Set up Microsoft Azure with Azure managed disks
A few steps are required to prepare your Microsoft Azure subscription before you can manage Azure Kubernetes Service clusters with Astra Control Service. Follow these instructions if you plan to use Azure managed disks as a storage backend.
Quick start for setting up Azure
Get started quickly by following these steps or scroll down to the remaining sections for full details.
Review Astra Control Service requirements for Azure Kubernetes Service
Ensure that clusters are healthy and running a supported version of Kubernetes, that node pools are online and running Linux, and more. Learn more about this step.
Sign up for Microsoft Azure
Create a Microsoft Azure account. Learn more about this step.
Create an Azure service principal
Create an Azure service principal that has the Contributor role. Learn more about this step.
Configure Container Storage Interface (CSI) driver details
You need to configure your Azure subscription and the cluster to work with the CSI drivers. Learn more about this step.
Optional: Configure redundancy for Azure backup buckets
By default, the buckets Astra Control Service uses to store Azure Kubernetes Service backups use the Locally Redundant Storage (LRS) redundancy option. As an optional step, you can configure a more durable level of redundancy for Azure buckets. Learn more about this step.
Azure Kubernetes Service cluster requirements
A Kubernetes cluster must meet the following requirements so you can discover and manage it from Astra Control Service.
- Kubernetes version
-
Clusters must be running Kubernetes version 1.26 to 1.28.
- Image type
-
The image type for all node pools must be Linux.
- Cluster state
-
Clusters must be running in a healthy state and have at least one online worker node with no worker nodes in a failed state.
- Azure region
-
As a best practice, you should choose a region that supports Azure NetApp Files, even if you do not use it as a storage backend. This makes it easier to use Azure NetApp Files as a storage backend in the future if your performance requirements change. View Azure products by region.
- CSI drivers
-
Clusters must have the appropriate CSI drivers installed.
Sign up for Microsoft Azure
If you don't have a Microsoft Azure account, begin by signing up for Microsoft Azure.
-
Go to the Azure subscription page to subscribe to the Azure service.
-
Select a plan and follow the instructions to complete the subscription.
Create an Azure service principal
Astra Control Service requires a Azure service principal that is assigned the Contributor role. Astra Control Service uses this service principal to facilitate Kubernetes application data management on your behalf.
A service principal is an identity created specifically for use with applications, services, and tools. Assigning a role to the service principal restricts access to specific Azure resources.
Follow the steps below to create a service principal using the Azure CLI. You'll need to save the output in a JSON file and provide it to Astra Control Service later on. Refer to Azure documentation for more details about using the CLI.
The following steps assume that you have permission to create a service principal and that you have the Microsoft Azure SDK (az command) installed on your machine.
-
The service principal must use regular authentication. Certificates aren't supported.
-
The service principal must be granted Contributor or Owner access to your Azure subscription.
-
The subscription or resource group you choose for scope must contain the AKS clusters and your Azure NetApp Files account.
-
Identify the subscription and tenant ID where your AKS clusters reside (these are the clusters that you want to manage in Astra Control Service).
az configure --list-defaults az account list --output table
-
Do one of the following, depending on if you use an entire subscription or a resource group:
-
Create the service principal, assign the Contributor role, and specify the scope to the entire subscription where the clusters reside.
az ad sp create-for-rbac --name service-principal-name --role contributor --scopes /subscriptions/SUBSCRIPTION-ID
-
Create the service principal, assign the Contributor role, and specify the resource group where the clusters reside.
az ad sp create-for-rbac --name service-principal-name --role contributor --scopes /subscriptions/SUBSCRIPTION-ID/resourceGroups/RESOURCE-GROUP-ID
-
-
Store the resulting Azure CLI output as a JSON file.
You'll need to provide this file so that Astra Control Service can discover your AKS clusters and manage Kubernetes data management operations. Learn about managing credentials in Astra Control Service.
-
Optional: Add the subscription ID to the JSON file so that Astra Control Service automatically populates the ID when you select the file.
Otherwise, you'll need to enter the subscription ID in Astra Control Service when prompted.
Example
{ "appId": "0db3929a-bfb0-4c93-baee-aaf8", "displayName": "sp-example-dev-sandbox", "name": "http://sp-example-dev-sandbox", "password": "mypassword", "tenant": "011cdf6c-7512-4805-aaf8-7721afd8ca37", "subscriptionId": "99ce999a-8c99-99d9-a9d9-99cce99f99ad" }
-
Optional: Test your service principal. Choose from the following example commands depending on the scope your service principal uses.
Subscription scopeaz login --service-principal --username APP-ID-SERVICEPRINCIPAL --password PASSWORD --tenant TENANT-ID az group list --subscription SUBSCRIPTION-ID az aks list --subscription SUBSCRIPTION-ID az storage container list --account-name STORAGE-ACCOUNT-NAME
Resource group scopeaz login --service-principal --username APP-ID-SERVICEPRINCIPAL --password PASSWORD --tenant TENANT-ID az aks list --subscription SUBSCRIPTION-ID --resource-group RESOURCE-GROUP-ID
Configure Container Storage Interface (CSI) driver details
To use Azure managed disks with Astra Control Service, you'll need to install the required CSI drivers.
Enable the CSI driver feature in your Azure subscription
Before you install the CSI drivers, you need to enable the CSI driver feature in your Azure subscription.
-
Open the Azure command line interface.
-
Run the following command to register the driver:
az feature register --namespace "Microsoft.ContainerService" --name "EnableAzureDiskFileCSIDriver"
-
Run the following command to ensure the change is propagated:
az provider register -n Microsoft.ContainerService
You should see output similar to the following:
{ "id": "/subscriptions/b200155f-001a-43be-87be-3edde83acef4/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/EnableAzureDiskFileCSIDriver", "name": "Microsoft.ContainerService/EnableAzureDiskFileCSIDriver", "properties": { "state": "Registering" }, "type": "Microsoft.Features/providers/features" }
Install the Azure managed disk CSI drivers in your Azure Kubernetes Service cluster
You can install the Azure CSI drivers to complete your preparation.
-
Follow the instructions to install the required CSI drivers.
Optional: Configure redundancy for Azure backup buckets
You can configure a more durable redundancy level for Azure backup buckets. By default, the buckets Astra Control Service uses to store Azure Kubernetes Service backups use the Locally Redundant Storage (LRS) redundancy option. To use a more durable redundancy option for Azure buckets, you need to do the following:
-
Create an Azure storage account that uses the redundancy level you need using these instructions.
-
Create an Azure container in the new storage account using these instructions.
-
Add the container as a bucket to Astra Control Service. Refer to Add an additional bucket.
-
(Optional) To use the newly created bucket as the default bucket for Azure backups, set it as the default bucket for Azure. Refer to Change the default bucket.