Use Container Storage Interface (CSI) file drivers in AKS enabled by Azure Arc
> Applies to: AKS on Azure Stack HCI 22H2, AKS on Windows Server, AKS on Azure Local, version 23H2
This article describes how to use Container Storage Interface (CSI) drivers for files to mount a Server Message Block (SMB) or NFS shares when multiple nodes need concurrent access to the same storage volume in AKS enabled by Azure Arc.
Overview of CSI in AKS Arc
The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By using CSI, AKS enabled by Arc can write, deploy, and iterate plug-ins to expose new storage systems. Using CSI can also improve existing ones in Kubernetes without having to touch the core Kubernetes code and then wait for its release cycles.
The disk and file CSI drivers used by AKS Arc are CSI specification-compliant drivers.
The CSI storage driver support on AKS Arc allows you to use:
AKS Arc disks that you can use to create a Kubernetes DataDisk resource. These are mounted as ReadWriteOnce, so they're only available to a single pod at a time. For storage volumes that can be accessed by multiple pods simultaneously, use AKS Arc files.
AKS Arc files that you can use to mount an SMB or NFS share to pods. These are mounted as ReadWriteMany, so you can share data across multiple nodes and pods. They can also be mounted as ReadWriteOnce based on the PVC (persistent volume claim) specification.
Use files persistent volumes using ReadWriteMany CSI drivers
If multiple nodes need concurrent access to the same storage volumes in AKS Arc, you can use CSI drivers for files to mount SMB or NFS shares as ReadWriteMany. You must provision the SMB or NFS shares in advance.
Use SMB drivers
Make sure the SMB driver is deployed. The SMB CSI driver is installed by default when you create a Kubernetes cluster using the Azure portal or the
az aksarc create
command. If you create a Kubernetes cluster by using--disable-smb-driver
, you must enable the SMB driver on this cluster using theaz aksarc update
command:az aksarc update -n $aksclustername -g $resource_group --enable-smb-driver
Create Kubernetes secrets to store the credentials required to access SMB shares by running the following command:
kubectl create secret generic smbcreds --from-literal username=$username --from-literal password=$password --from-literal domain=$domain
Create a storage class using
kubectl
to create a new SMB storage class with the following manifest:apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: smb-csi provisioner: smb.csi.akshci.com parameters: source: \\smb-server\share csi.storage.k8s.io/node-stage-secret-name: "smbcreds" csi.storage.k8s.io/node-stage-secret-namespace: "default" reclaimPolicy: Retain # only Retain is supported volumeBindingMode: Immediate mountOptions: - dir_mode=0777 - file_mode=0777 - uid=1001 - gid=1001
Use NFS drivers
Make sure the NFS driver is deployed. The NFS CSI driver is installed by default when you create a Kubernetes cluster using the Azure portal or the
az aksarc create
command. If you create a Kubernetes cluster by using--disable-nfs-driver
, you must enable the the NFS driver on this cluster using theaz aksarc update
command:az aksarc update -n $aksclustername -g $resource_group --enable-nfs-driver
Create an NFS storage class using the following manifest:
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: nfs-csi provisioner: nfs.csi.akshci.com parameters: server: nfs-server.default.svc.cluster.local # NFS server endpoint share: / # NFS share path reclaimPolicy: Retain volumeBindingMode: Immediate mountOptions: - hard - nfsvers=4.1
To uninstall SMB or NFS drivers
Use the following Azure CLI commands to uninstall either the SMB or NFS drivers:
az aksarc update -n $aksclustername -g $resource_group --disable-smb-driver
az aksarc update -n $aksclustername -g $resource_group --disable-nfs-driver