Manually create and use a volume with Azure Files share in Azure Kubernetes Service (AKS)
Container-based applications often need to access and persist data in an external data volume. If multiple pods need concurrent access to the same storage volume, you can use Azure Files to connect using the Server Message Block (SMB) protocol. This article shows you how to manually create an Azure Files share and attach it to a pod in AKS.
For more information on Kubernetes volumes, see Kubernetes volumes.
Before you begin
You also need the Azure CLI version 2.0.46 or later installed and configured. Run
az --version to find the version. If you need to install or upgrade, see Install Azure CLI.
Create an Azure file share
Before you can use Azure Files as a Kubernetes volume, you must create an Azure Storage account and the file share. The following script creates a resource group named myAKSShare, a storage account, and a Files share named aksshare:
#!/bin/bash # Change these four parameters AKS_PERS_STORAGE_ACCOUNT_NAME=mystorageaccount$RANDOM AKS_PERS_RESOURCE_GROUP=myAKSShare AKS_PERS_LOCATION=eastus AKS_PERS_SHARE_NAME=aksshare # Create the Resource Group az group create --name $AKS_PERS_RESOURCE_GROUP --location $AKS_PERS_LOCATION # Create the storage account az storage account create -n $AKS_PERS_STORAGE_ACCOUNT_NAME -g $AKS_PERS_RESOURCE_GROUP -l $AKS_PERS_LOCATION --sku Standard_LRS # Export the connection string as an environment variable, this is used when creating the Azure file share export AZURE_STORAGE_CONNECTION_STRING=`az storage account show-connection-string -n $AKS_PERS_STORAGE_ACCOUNT_NAME -g $AKS_PERS_RESOURCE_GROUP -o tsv` # Create the file share az storage share create -n $AKS_PERS_SHARE_NAME # Get storage account key STORAGE_KEY=$(az storage account keys list --resource-group $AKS_PERS_RESOURCE_GROUP --account-name $AKS_PERS_STORAGE_ACCOUNT_NAME --query ".value" -o tsv) # Echo storage account name and key echo Storage account name: $AKS_PERS_STORAGE_ACCOUNT_NAME echo Storage account key: $STORAGE_KEY
Make a note of the storage account name and key shown at the end of the script output. These values are needed when you create the Kubernetes volume in one of the following steps.
Create a Kubernetes secret
Kubernetes needs credentials to access the file share created in the previous step. These credentials are stored in a Kubernetes secret, which is referenced when you create a Kubernetes pod.
kubectl create secret command to create the secret. The following example creates a shared named azure-secret and populates the azurestorageaccountname and azurestorageaccountkey from the previous step. To use an existing Azure storage account, provide the account name and key.
kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=$AKS_PERS_STORAGE_ACCOUNT_NAME --from-literal=azurestorageaccountkey=$STORAGE_KEY
Mount the file share as a volume
To mount the Azure Files share into your pod, configure the volume in the container spec. Create a new file named
azure-files-pod.yaml with the following contents. If you changed the name of the Files share or secret name, update the shareName and secretName. If desired, update the
mountPath, which is the path where the Files share is mounted in the pod.
apiVersion: v1 kind: Pod metadata: name: mypod spec: containers: - image: nginx:1.15.5 name: mypod resources: requests: cpu: 100m memory: 128Mi limits: cpu: 250m memory: 256Mi volumeMounts: - name: azure mountPath: /mnt/azure volumes: - name: azure azureFile: secretName: azure-secret shareName: aksshare readOnly: false
kubectl command to create the pod.
kubectl apply -f azure-files-pod.yaml
You now have a running pod with an Azure Files share mounted at /mnt/azure. You can use
kubectl describe pod mypod to verify the share is mounted successfully. The following condensed example output shows the volume mounted in the container:
Containers: mypod: Container ID: docker://86d244cfc7c4822401e88f55fd75217d213aa9c3c6a3df169e76e8e25ed28166 Image: nginx:1.15.5 Image ID: docker-pullable://nginx@sha256:9ad0746d8f2ea6df3a17ba89eca40b48c47066dfab55a75e08e2b70fc80d929e State: Running Started: Mon, 08 Oct 2018 19:28:34 +0000 Ready: True Mounts: /mnt/azure from azure (rw) /var/run/secrets/kubernetes.io/serviceaccount from default-token-z5sd7 (ro) [...] Volumes: azure: Type: AzureFile (an Azure File Service mount on the host and bind mount to the pod) SecretName: azure-secret ShareName: aksshare ReadOnly: false default-token-z5sd7: Type: Secret (a volume populated by a Secret) SecretName: default-token-z5sd7 [...]
For more information about AKS clusters interact with Azure Files, see the Kubernetes plugin for Azure Files.