AKS to use existing storage account

Some customers has restriction over storage account being accessible publicly and other policy constraints. This document explains how to use existing storage account create by IT in our AKS cluster.

PreviousTips and Tricks NextAKS with Application Gateway Ingress Controller

Last updated 3 years ago

Was this helpful?

AKS to use existing storage account

Some customers has restriction over storage account being accessible publicly and other policy constraints. This document explains how to use existing storage account create by IT in our AKS cluster.

Azure storage account created by azurefile storage class will create basic storage account with public blob access and we don't have much control over the specification of storage accounts created by AKS. This document is based on this .

Create storage account with non public blob storage
Create Fileshare container
- Fileshare name: aksshare

Get storage account key

 AKS_PERS_RESOURCE_GROUP=ex-tst
 AKS_PERS_STORAGE_ACCOUNT_NAME=extostoragetst

 # Get storage account key
 STORAGE_KEY=$(az storage account keys list --resource-group $AKS_PERS_RESOURCE_GROUP --account-name $AKS_PERS_STORAGE_ACCOUNT_NAME --query "[0].value" -o tsv)

 # Echo storage account name and key
 echo Storage account name: $AKS_PERS_STORAGE_ACCOUNT_NAME
 echo Storage account key: $STORAGE_KEY

Create azure storage account secret

 kubectl create secret generic azure-secret \
    --from-literal=azurestorageaccountname=$AKS_PERS_STORAGE_ACCOUNT_NAME \
    --from-literal=azurestorageaccountkey=$STORAGE_KEY \
    --namespace <namespace>

Create PersistentVolume connected with the storage account (exto-azurefile-pv.yaml)

 apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: exto-azurefile-pv
 spec:
   capacity:
     storage: 10Gi
   accessModes:
     - ReadWriteMany
   azureFile:
     secretName: azure-secret
     shareName: aksshare
     readOnly: false
   mountOptions:
   - dir_mode=0777
   - file_mode=0777
   - uid=0
   - gid=0
   - mfsymlinks
   - cache=strict
   - nosharesock
   - actimeo=30

Create persistent volume claim (exto-azurefile-pvc.yaml)

 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: exto-azurefile-pvc
 spec:
   accessModes:
     - ReadWriteMany
   storageClassName: ""
   volumeName: exto-azurefile-pv
   resources:
     requests:
       storage: 10Gi

Apply the yaml and make sure the pods connected with the above pvc or create pvc based on helm chart created pvc name
```
 kubectl apply -f exto-azurefile-pv.yaml
 kubectl apply -f exto-azurefile-pvc.yaml
```

After applying the files, ensure the persistent volume is bound to storage account which was created earlier

PreviousTips and Tricks NextAKS with Application Gateway Ingress Controller

Last updated 3 years ago

Was this helpful?

Create storage account with non public blob storage
Create Fileshare container
- Fileshare name: aksshare

Get storage account key

 AKS_PERS_RESOURCE_GROUP=ex-tst
 AKS_PERS_STORAGE_ACCOUNT_NAME=extostoragetst

 # Get storage account key
 STORAGE_KEY=$(az storage account keys list --resource-group $AKS_PERS_RESOURCE_GROUP --account-name $AKS_PERS_STORAGE_ACCOUNT_NAME --query "[0].value" -o tsv)

 # Echo storage account name and key
 echo Storage account name: $AKS_PERS_STORAGE_ACCOUNT_NAME
 echo Storage account key: $STORAGE_KEY

Create azure storage account secret

 kubectl create secret generic azure-secret \
    --from-literal=azurestorageaccountname=$AKS_PERS_STORAGE_ACCOUNT_NAME \
    --from-literal=azurestorageaccountkey=$STORAGE_KEY \
    --namespace <namespace>

Create PersistentVolume connected with the storage account (exto-azurefile-pv.yaml)

 apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: exto-azurefile-pv
 spec:
   capacity:
     storage: 10Gi
   accessModes:
     - ReadWriteMany
   azureFile:
     secretName: azure-secret
     shareName: aksshare
     readOnly: false
   mountOptions:
   - dir_mode=0777
   - file_mode=0777
   - uid=0
   - gid=0
   - mfsymlinks
   - cache=strict
   - nosharesock
   - actimeo=30

Create persistent volume claim (exto-azurefile-pvc.yaml)

 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: exto-azurefile-pvc
 spec:
   accessModes:
     - ReadWriteMany
   storageClassName: ""
   volumeName: exto-azurefile-pv
   resources:
     requests:
       storage: 10Gi

Apply the yaml and make sure the pods connected with the above pvc or create pvc based on helm chart created pvc name
```
 kubectl apply -f exto-azurefile-pv.yaml
 kubectl apply -f exto-azurefile-pvc.yaml
```

After applying the files, ensure the persistent volume is bound to storage account which was created earlier