Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. When using CSI, Azure Kubernetes Service (AKS) can write, deploy, and iterate plug-ins to expose new or improve existing storage systems in Kubernetes without having to touch the core Kubernetes code and wait for its release cycles.
The CSI storage driver support on AKS allows you to natively use Azure Disks, Azure Files, or Azure Blob storage as persistent storage for your applications running on AKS.
Tip
If you want a fully managed solution for block-level access to data, consider using Azure Container Storage instead of CSI drivers. Azure Container Storage integrates with Kubernetes, allowing dynamic and automatic provisioning of persistent volumes. Azure Container Storage supports Azure Disks, Ephemeral Disks, and Azure Elastic SAN (preview) as backing storage, offering flexibility and scalability for stateful applications running on Kubernetes clusters.
Important
Starting with Kubernetes version 1.26, in-tree persistent volume types kubernetes.io/azure-disk and kubernetes.io/azure-file are deprecated and will no longer be supported. In-tree drivers refer to the storage drivers that are part of the core Kubernetes code opposed to the CSI drivers, which are plug-ins.
Removing these drivers following their deprecation isn't planned, however you should migrate to the corresponding CSI drivers disk.csi.azure.com and file.csi.azure.com. To review the migration options for your storage classes and upgrade your cluster to use Azure Disks and Azure Files CSI drivers, see Migrate from in-tree to CSI drivers.
If you created in-tree driver storage classes, those storage classes continue to work since CSI migration is turned on after upgrading your cluster to 1.21.x. If you want to use CSI features, you need to perform the migration.
About Azure Disks CSI driver
The Azure Disks CSI driver is a CSI specification-compliant driver used by AKS to manage the lifecycle of Azure Disk resources. With the Azure Disks CSI driver, you can create a Kubernetes DataDisk resource. Disks can use Azure Premium Storage, backed by high-performance SSDs, or Azure Standard Storage, backed by regular HDDs or Standard SSDs. For most production and development workloads, use Premium Storage. Azure Disks are mounted as ReadWriteOnce and are only available to one node in AKS. For storage volumes that can be accessed by multiple nodes simultaneously, use Azure Files.
Features of Azure Disks CSI driver
In addition to in-tree driver features, Azure Disk CSI driver supports the following features:
- Performance improvements during concurrent disk attach and detach operations.
- In-tree drivers attach or detach disks in serial, while CSI drivers attach or detach disks in batch. There's significant improvement when there are multiple disks attaching to one node.
- Premium SSD v1 and v2.
PremiumV2_LRSonly supportsNonecaching mode.
- Zone-redundant storage (ZRS) disk support.
Premium_ZRS,StandardSSD_ZRSdisk types are supported. ZRS disk could be scheduled on the zone or nonzone node, without the restriction that disk volume should be colocated in the same zone as a given node. For more information, including which regions are supported, see Zone-redundant storage for managed disks.
- Create snapshots of persistent volumes.
- Create volume clones.
- Resize persistent volumes without downtime.
Note
Depending on the virtual machine (VM) SKU you're using, the Azure Disk CSI driver might have a per-node volume limit. For some powerful VMs (for example, 16 cores), the limit is 64 volumes per node. To identify the limit per VM SKU, review the Max data disks column for each VM SKU offered. For a list of VM SKUs offered and their corresponding detailed capacity limits, see General purpose virtual machine sizes.
About Azure Files CSI driver
The Azure Files CSI driver is a CSI specification-compliant driver used by AKS to manage the lifecycle of Azure file shares. With the Azure Files CSI driver, you can mount an SMB 3.0/3.1 share backed by an Azure storage account to pods. With Azure Files, you can share data across multiple nodes and pods. Azure Files can use Azure Standard storage backed by regular HDDs or Azure Premium storage backed by high-performance SSDs.
About Azure Blob storage CSI driver
The Azure Blob storage CSI driver is a CSI specification-compliant driver used by AKS to manage the lifecycle of Azure Blob storage. With the Azure Blob storage CSI driver, you can mount blob storage (or object storage) as a file system into a container or pod. Using blob storage enables your cluster to support applications that work with large unstructured datasets like log file data, images or documents, HPC, and others. Additionally, if you ingest data into Azure Data Lake storage, you can directly mount and use it in AKS without configuring another interim filesystem.
When you mount Azure Blob storage as a filesystem into a container or pod, it enables you to use blob storage with multiple applications that work massive amounts of unstructured data, such as:
- Log file data
- Images, documents, and streaming video or audio
- Disaster recovery data
Applications can access data on the object storage using BlobFuse or Network File System (NFS) 3.0 protocol. Before the introduction of the Azure Blob storage CSI driver, the only option was to manually install an unsupported driver to access blob storage from your application running on AKS.
Features of Azure Blob storage CSI driver
- Two built-in storage classes: azureblob-fuse-premium_ and azureblob-nfs-premium.
- BlobFuse and Network File System (NFS) version 3.0 protocol.
Prerequisites
- You need the Azure CLI version 2.42 or later installed and configured. Find the version using the
az --versioncommand. To install or upgrade, see Install Azure CLI. - If the open-source CSI storage driver is installed on your cluster, uninstall it before enabling the Azure storage CSI driver.
Follow the steps here if you previously installed the CSI Blob storage open-source driver to access Azure Blob storage from your cluster.
Note
If blobfuse-proxy isn't enabled during the installation of the open-source driver, the uninstallation of the open-source driver disrupts existing blobfuse mounts. However, NFS mounts remain unaffected.
- To enforce the Azure Policy for AKS policy definition Kubernetes clusters should use Container Storage Interface (CSI) driver
StorageClass, you need to enable the Azure Policy add-on on your cluster. To enable on an existing cluster, see Learn Azure Policy for Kubernetes.
Disk encryption supported scenarios
CSI storage drivers support the following scenarios:
- Encrypted managed disks with customer-managed keys using Azure key vaults stored in a different Microsoft Entra tenant.
- Encrypt your Azure Storage disks hosting AKS operating system (OS) and application data with customer-managed keys.
Enable Azure Disks CSI storage driver on an existing AKS cluster
Enable the Azure Disks CSI driver on an existing cluster using the [
az aks update][az-aks-update] command with the--enable-disk-driverparameter. The following example enables the Azure Disks CSI driver on an existing cluster named myAKSCluster in the resource group myResourceGroup:Note
You can enable the snapshot controller at the same time as the Azure Disks CSI driver, which allows you to create snapshots of your persistent volumes. To enable the snapshot controller, include the
--enable-snapshot-controllerparameter in the command.az aks update --name myAKSCluster --resource-group myResourceGroup --enable-disk-driverIt takes a few minutes to enable the Azure Disks CSI driver. After the command is completed, you can verify that the driver is enabled by checking that
blobCsiDriveris set totruein the output. For example:"storageProfile": { "blobCsiDriver": { "enabled": true },
Enable Azure Files CSI storage driver on an existing AKS cluster
Enable the Azure Files CSI driver on an existing cluster using the [
az aks update][az-aks-update] command with the--enable-file-driverparameter. The following example enables the Azure Files CSI driver on an existing cluster named myAKSCluster in the resource group myResourceGroup:Note
You can enable the snapshot controller at the same time as the Azure Files CSI driver, which allows you to create snapshots of your persistent volumes. To enable the snapshot controller, include the
--enable-snapshot-controllerparameter in the command.az aks update --name myAKSCluster --resource-group myResourceGroup --enable-file-driverIt takes a few minutes to enable the Azure Files CSI driver. After the command is completed, you can verify that the driver is enabled by checking that
fileCsiDriveris set totruein the output. For example:"storageProfile": { "fileCsiDriver": { "enabled": true },
Enable Azure Blob storage CSI storage driver on an existing AKS cluster
Enable the Azure Blob storage CSI driver on an existing cluster using the [
az aks update][az-aks-update] command with the--enable-blob-driverparameter. The following example enables the Azure Blob storage CSI driver on an existing cluster named myAKSCluster in the resource group myResourceGroup:Note
You can enable the snapshot controller at the same time as the Azure Blob storage CSI driver, which allows you to create snapshots of your persistent volumes. To enable the snapshot controller, include the
--enable-snapshot-controllerparameter in the command.az aks update --name myAKSCluster --resource-group myResourceGroup --enable-blob-driverIt takes a few minutes to enable the Azure Blob storage CSI driver. After the command is completed, you can verify that the driver is enabled by checking that
blobCsiDriveris set totruein the output. For example:"storageProfile": { "blobCsiDriver": { "enabled": true },
Disable Azure Disks CSI storage driver on an existing AKS cluster
Disable the Azure Disks CSI driver on an existing cluster using the [
az aks update][az-aks-update] command with the--disable-disk-driverparameter. The following example disables the Azure Disks CSI driver on an existing cluster named myAKSCluster in the resource group myResourceGroup:Note
You can disable the snapshot controller by including the
--disable-snapshot-controllerparameter in the command.az aks update --name myAKSCluster --resource-group myResourceGroup --disable-disk-driver
Disable Azure Files CSI storage driver on an existing AKS cluster
Disable the Azure Files CSI driver on an existing cluster using the [
az aks update][az-aks-update] command with the--disable-file-driverparameter. The following example disables the Azure Files CSI driver on an existing cluster named myAKSCluster in the resource group myResourceGroup:Note
You can disable the snapshot controller by including the
--disable-snapshot-controllerparameter in the command.az aks update --name myAKSCluster --resource-group myResourceGroup --disable-file-driver
Disable Azure Blob storage CSI storage driver on an existing AKS cluster
Disable the Azure Blob storage CSI driver on an existing cluster using the [
az aks update][az-aks-update] command with the--disable-blob-driverparameter. The following example disables the Azure Blob storage CSI driver on an existing cluster named myAKSCluster in the resource group myResourceGroup:Note
You can disable the snapshot controller by including the
--disable-snapshot-controllerparameter in the command.az aks update --name myAKSCluster --resource-group myResourceGroup --disable-blob-driver
Note
We recommend deleting the corresponding PersistentVolumeClaim object instead of the PersistentVolume object when deleting a CSI volume. The external provisioner in the CSI driver reacts to the deletion of the PersistentVolumeClaim. Based on the PVC reclamation policy, the provisioner issues the DeleteVolume call against the CSI volume driver commands to delete the volume. The PersistentVolume object is then deleted.