Edit

Use Container Storage Interface (CSI) file drivers in AKS enabled by Azure Arc

  • Article

> Applies to: AKS on Azure Stack HCI 22H2, AKS on Windows Server, AKS on Azure Stack HCI 23H2

This article describes how to use Container Storage Interface (CSI) drivers for files to mount a Server Message Block (SMB) or NFS shares when multiple nodes need concurrent access to the same storage volume in AKS enabled by Azure Arc.

Overview of CSI in AKS Arc

The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By using CSI, AKS enabled by Arc can write, deploy, and iterate plug-ins to expose new storage systems. Using CSI can also improve existing ones in Kubernetes without having to touch the core Kubernetes code and then wait for its release cycles.

The disk and file CSI drivers used by AKS Arc are CSI specification-compliant drivers.

The CSI storage driver support on AKS Arc allows you to use:

  • AKS Arc disks that you can use to create a Kubernetes DataDisk resource. These are mounted as ReadWriteOnce, so they're only available to a single pod at a time. For storage volumes that can be accessed by multiple pods simultaneously, use AKS Arc files.

  • AKS Arc files that you can use to mount an SMB or NFS share to pods. These are mounted as ReadWriteMany, so you can share data across multiple nodes and pods. They can also be mounted as ReadWriteOnce based on the PVC (persistent volume claim) specification.

Use files persistent volumes using ReadWriteMany CSI drivers

If multiple nodes need concurrent access to the same storage volumes in AKS Arc, you can use CSI drivers for files to mount SMB or NFS shares as ReadWriteMany. You must provision the SMB or NFS shares in advance.

Use SMB drivers

  1. Make sure the SMB driver is deployed. The SMB CSI driver is installed by default when you create a Kubernetes cluster using the Azure portal or the az aksarc create command. If you create a Kubernetes cluster by using --disable-smb-driver, you must enable the SMB driver on this cluster using the az aksarc update command:

    az aksarc update -n $aksclustername -g $resource_group --enable-smb-driver

  1. Create Kubernetes secrets to store the credentials required to access SMB shares by running the following command:

    kubectl create secret generic smbcreds --from-literal username=$username --from-literal password=$password --from-literal domain=$domain

  2. Create a storage class using kubectl to create a new SMB storage class with the following manifest:

    apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: smb-csi
provisioner: smb.csi.akshci.com
parameters:
   source: \\smb-server\share
   csi.storage.k8s.io/node-stage-secret-name: "smbcreds"
   csi.storage.k8s.io/node-stage-secret-namespace: "default"
reclaimPolicy: Retain  # only Retain is supported
volumeBindingMode: Immediate
mountOptions:
  - dir_mode=0777
  - file_mode=0777
  - uid=1001
  - gid=1001

Use NFS drivers

  1. Make sure the NFS driver is deployed. The NFS CSI driver is installed by default when you create a Kubernetes cluster using the Azure portal or the az aksarc create command. If you create a Kubernetes cluster by using --disable-nfs-driver, you must enable the the NFS driver on this cluster using the az aksarc update command:

    az aksarc update -n $aksclustername -g $resource_group --enable-nfs-driver

  1. Create an NFS storage class using the following manifest:

    apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: nfs-csi
provisioner: nfs.csi.akshci.com
parameters:
  server: nfs-server.default.svc.cluster.local # NFS server endpoint
  share: / # NFS share path
reclaimPolicy: Retain
volumeBindingMode: Immediate
mountOptions:
  - hard
  - nfsvers=4.1

To uninstall SMB or NFS drivers

Use the following Azure CLI commands to uninstall either the SMB or NFS drivers:

az aksarc update -n $aksclustername -g $resource_group --disable-smb-driver
az aksarc update -n $aksclustername -g $resource_group --disable-nfs-driver

Next steps