Mount Azure Blob containers with NFS in AKS Cluster

Objective

Azure Blob containers could be mounted on AKS cluster through the CSI Blob drivers provided as part of AKS Addon. You can find Microsoft Learn documentation at the following link:

Prerequisites

• AKS Cluster in supported version with CSI Blob drivers enabled. If your cluster doesn’t have these drivers enabled, you can update your deployment with the following command:

az aks update --enable-blob-driver -n myAKSCluster -g myResourceGroupaz aks update --enable-blob-driver -n myAKSCluster -g myResourceGroup

After enabling these drivers, we will have these Pods available in the kube-system namespace.

Storage Account implementation

We will choose the Premium Tier of Storage Account with Block blobs account type.

In advanced panel, we will select Enable hierarchical namespace and Enable network file system v3

We create a Container from Azure Portal/Containers panel, in our case, it will be named nginx-blob

AKS Manifests

Storage Class

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: azureblob-nfs-premium
provisioner: blob.csi.azure.com
parameters:
  protocol: nfs
  tags: environment=Development
volumeBindingMode: Immediate

Persistent Volume

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-blob
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain  # If set as "Delete" container would be removed after pvc deletion
  storageClassName: azureblob-nfs-premium
  csi:
    driver: blob.csi.azure.com
    readOnly: false
    # make sure this volumeid is unique in the cluster
    # `#` is not allowed in self defined volumeHandle
    volumeHandle: MC_aks_aks_westeurope#azstorageblobtest#nginx-blob
    volumeAttributes:
      resourceGroup: MC_aks_aks_westeurope
      storageAccount: azstorageblobtest
      containerName: nginx-blob
      protocol: nfs

volumeHandle format is: ResourceGroup#StorageAccount_Name#Container_name

Persisten Volume Claim

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc-blob
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi
  volumeName: pv-blob
  storageClassName: azureblob-nfs-premium

Pod resource that will consume the PVC

kind: Pod
apiVersion: v1
metadata:
  name: nginx-blob
spec:
  nodeSelector:
    "kubernetes.io/os": linux
  containers:
    - image: mcr.microsoft.com/oss/nginx/nginx:1.17.3-alpine
      name: nginx-blob
      volumeMounts:
        - name: blob01
          mountPath: "/mnt/blob"
  volumes:
    - name: blob01
      persistentVolumeClaim:
        claimName: pvc-blob

Testing

If for some reason, the mount operation on Pods is failing, you can check at the Node level with the following commands

mkdir /mnt/nfs
mount -o sec=sys,vers=3,nolock,proto=tcp azstorageblobtest.blob.core.windows.net:/azstorageblobtest/aks /mnt/nfs

GitHub Repro: https://github.com/OvidiuBorlean/Azure/tree/main/aks_blob_nfs