From 939a021ab359277f9384f91a442c7fba05d2b56b Mon Sep 17 00:00:00 2001 From: Martin Danielsson Date: Tue, 3 Apr 2018 16:11:36 +0200 Subject: [PATCH] Added azureFile mounting via PV/PVC, elaborated documentation slightly --- staging/volumes/azure_file/README.md | 36 ++++++++++++++++++++--- staging/volumes/azure_file/azure-2.yaml | 15 ++++++++++ staging/volumes/azure_file/azure-pv.yaml | 21 +++++++++++++ staging/volumes/azure_file/azure-pvc.yaml | 18 ++++++++++++ 4 files changed, 86 insertions(+), 4 deletions(-) create mode 100644 staging/volumes/azure_file/azure-2.yaml create mode 100644 staging/volumes/azure_file/azure-pv.yaml create mode 100644 staging/volumes/azure_file/azure-pvc.yaml diff --git a/staging/volumes/azure_file/README.md b/staging/volumes/azure_file/README.md index 165a58166..33ddd620a 100644 --- a/staging/volumes/azure_file/README.md +++ b/staging/volumes/azure_file/README.md @@ -6,15 +6,32 @@ Install *cifs-utils* on the Kubernetes host. For example, on Fedora based Linux Note, as explained in [Azure File Storage for Linux](https://azure.microsoft.com/en-us/documentation/articles/storage-how-to-use-files-linux/), the Linux hosts and the file share must be in the same Azure region. -Obtain an Microsoft Azure storage account and create a [secret](secret/azure-secret.yaml) that contains the base64 encoded Azure Storage account name and key. In the secret file, base64-encode Azure Storage account name and pair it with name *azurestorageaccountname*, and base64-encode Azure Storage access key and pair it with name *azurestorageaccountkey*. +## Create a storage access secret + +Obtain an Microsoft Azure storage account and create a [secret](secret/azure-secret.yaml) that contains the base64 encoded Azure Storage account name and key. In the secret file, base64-encode Azure Storage account name and pair it with name `azurestorageaccountname`, and base64-encode Azure Storage access key and pair it with name `azurestorageaccountkey`. + +Alternatively, use `kubectl` directly to create the secret: + +```console +# kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=<...> --from-literal=azurestorageaccountkey=<...> +``` + +Based on the storage account name, and using the [`az` command line](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest), you can also extract the storage account key using the following command line, given that you are logged in using `az login` with a service principal which has access to the service account: + +```console +# export STORAGE_ACCOUNT_KEY=$(az storage account keys list -n -g --query='[0].value' | tr -d '"') +``` + +## Pod creation Then create a Pod using the volume spec based on [azure](azure.yaml). In the pod, you need to provide the following information: -- *secretName*: the name of the secret that contains both Azure storage account name and key. -- *shareName*: The share name to be used. -- *readOnly*: Whether the filesystem is used as readOnly. +- `secretName`: the name of the secret that contains both Azure storage account name and key. +- `shareName`: The share name to be used. +- `readOnly`: Whether the filesystem is used as readOnly. +- `secretNamespace`: (optional) The namespace in which the secret was created; `default` is used if not set Create the secret: @@ -24,12 +41,23 @@ Create the secret: You should see the account name and key from `kubectl get secret` +### Mount volume directly in Pod + Then create the Pod: ```console # kubectl create -f examples/volumes/azure_file/azure.yaml ``` +### Mount volume via `pv` and `pvc` + +The same mechanism can also be used to mount the Azure File Storage using a Persistent Volume and a Persistent Volume Claim: + +* [Persistent Volume using `azureFile`](azure-pv.yaml) +* [Persistent Volume Claim matching the Volume](azure-pvc.yaml) + +Correspondingly, you then mount the volume inside pods using the normal `persistentVolumeClaim` reference. This mechanism is used in the sample pod YAML [azure-2.yaml](azure-2.yaml). + [![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/examples/volumes/azure_file/README.md?pixel)]() diff --git a/staging/volumes/azure_file/azure-2.yaml b/staging/volumes/azure_file/azure-2.yaml new file mode 100644 index 000000000..c821c3124 --- /dev/null +++ b/staging/volumes/azure_file/azure-2.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: azure-2 +spec: + containers: + - image: kubernetes/pause + name: azure-2 + volumeMounts: + - name: azure + mountPath: /mnt/azure + volumes: + - name: azure + persistentVolumeClaim: + claimName: storage-sample diff --git a/staging/volumes/azure_file/azure-pv.yaml b/staging/volumes/azure_file/azure-pv.yaml new file mode 100644 index 000000000..3b78c45c2 --- /dev/null +++ b/staging/volumes/azure_file/azure-pv.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: sample-storage + # The label is used for matching the exact claim + labels: + usage: sample-storage +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteMany + persistentVolumeReclaimPolicy: Retain + azureFile: + # Replace with your secret name + secretName: azure-secret + # Replace with correct storage share name + shareName: k8stest + # In case the secret is stored in a different namespace + #shareNamespace: default + readOnly: false diff --git a/staging/volumes/azure_file/azure-pvc.yaml b/staging/volumes/azure_file/azure-pvc.yaml new file mode 100644 index 000000000..f987d1fe2 --- /dev/null +++ b/staging/volumes/azure_file/azure-pvc.yaml @@ -0,0 +1,18 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: storage-sample + # Set this annotation to NOT let Kubernetes automatically create + # a persistent volume for this volume claim. + annotations: + volume.beta.kubernetes.io/storage-class: "" +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 10Gi + selector: + # To make sure we match the claim with the exact volume, match the label + matchLabels: + usage: storage-sample