azure NetApp Files NFS volumes to Azure Kubernetes Service.
• For information on statically configuring dual-protocol volumes , seeConfigure Azure NetApp Dual Protocol Volume Files for Azure Kubernetes Service

Static configuration for applications using SMB volumes

This section describes how to create an SMB volume in NetApp Azure Archives and statically expose the volume to Kubernetes for use by containerized applications.

Create SMB volumes

1. Set variables for future use. replacemy resource group,my position,my account name,However 1,High quality,my file path,size,mivolname, yvirtual networkProvide the appropriate value for your environment. File paths must be unique across all ANF accounts.

   RESOURCE_GROUP="myresourcegroup"LOCATION="mylocation"ANF_ACCOUNT_NAME="myaccountname"POOL_NAME="mypool1"SERVICE_LEVEL="premium" “子网 ID ="anfSubnetId"

2. Create a volume using itaz netappfiles volumen creardepartment.

   az netappfiles volume create \ --resource-group $RESOURCE_GROUP \ --location $LOCATION \ --account-name $ANF_ACCOUNT_NAME \ --pool-name $POOL_NAME \ --name "$VOLUME_NAME" \ --service-level $SERVICE_LEVEL \ --vnet $VNET_ID \ --subnet $SUBNET_ID \ --usage limit $VOLUME_SIZE_GIB \ --file path $UNIQUE_FILE_PATH \ --CIFS 协议类型

Create a secret using domain credentials

1. Create a secret in the AKS cluster to use it to access the Active Directory (AD) serverkubectl create secretdepartment. The Kubernetes Persistent Volume will use this secret to access the Azure NetApp Files SMB volume. Generate a secret using the following command, replacingusernameUsing your username,passwordwith your password anddomain nameUse your ad domain name.

   kubectl generate secret smbcreds --from-literal=username=USERNAME --from-literal=password="PASSWORD" --from-literal=domain='DOMAIN_NAME'

2. Make sure a secret has been created.

   kubectl get secret NAME TYPE DATA AGE smbcreds Opaque 2 20 小时

Install the CSI SMB driver

You must install the Container Storage Interface (CSI) driver to create a Kubernetes SMBPersistentVolumePersistentVolume.

1. Install the SMB CSI driver on the cluster using the steering wheel. must be setwindows.enabledchoosereal:

   heel repo agregar csi-driver-smb https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts csi-driver-smb 安装 helm csi-driver-smb/csi-driver-smb - -namespace kube-system --version v1.10.0 --set windows.enabled=true

   For other methods of installing the SMB CSI driver , seeInstall a major version of the SMB CSI driver on a Kubernetes cluster.

2. verifycsi-smbThe controller module runs, and each worker node has akubectl get podsdepartment:

   kubectl get pods -n kube-system | grep csi-smbcsi-smb-controller-68df7b4758-xf2m9 3/3 running 0 3m46scsi-smb-node-s6clj 3/3 running 0 3m47scsi-smb-node-win-tfxvk 403 running 703

create persistent volume

1. Enter your volume details usingvolume show az netappfiles.If not set in the previous step, replace the variable with the appropriate value for your Azure NetApp Files account and environment.

   az netappfiles volumen show \ --resource-group $RESOURCE_GROUP \ --account-name $ANF_ACCOUNT_NAME \ --pool-name $POOL_NAME \ --volume-name "$VOLUME_NAME -o JSON

   The following output is an example of the above command run with actual values.

   { ... "creationToken": "myvolname", ... "mountTargets": [ { ... " "smbServerFqdn": "ANF-1be3.contoso.com", ... } ], ...}

2. Create a file namedpv-smb.yamland copy the following YAML. replace if necessarymivolnameandcreate tokenand replaceANF-1be3.contoso.com\myvolnameby its valuesmbServerFqdnfrom the previous step. Be sure to include the AD Credentials secret and the namespace where the secret you created in the previous step resides.

   apiVersion: v1kind: PersistentVolumemetadata: Name: anf-pv-smbspec: storageClassName: "" Capacity: Storage: 100Gi Access Mode: -ReadWriteMany persistentVolumeReclaimPolicy: Reserved mountOptions: -dir_mode file: -dir_mode=07507: -dir_mode=07507. .csi.k8s.io readOnly: false volumeHandle: myvolname # Make sure it is a unique name in the cluster

3. Create a persistent volume usingapply kubectldepartment:

   See Also

   VMware Application Volume Database Best Practices | Virtual Machine SoftwareHigh Volume Read Design in SalesforceAuthenticating with Azure AD for accessConfigure Azure NetApp NFS file volumes for Azure Kubernetes Service - Azure Kubernetes Service

   kubectl apply -f pv-smb.yaml

4. Make sure the persistent volume status isusableuse itkubectl descriptiondepartment:

   kubectl describe pv pv-smb

Create a persistent volume claim

1. create filenamepvc-smb.yamland copy the following YAML.

   apiVersion: v1kind: PersistentVolumeClaimmetdada: nombre: anf-pvc-smbspec: accessModes: - ReadWriteMany volumeName: anf-pv-smb storageClassName: "" repetitions: solicitudes: armación: 100Gi

2. useapply kubectldepartment:

   kubectl apply -f pvc-smb.yaml

   Confirm that the persistent volume claim status istied upuse itkubectl descriptiondepartment:

   kubectl describe pvc pvc-smb

walk with a suitcase

1. Create a file namediis-smb.yamland copy the following YAML. This file will be used to create the Internet Information Services information group to mount the volume to this path/inetpub/wwwroot.

   apiVersion: v1kind: Pod metadata: name: iis-pod-label: application: webspec: nodeSelector: "kubernetes.io/os": windows volume: - name: smb persistentVolumeClaim: ClaimName: anf-pvc-smb container: - Name: web Image: mcr.microsoft.com/windows/servercore/iis:windowsservercore Resources: Limits: cpu: 1 Memory: 800M Ports: - containerPort: 80 volumeMounts: - Name: smb mountPath: "/inetpub/wwwroot" readOnly : false

2. Use it to create podsapply kubectldepartment:

   kubectl apply -f iis-smb.yaml

3. Check the capsules forrunningyes/inetpub/wwwrootUsed by SMBkubectl descriptiondepartment:

   kubectl describe pod iis-pod

   The output of the command is similar to the following example:

   Name: iis-podNamespace: defaultPriority: 0 Node: akswin000001/10.225.5.246 StartTime: Monitor, May 5, 2023 09:34:41 -0400 Tags: app=webAnotaciones:Status: Running IP: 10.225.5.248 IP: IP: 10.225.5.248 Container: web: Container ID: containerd://39a1659b6a2b6db298df630237b2b7d959d1b817506 r Image .microsoft.com/windows/servercore/iis:windowsservercore ID: image: mcr. Microsoft. com/windows/servercore/iis@sha256:0f0114d0f6c6ee569e1494953efdecb76465998df5eba951dc760ac5812c7409 port: 80 /TCP host port: 0 Ru20 May 3 start port: 0 /TCP205 4:55 -0400 ready : true total restarts: 0 limits: cpu: 1 memory: 800M request: cpu: 1 memory: 800M environment:Mounts: /inetpub/wwwroot from smb (rw) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-mbnv8 (ro)...

4. Make sure your volume is mounted in the pod usingkubectl executecommand to connect to the pod, then useindexcommand in the correct directory to check that the volume is mounted and the size matches the volume size you provided.

   kubectl exec -it iis-pod -- cmd.exe

   The output of the command is similar to the following example:

   Microsoft Windows [Version 10.0.20348.1668] (c) Microsoft Corporation. All rights reserved C:\>cd /inetpub/wwwroot C:\inetpub\wwwroot>dir Volume on drive C is unlabeled. Volume serial number is 86BB-AA55 Directory C:\inetpub\wwwroot05/04/2023 08:15 PM.04/05/2023 at 8:15 pm.. 0 files 0 bytes 2 directories 107,373,838,336 free bytes

Dynamic configuration of applications using SMB volumes

This section describes how to use Astra Trident to dynamically create and automatically mount SMB volumes in Azure NetApp Archive to containerized Windows applications.

Install Astra Trident

To provision SMB volumes dynamically, you must have Astra Trident 22.10 or later installed. Dynamic provisioning of SMB volumes requires Windows worker nodes.

Astra Trident is NetApp's stack provider designed specifically for Kubernetes. Simplify storage consumption for Kubernetes applications using Astra Trident industry standardContainer Storage Interface (CSI)guide. Astra Trident is deployed as a Pod on a Kubernetes cluster and provides heap orchestration services for Kubernetes workloads.

Trident can be installed using the Trident Operator (manually or usingrudder) thistrident.For more information on these installation methods and how they work, see theinstallation guide.

Install Astra Trident using Helm

rudderIt must be installed on your workstation to install Astra Trident using this method. For other Astra Trident installation methods, seeAstra Trident Installation Guide.If you have Windows worker nodes in your cluster, be sure to activate Windows using any installation method.

1. To install Astra Trident using Helm for a cluster with Windows worker nodes, run the following command:

   helm repo aggregate netapp-trident https://netapp.github.io/trident-helm-charthelm install trident netapp-trident/trident-operator --version 23.04.0 --create-namespace --namespace trident --set windows = verdadero

   The output of the command is similar to the following example:

   See Also

   Azure VMware Solution for Azure NetApp Files Data Warehouse Performance

   Name: trident Last Developed: Fri May 05 14:23:05 2023 Namespace: trident Status: Development Revision: 1 Test Suite: None Note: Thank you for installing trident-operator, which deploys and manages NetApp C's Storage provider Trident Kubernetes. Its version is called "triaina" and is installed in the "triaina" namespace. Note that there should only be one Trident instance (and trident operator) in a Kubernetes cluster. To configure Trident to manage storage resources, you need a copy of tridentctl, which is available in prepackaged versions of Trident. All Trident releases and source code can be found online at https://github.com/NetApp/trident. For more traffic information try: $ rudder status trident $ rudder get all tridents

2. To confirm that Astra Trident has been installed successfully, do the followingkubectl descriptiondepartment:

   kubectl describe torc trident

   The output of the command is similar to the following example:

   Name: tridentNamespace: Label: app.kubernetes.io/managed-by=HelmAnnotations: meta.helm.sh/release-name: trident meta.helm.sh/release-namespace: tridentAPI Version: trident.netapp.io/v1Kind: TridentOrchestratorMetadata: ... specs: IPv6: false autosupport image: docker.io/netapp/trident-autosupport:23.04 autosupport server:Disable audit logging: true Enable force logout: false Http request timeout: 90 seconds Image pull policy: IfNotPresent k8sTimeout: 0 Kubelet director:Record Format: Text Record Level:Registration workflow:Namespace: trident Probe Port: 17546 Silence Auto Support: false Trident Image: docker.io/netapp/trident:23.04.0 Windows: trueStatus: Current Installation Parameters: IPv6: false Auto Support Hostname: Image Auto Support: docker.io/ netapp/trident-autosupport:23.04 Auto Proxy Support: Auto Support Serial Number: Debug: False Disable Audit Logging: True Enable Force Disconnect: False Http Request Timeout: 90 Pull Policy Image Extract Secrets: IfNotPresent Image Extract Secrets: Image Log :k8sTimeout: Directed: /var/lib/kubelet Log Format: Text Log Level: Log Level: Info Logging Workflow: Probe Port: 17546 Silent AutoSupport: false Trident Image: docker.io/netapp/trident: 23.04.0 Message: Installed Trident namespace: trident state: installed version: v23.04.0 event: type reason message age ---- --- --- ---- - --- ------ - normal install 74s trident -operator.netapp.io Trident normal installation 46s trident-operator.netapp.io install Trident

Create the back

A backend needs to be created to tell Astra Trident about the Azure NetApp Files subscription and where it needs to create the volume. For more information on backends, seeAzure NetApp Files backend configuration options and examples.

1. Create a file namedbackend-secret-smb.yamland copy the following YAML. Changecustomer identificationyesclient secretAt a price that fits your environment.

   apiVersion: v1kind: Secretmetadata: nombre: backend-tbc-anf-secrettype: OpaquestringData: clientID: abcde356-bf8e-fake-c111-abcde35613aa clientSecret: rR0rUmWXfNioGiNSAKht

2. Create a file namedbackend-anf-smb.yamland copy the following YAML. Changecustomer identification,client secret,subscription number,quinoline,Place, yService LevelAt a price that fits your environment. hequinoline,customer identification, yclient secretIt can be found by registering an application in Azure Active Directory (AD) with sufficient permissions to Azure NetApp Files. Application registration includes the Azure predefined Owner or Partner roles. An Azure site must contain at least one authorized subnet. heService Levelmust matchService LevelFor the capacity group set toConfigure Azure NetApp Files for AKS workloads.

   apiVersion: trident.netapp.io/v1kind: TridentBackendConfig metadata: name: backend-tbc-anf-smbspec: version: 1 storageDriverName: azure-netapp-files id. Subscription ID: 12abc678-4774-fake-a1b2-a7abcde39312 Tenant: a7abcde3-edc1-fake-b111-a7abcde356cf Location: eastus Service Level: Advanced Credentials: Name: backend-tbc-anf-secret nasType: smb

3. Use this to create secrets and backendsapply kubectldepartment.

   Create a secret:

   kubectl apply -f backend-secret.yaml -n trident

   The output of the command is similar to the following example:

   secrets/backend-tbc-anf-secret creado

   Create the backend:

   kubectl apply -f backend-anf.yaml -n trident

   The output of the command is similar to the following example:

   Created tridentbackendconfig.trident.netapp.io/backend-tbc-anf

4. Make sure the backend is built by running:

   kubectl obtener tridentbackends -n trident

   The output of the command is similar to the following example:

   name backend backend UUIDtbe-9shfq backend-tbc-anf-smb 09cc2d43-8197-475f-8356-da7707bae203

Create a secret using domain credentials for SMB

1. Create a secret in the AKS cluster to use it to access the AD serverkubectl create secretdepartment. Kubernetes Persistent Volumes will use this information to access Azure NetApp Files SMB volumes. Use the following command, replacingdomain name\usernameUse your domain name and username andpassworduse your password

   kubectl generate secret smbcreds --from-literal=username=DOMAIN_NAME\USERNAME --from-literal=password="PASSWORD"

2. Make sure a secret has been created.

   kubectl get secret

   The output is similar to the following example:

   Name Type Data Age Desmbcreds Opaque 2 2h

Create a storage class

Storage classes are used to define how persistent volume storage units are dynamically created. To use volumes in Azure NetApp Files, a storage class must be created.

1. Create a file namedanf-storageclass-smb.yamland copy the following YAML.

   apiVersion：storage.k8s.io/v1kind：StorageClass 元数据：nombre：anf-sc-smbprovisioner：csi.trident.netapp.ioallowVolumeExpansion：trueparameters：backendType：“azure-netapp-files”trident.netapp.io：“smbT”csi . storage.k8s.io/node-stage-secret-name: "smbcreds" csi.storage.k8s.io/node-stage-secret-namespace: "predeterminado"

2. Create a storage class usingapply kubectldepartment:

   kubectl apply -f anf-storageclass-smb.yaml

   The output of the command is similar to the following example:

   Created storage class /anf-sc-smb

3. runkubectl I seeCommand to view storage class status:

   kubectl get sc anf-sc-smbNAME PROVISIONER RECLAIMPOLICY VOLUME BINDINGMODE ALLOWVOLUMEEXPANSION AGeanf-sc-smb csi.trident.netapp.io Διαγραφή Immediately true 13s

Create PVCs

A Persistent Volume Claim (PVC) is a user request for storage. Once the persistent volume claim is created, Astra Trident automatically creates an SMB file Azure NetApp share and makes it available to Kubernetes workloads.

1. Create a file namedanf-pvc-smb.yamland copy the following YAML. In this example, a 100 GiB volume is createdLeer Escribir Muchos ReadAccess and use created storage classesCreate a storage class.

   Type: PersistentVolumeClaimapiVersion: v1metadata: Name: anf-pvc-smbspec: accessModes: -ReadWriteMany Resource: Request: Storage: 100Gi storageClassName: anf-sc-smb

2. Create a persistent volume claim using the following commandapply kubectldepartment:

   kubectl apply -f anf-pvc-smb.yaml

   The output of the command is similar to the following example:

   persistentevolumeclaim/anf-pvc-smb creado

3. To view information about persistent volume recovery, run thiskubectl I seedepartment:

   kubectl get pvc

   The output of the command is similar to the following example:

   Name Status Capacity Capacity Access Method Storage Class Old Anf-pvc-smb Reserved pvc-209268f5-c175-4a23-b61b-e34faf5b6239 100Gi RWX anf-sc-8smb 5m

4. To view the persistent volumes created by Astra Trident, run the following commandkubectl I seedepartment:

   kubectl get pvNAME access state capacity retrieval policy state statement storage class reason AGEpvc-209268f5-c175-4a23-b61b-e34faf5b6239 100Gi RWX Limit-pvc Delete-mbc-Delete-mbs. 2 seconds

use persistent volume

After the PVC is created, a pod can be activated to access the Azure NetApp Files volume. The following statement can be used to define an Internet Information Services (IIS) information group to mount the Azure NetApp Files SMB share created in the previous step. In this example, the volume is attached/inetpub/wwwroot.

1. Create a file namedanf-ice-pod.yamland copy the following YAML:

   apiVersion: v1kind: Pod metadata: name: iis-pod-label: application: webspec: nodeSelector: "kubernetes.io/os": windows volume: - name: smb persistentVolumeClaim: ClaimName: anf-pvc-smb container: - Name: web Image: mcr.microsoft.com/windows/servercore/iis:windowsservercore Resources: Limits: cpu: 1 Memory: 800M Ports: - containerPort: 80 volumeMounts: - Name: smb mountPath: "/inetpub/wwwroot" readOnly : false

2. useapply kubectldepartment:

   kubectl apply -f anf-iis-deploy-pod.yaml

   The output of the command is similar to the following example:

   pod/iis-pod created

   Make sure the pod is running and mounted via SMB to/inetpub/wwwrootuse itkubectl descriptiondepartment:

   kubectl describe pod iis-pod

   The output of the command is similar to the following example:

   Name: iis-podNamespace: defaultPriority: 0Node: akswin000001/10.225.5.246StartTime: View, May 5, 2023 15:16:36 -0400 Label: app=web Comments:Status: Running IP: 10.225.5.252IP: IP: 10.225.5.252Container: web: Container ID: containerd://1e4959f2b49e7ad842b0ec774488a6142ac9157baed343800000000000. cro soft.com/windows/servercore/iis:windowsservercore Image ID: mcr. microsoft.com/windows/servercore/ iis@sha256:0f0114d0f6c6ee569e1494953efdecb76465998df5eba951dc760ac5812c7409 port: 80 /TCP host port: 0, running 2050, running 05 state: running 205::44-0400 Ready: True C rowd Restart: 0 Limit: cpu: 1 Memory: 800M Request: cpu: 1 Memory: 800M Environment:Mount: /inetpub/wwwroot from smb (rw) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-zznzs (ro)

3. Make sure your volume is mounted in the pod usingkubectl executeattached to the capsule. then use itindexcommand in the correct directory to check that the volume is mounted and the size matches the volume size you provided.

   kubectl exec -it iis-pod -- cmd.exe

   The output of the command is similar to the following example:

   Microsoft Windows [Version 10.0.20348.1668] (c) Microsoft Corporation. All rights reserved C:\>cd /inetpub/wwwroot C:\inetpub\wwwroot>dir Volume on drive C is unlabeled. Volume serial number is 86BB-AA55 Directory C:\inetpub\wwwroot05/05/2023 01:38 AM.05/05/2023 01:38 AM.. 0 file 0 bytes 2 address 107,373,862,912 free bytes C:\inetpub\wwwroot>out

Next step

Astra Trident supports many features of NetApp Azure Files. For more information, see:

• volume expansion
• On-Demand Volume Snapshots
• intake