AKS: Persistent Volume with existing Storage Account

In order to deploy a Persistent Volume in your AKS cluster using an existing Storage Account you should take the following steps:

  1. Create a Storage Class with a reference to the Storage Account.
  2. Create a Secret with the credentials used to access the Storage Account.
  3. Create a Persistent Volume with a reference to the Storage Class, the secret and the File Share.
  4. Create a Persistent Volume Claim with a reference to the volume by name.

Use the following yaml as a template for the resources described above. Save the contents as aks-existing-storage-account-pv.yaml:

 1---
 2# Create a StorageClass object pointing to the existing Storage Account
 3# Remember: that the Storage account must be in the same Resource Group where the AKS cluster is deployed
 4kind: StorageClass
 5apiVersion: storage.k8s.io/v1
 6metadata:
 7  name: azurefile
 8provisioner: kubernetes.io/azure-file
 9mountOptions:
10  - dir_mode=0777
11  - file_mode=0777
12parameters:
13  storageAccount: <storage account name>
14  location: <storage account location>
15
16---
17# Create a Secret to hold the name and key of the Storage Account
18# Remember: values are base64 encoded
19apiVersion: v1
20kind: Secret
21metadata:
22  name: azurefile-secret
23type: Opaque
24data:
25  azurestorageaccountname: <base64 encoded storage account name>
26  azurestorageaccountkey: <base64 encoded storage account key>
27
28---
29# Create a persistent volume, with the corresponding StorageClass and the reference to the Azure File secret.
30# Remember: Create the share in the storage account otherwise the pods will fail with a "No such file or directory"
31apiVersion: v1
32kind: PersistentVolume
33metadata:
34  name: nginx-pv
35spec:
36  capacity:
37    storage: 5Gi
38  accessModes:
39  - ReadWriteOnce
40  storageClassName: azurefile
41  azureFile:
42    secretName: azurefile-secret
43    shareName: <Share Name (must already exist in the storage account)>
44    readOnly: false
45  mountOptions:
46  - dir_mode=0777
47  - file_mode=0777
48  - uid=1000
49  - gid=1000
50
51---
52# Create a PersistentVolumeClaim referencing the StorageClass and the volume
53# Remember: this is a static scenario. The volume was created in the previous step.
54apiVersion: v1
55kind: PersistentVolumeClaim
56metadata:
57  name: nginx-pvc
58spec:
59  accessModes:
60    - ReadWriteOnce  
61  resources:
62    requests:
63      storage: 5Gi
64  storageClassName: azurefile
65  volumeName: nginx-pv

Deploy to your cluster and verify that the Private Volume Claim status is Bound:

1kubectl apply -f aks-existing-storage-account-pv.yaml
2kubectl get pvc

Result should show something like:

1NAME                              STATUS    VOLUME                      CAPACITY   ACCESS MODES   STORAGECLASS   AGE
2nginx-pvc                         Bound     nginx-pv                    5Gi        RWO            azurefile      ...

That’s it! now you can mount a volume in a container with a reference to the Private Volume Claim as in the following deployment:

 1---
 2# Deploy an nginx mounting a volume and referencing the persisten volume claim
 3# Remember: using pvc decouples your deployment from the volume implementations
 4apiVersion: extensions/v1beta1
 5kind: Deployment
 6metadata:
 7  name: nginx
 8spec:  
 9  template:
10    metadata:
11      labels:
12        app: nginx-storage
13    spec:
14      containers:
15      - name: nginx-pod
16        image: nginx:1.15.5
17        resources:
18          requests:
19            cpu: 100m
20            memory: 128Mi
21          limits:
22            cpu: 250m
23            memory: 256Mi
24        volumeMounts:
25        - mountPath: "/mnt/azure"
26          name: volume
27      volumes:
28        - name: volume
29          persistentVolumeClaim:
30            claimName: nginx-pvc

Hope it helps.

Please download all code and files here .


Meetup MadridDotNet - El estado del ecosistema del desarrollador por @cmendibl3
AKS & Application Gateway: Expose more than one service in an ingress resource
comments powered by Disqus