API Status

AKS to use existing storage account

Some customers has restriction over storage account being accessible publicly and other policy constraints. This document explains how to use existing storage account create by IT in our AKS cluster.

Azure storage account created by azurefile storage class will create basic storage account with public blob access and we don't have much control over the specification of storage accounts created by AKS. This document is based on this Azure documentation.

  1. Create storage account with non public blob storage

  2. Create Fileshare container

    • Fileshare name: aksshare

  3. Get storage account key

     AKS_PERS_RESOURCE_GROUP=ex-tst
 AKS_PERS_STORAGE_ACCOUNT_NAME=extostoragetst

 # Get storage account key
 STORAGE_KEY=$(az storage account keys list --resource-group $AKS_PERS_RESOURCE_GROUP --account-name $AKS_PERS_STORAGE_ACCOUNT_NAME --query "[0].value" -o tsv)

 # Echo storage account name and key
 echo Storage account name: $AKS_PERS_STORAGE_ACCOUNT_NAME
 echo Storage account key: $STORAGE_KEY

  4. Create azure storage account secret

     kubectl create secret generic azure-secret \
    --from-literal=azurestorageaccountname=$AKS_PERS_STORAGE_ACCOUNT_NAME \
    --from-literal=azurestorageaccountkey=$STORAGE_KEY \
    --namespace <namespace>

  5. Create PersistentVolume connected with the storage account (exto-azurefile-pv.yaml)

     apiVersion: v1
 kind: PersistentVolume
 metadata:
   name: exto-azurefile-pv
 spec:
   capacity:
     storage: 10Gi
   accessModes:
     - ReadWriteMany
   azureFile:
     secretName: azure-secret
     shareName: aksshare
     readOnly: false
   mountOptions:
   - dir_mode=0777
   - file_mode=0777
   - uid=0
   - gid=0
   - mfsymlinks
   - cache=strict
   - nosharesock
   - actimeo=30

  6. Create persistent volume claim (exto-azurefile-pvc.yaml)

     apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: exto-azurefile-pvc
 spec:
   accessModes:
     - ReadWriteMany
   storageClassName: ""
   volumeName: exto-azurefile-pv
   resources:
     requests:
       storage: 10Gi

  7. Apply the yaml and make sure the pods connected with the above pvc or create pvc based on helm chart created pvc name

     kubectl apply -f exto-azurefile-pv.yaml
 kubectl apply -f exto-azurefile-pvc.yaml

After applying the files, ensure the persistent volume is bound to storage account which was created earlier

PreviousTips and TricksNextAKS with Application Gateway Ingress Controller

Last updated

Was this helpful?