Editare

Partajați prin

Container Storage Interface (CSI) drivers on Azure Kubernetes Service (AKS)

  • Articol

The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By adopting and using CSI, Azure Kubernetes Service (AKS) can write, deploy, and iterate plug-ins to expose new or improve existing storage systems in Kubernetes without having to touch the core Kubernetes code and wait for its release cycles.

The CSI storage driver support on AKS allows you to natively use:

  • Azure Disks can be used to create a Kubernetes DataDisk resource. Disks can use Azure Premium Storage, backed by high-performance SSDs, or Azure Standard Storage, backed by regular HDDs or Standard SSDs. For most production and development workloads, use Premium Storage. Azure Disks are mounted as ReadWriteOnce and are only available to one node in AKS. For storage volumes that can be accessed by multiple nodes simultaneously, use Azure Files.
  • Azure Files can be used to mount an SMB 3.0/3.1 share backed by an Azure storage account to pods. With Azure Files, you can share data across multiple nodes and pods. Azure Files can use Azure Standard storage backed by regular HDDs or Azure Premium storage backed by high-performance SSDs.
  • Azure Blob storage can be used to mount Blob storage (or object storage) as a file system into a container or pod. Using Blob storage enables your cluster to support applications that work with large unstructured datasets like log file data, images or documents, HPC, and others. Additionally, if you ingest data into Azure Data Lake storage, you can directly mount and use it in AKS without configuring another interim filesystem.

Important

Starting with Kubernetes version 1.26, in-tree persistent volume types kubernetes.io/azure-disk and kubernetes.io/azure-file are deprecated and will no longer be supported. Removing these drivers following their deprecation is not planned, however you should migrate to the corresponding CSI drivers disk.csi.azure.com and file.csi.azure.com. To review the migration options for your storage classes and upgrade your cluster to use Azure Disks and Azure Files CSI drivers, see Migrate from in-tree to CSI drivers.

In-tree drivers refers to the storage drivers that are part of the core Kubernetes code opposed to the CSI drivers, which are plug-ins.

Note

It is recommended to delete the corresponding PersistentVolumeClaim object instead of the PersistentVolume object when deleting a CSI volume. The external provisioner in the CSI driver will react to the deletion of the PersistentVolumeClaim and based on its reclamation policy, it issues the DeleteVolume call against the CSI volume driver commands to delete the volume. The PersistentVolume object is then deleted.

Prerequisites

  • You need the Azure CLI version 2.42 or later installed and configured. Run az --version to find the version. If you need to install or upgrade, see Install Azure CLI.
  • If the open-source CSI storage driver is installed on your cluster, uninstall it before enabling the Azure storage CSI driver.
  • To enforce the Azure Policy for AKS policy definition Kubernetes clusters should use Container Storage Interface(CSI) driver StorageClass, the Azure Policy add-on needs to be enabled on new and existing clusters. For an existing cluster, review the Learn Azure Policy for Kubernetes to enable it.

Disk encryption supported scenarios

CSI storage drivers support the following scenarios:

Enable CSI storage drivers on an existing cluster

To enable CSI storage drivers on a new cluster, include one of the following parameters depending on the storage system:

az aks update --name myAKSCluster --resource-group myResourceGroup --enable-disk-driver --enable-file-driver --enable-blob-driver --enable-snapshot-controller

It may take several minutes to complete this action. Once it's complete, you should see in the output the status of enabling the driver on your cluster. The following example resembles the section indicating the results when enabling the Blob storage CSI driver:

"storageProfile": {
    "blobCsiDriver": {
      "enabled": true
    },

Disable CSI storage drivers on a new or existing cluster

To disable CSI storage drivers on a new cluster, include one of the following parameters depending on the storage system:

az aks create \
    --name myAKSCluster \
    --resource-group myResourceGroup \
    --disable-disk-driver \
    --disable-file-driver \
    --disable-blob-driver \
    --disable-snapshot-controller \
    --generate-ssh-keys

To disable CSI storage drivers on an existing cluster, use one of the parameters listed earlier depending on the storage system:

az aks update \
    --name myAKSCluster \
    --resource-group myResourceGroup \
    --disable-disk-driver \
    --disable-file-driver \
    --disable-blob-driver \
    --disable-snapshot-controller

Migrate custom in-tree storage classes to CSI

If you've created in-tree driver storage classes, those storage classes continue to work since CSI migration is turned on after upgrading your cluster to 1.21.x. If you want to use CSI features you'll need to perform the migration.

To review the migration options for your storage classes and upgrade your cluster to use Azure Disks and Azure Files CSI drivers, see Migrate from in-tree to CSI drivers.

Next steps