Comments (17)
hello @andyzhangx
I want dynamic provisioning :) However, I want AKS to dynamically create share files in a pre-defined shared account.
from azurefile-csi-driver.
still noticed that the activity logs of my storage account don't mention that a process created the file storage. Any reason why the Activity logs are not updated?
not sure, azure file creation activity may not exist in Activity logs
is the in-tree version "kubernetes.io/azure-file" based on "file.csi.azure.com"? Meaning that a certain point, "kubernetes.io/azure-file" will contain the fixes en enhancements of "file.csi.azure.com" ?
in-tree and csi drivers share the same azure cloud provider library, and in a certain time(this year), we will switch to use csi driver
Is "file.csi.azure.com" officially supported by Microsoft? We have a support contract for Azure so I'd like to know if we will have a support for "file.csi.azure.com" should we decide to install it
Yes, it's officially supported by Microsoft
from azurefile-csi-driver.
that's for dynamic provisioning, I see you want to use static provisoining(use existing file share), you could refer to https://docs.microsoft.com/en-us/azure/aks/azure-files-volume
from azurefile-csi-driver.
@aelmanaa could you try this azure file storage class example: https://github.com/andyzhangx/demo/blob/master/pv/storageclass-azurefile-sharename.yaml
from azurefile-csi-driver.
thanks.
where do you put the secret holding the storage account access key?
from azurefile-csi-driver.
thanks.
where do you put the secret holding the storage account access key?
if your storage account is in the same resource group as aks cluster, and when you use that storage class, it would get storage account key automatically, you don't need to use secret in azure file storage class.
from azurefile-csi-driver.
thanks.
where do you put the secret holding the storage account access key?if your storage account is in the same resource group as aks cluster, and when you use that storage class, it would get storage account key automatically, you don't need to use secret in azure file storage class.
no it's not. we decided to put our AKS dashboards, log analytics and storage account in a different resource group (in order to keep everything even when you redeploy the cluster)
from azurefile-csi-driver.
thanks.
where do you put the secret holding the storage account access key?if your storage account is in the same resource group as aks cluster, and when you use that storage class, it would get storage account key automatically, you don't need to use secret in azure file storage class.
no it's not. we decided to put our AKS dashboards, log analytics and storage account in a different resource group (in order to keep everything even when you redeploy the cluster)
if your service principle in aks cluster has access to that storage account, it should also work, no need to use secret
from azurefile-csi-driver.
hi, is it resolved?
from azurefile-csi-driver.
hi, is it resolved?
Hello Andy,
sorry I was busy on other tasks. I'll test and get back to you before the end of the week
from azurefile-csi-driver.
Hello @andyzhangx
I tested. it didn't work at the beginning because of this issue
kubernetes/kubernetes#85475
so I allowed access to all network just for testing purpose and noticed that it worked. I think we will stick with the workaround for now (creating the volumes statically) until that the fix is available in a GA AKS version. In fact, we prefer not to open access of our storage account to all networks
Questions though:
*I was curious to see the the identity and ip address of the process(file controller on the master node) which created the storage and I couldn't find anything in the activity logs of my storage account. When we create them manually, we can see who created the storage, but in this case, there is no trace in the logs. Do you have any idea why?
- I noticed that the IP address of the master node is static (I mean i keep nslookup and it doesn't change). So I decided to restrict the access to this IP and to our subnet. It didn't work though :)
from azurefile-csi-driver.
Hello @andyzhangx
I tested. it didn't work at the beginning because of this issue
kubernetes/kubernetes#85475so I allowed access to all network just for testing purpose and noticed that it worked. I think we will stick with the workaround for now (creating the volumes statically) until that the fix is available in a GA AKS version. In fact, we prefer not to open access of our storage account to all networks
Questions though:
*I was curious to see the the identity and ip address of the process(file controller on the master node) which created the storage and I couldn't find anything in the activity logs of my storage account. When we create them manually, we can see who created the storage, but in this case, there is no trace in the logs. Do you have any idea why?
- I noticed that the IP address of the master node is static (I mean i keep nslookup and it doesn't change). So I decided to restrict the access to this IP and to our subnet. It didn't work though :)
hi, could you try the master version, I think master version already fixed that network restriction issue (on Dec 3, 2019):
Pls verify it by following: https://github.com/kubernetes-sigs/azurefile-csi-driver/blob/master/docs/install-csi-driver-master.md
And I could publish a new stable release if master branch fixed you isssue, thanks.
from azurefile-csi-driver.
Btw, by trying this, you need to delete existing storage account in MC_ resource group, otherwise it will search for a matching storage account, and then use that storage account
from azurefile-csi-driver.
thanks @andyzhangx
just a question before installing: If I install "https://github.com/kubernetes-sigs/azurefile-csi-driver/blob/master/docs/install-csi-driver-master.md" then how will the controller know that it should use the installed one, rather than the "official" version and which is referenced in the storage class (provisioner: kubernetes.io/azure-file) ?
thanks
from azurefile-csi-driver.
it depends on which storage class you are using, if the provisioner is kubernetes.io/azure-file
, then it would use in-tree azure file driver, if the provisioner is file.csi.azure.com
, then it would use azure file csi driver.
from azurefile-csi-driver.
Hi @andyzhangx
so I tested with "file.csi.azure.com" instead of "kubernetes.io/azure-file" and I've confirmed that I could create a file storage even though the access is limited to a specific subnet. which is good thanks. However, I've got few questions:
-
I still noticed that the activity logs of my storage account don't mention that a process created the file storage. Any reason why the Activity logs are not updated?
-
is the in-tree version "kubernetes.io/azure-file" based on "file.csi.azure.com"? Meaning that a certain point, "kubernetes.io/azure-file" will contain the fixes en enhancements of "file.csi.azure.com" ?
-
Is "file.csi.azure.com" officially supported by Microsoft? We have a support contract for Azure so I'd like to know if we will have a support for "file.csi.azure.com" should we decide to install it
thanks a lot!
from azurefile-csi-driver.
thanks @andyzhangx for your help. I'm closing the issue
from azurefile-csi-driver.
Related Issues (20)
- Issues with statically provisioned Azure NFS File Shares HOT 2
- Feature Request: Support for Reducing Azure File Share Size via PVC in Kubernetes HOT 1
- Inconsistent File Truncation Behavior on Different Nodes with Azure File Premium PVC in Kubernetes HOT 3
- reduce volume cloning time cost
- Allow the use of the dataplane API with network-restricted storage accounts HOT 5
- Mounting static provisioned PV with `nfsvers` in mount options causes mount to fail HOT 10
- VolumeFailedDelete PV remains after PVC delete HOT 12
- matchTags does not generate new storageAccount HOT 2
- PVC cloning does not work with private endpoints enabled on StorageClass HOT 4
- Connection to storage account with storage account keys disabled doesn't work with workload identity (kerberos auth support) HOT 12
- add feature to disable dns zone creation for private endpoints HOT 4
- [Not working] workload identity support on static provisioning on AKS 1.29 HOT 5
- csi-azurefile-controller pod constantly restarts HOT 4
- Azure file mount failed in AKS having storage account in different subscription HOT 3
- New 1.30 patch release with commits after 2/22/2024 HOT 1
- No helm chart for release v1.30.1
- cifs credentials appear in process table HOT 3
- Frequent controller restarts HOT 6
- remove smb-globalmount when azure file is unmounted on windows node
- PVC fails to be provision HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azurefile-csi-driver.