Mount Azure Blob containers with NFS in AKS Cluster
Objective
Azure Blob containers could be mounted on AKS cluster through the CSI Blob drivers provided as part of AKS Addon. You can find Microsoft Learn documentation at the following link:
Prerequisites
- AKS Cluster in supported version with CSI Blob drivers enabled. If your cluster doesn’t have these drivers enabled, you can update your deployment with the following command:
az aks update --enable-blob-driver -n myAKSCluster -g myResourceGroupaz aks update --enable-blob-driver -n myAKSCluster -g myResourceGroup
After enabling these drivers, we will have these Pods available in the kube-system namespace.
Storage Account implementation
We will choose the Premium Tier of Storage Account with Block blobs account type.
In advanced panel, we will select Enable hierarchical namespace and Enable network file system v3
We create a Container from Azure Portal/Containers panel, in our case, it will be named nginx-blob
AKS Manifests
Storage Class
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: azureblob-nfs-premium
provisioner: blob.csi.azure.com
parameters:
protocol: nfs
tags: environment=Development
volumeBindingMode: Immediate
Persistent Volume
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-blob
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain # If set as "Delete" container would be removed after pvc deletion
storageClassName: azureblob-nfs-premium
csi:
driver: blob.csi.azure.com
readOnly: false
# make sure this volumeid is unique in the cluster
# `#` is not allowed in self defined volumeHandle
volumeHandle: MC_aks_aks_westeurope#azstorageblobtest#nginx-blob
volumeAttributes:
resourceGroup: MC_aks_aks_westeurope
storageAccount: azstorageblobtest
containerName: nginx-blob
protocol: nfs
volumeHandle format is: ResourceGroup#StorageAccount_Name#Container_name
Persisten Volume Claim
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-blob
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
volumeName: pv-blob
storageClassName: azureblob-nfs-premium
Pod resource that will consume the PVC
kind: Pod
apiVersion: v1
metadata:
name: nginx-blob
spec:
nodeSelector:
"kubernetes.io/os": linux
containers:
- image: mcr.microsoft.com/oss/nginx/nginx:1.17.3-alpine
name: nginx-blob
volumeMounts:
- name: blob01
mountPath: "/mnt/blob"
volumes:
- name: blob01
persistentVolumeClaim:
claimName: pvc-blob
Testing
If for some reason, the mount operation on Pods is failing, you can check at the Node level with the following commands
mkdir /mnt/nfs
mount -o sec=sys,vers=3,nolock,proto=tcp azstorageblobtest.blob.core.windows.net:/azstorageblobtest/aks /mnt/nfs
GitHub Repro: https://github.com/OvidiuBorlean/Azure/tree/main/aks_blob_nfs