Set up Microsoft Azure

Contributors netapp-bcammett Download PDF of this page

A few steps are required to prepare your Microsoft Azure subscription before you can manage Azure Kubernetes Service clusters with Astra.

Quick start for setting up Azure

Get started quickly by following these steps or scroll down to the remaining sections for full details.

Number 1 Review Astra requirements for Azure Kubernetes Service

Ensure that clusters are healthy and running Kubernetes version 1.17 or later, that node pools are online and running Linux, and more. Learn more about this step.

Number 2 Register for Azure NetApp Files

Request access to the Azure NetApp Files service and then register the NetApp Resource Provider. Learn more about this step.

Number 3 Create a NetApp account

In the Azure portal, go to Azure NetApp Files and create a NetApp account. Learn more about this step.

Number 4 Set up capacity pools

Set up one or more capacity pools for your persistent volumes. Learn more about this step.

Number 5 Delegate a subnet to Azure NetApp Files

Delegate a subnet to Azure NetApp Files so that Astra can create persistent volumes in that subnet. Learn more about this step.

Number 6 Create an Azure service principal

Create an Azure service principal that has the Contributor role. Read step-by-step instructions.

AKS cluster requirements

A Kubernetes cluster must meet the following requirements so you can discover and manage it from Astra.

Kubernetes version

Clusters must be running Kubernetes version 1.17 or later.

Image type

The image type for all node pools must be Linux.

Cluster state

Clusters must be running in a healthy state and have at least one online worker node with no worker nodes in a failed state.

Azure region

Clusters must reside in a region where Azure NetApp Files is available. View Azure products by region.

Subscription

Clusters must reside in a subscription where Azure NetApp Files is enabled. You’ll choose a subscription when you register for Azure NetApp Files.

VNet
  • Clusters must reside in a VNet that has direct access to an Azure NetApp Files delegated subnet. Learn how to set up a delegated subnet.

  • If your Kubernetes clusters are in a VNet that’s peered to the Azure NetApp Files delegated subnet that’s in another VNet, then both sides of the peering connection must be online.

  • Be aware that the default limit for the number of IPs used in a VNet (including immediately peered VNets) with Azure NetApp Files is 1,000. View Azure NetApp Files resource limits.

    If you’re close to the limit, you have two options:

    • You can submit a request for a limit increase. Contact your NetApp representative if you need help.

    • When creating a new AKS cluster, specify a new network for the cluster. Once the new network is created, provision a new subnet and delegate the subnet to Azure NetApp Files.

Private networking

Private networking must not be enabled on a cluster.

External volume snapshot controller

Clusters must have a CSI volume snapshot controller installed. This controller is installed by default starting with K8s version 1.21, but you’ll need to check on clusters running versions 1.17, 1.18, 1.19, or 1.20. Learn more about an external snapshot controller for on-demand volume snapshots.

Install a CSI volume snapshot controller

As noted in the list of requirements, Kubernetes clusters must have a CSI volume snapshot controller installed. Follow these steps to install the controller on your clusters.

Steps for K8s versions 1.17, 1.18, and 1.19
  1. Install volume snapshot CRDs.

    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-3.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-3.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-3.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml
  2. Create the snapshot controller.

    If you want the snapshot controller in a specific namespace, download and edit the following files before you apply them.

    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-3.0/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/release-3.0/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml
Steps for K8s version 1.20
  1. Install volume snapshot CRDs.

    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/v4.0.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml
    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/v4.0.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml
    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/v4.0.0/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml
  2. Create the snapshot controller.

    If you want the snapshot controller in a specific namespace, download and edit the following files before you apply them.

    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/v4.0.0/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml
    kubectl apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/v4.0.0/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml

Register for Azure NetApp Files

Get access to Azure NetApp Files by submitting a waitlist request. After you’re approved, you’ll need to register the NetApp Resource Provider.

Create a NetApp account

After you’ve been granted access, create a NetApp account in Azure NetApp Files.

Set up a capacity pool

One or more capacity pools are required so that Astra can provision persistent volumes in a capacity pool. Astra doesn’t create capacity pools for you.

Take the following into consideration as you set up capacity pools for your Kubernetes apps:

  • A capacity pool can have an Ultra, Premium, or Standard service level. Each of these service levels are designed for different performance needs. Astra supports all three.

    You need to set up a capacity pool for each service level that you want to use with your Kubernetes clusters.

  • Before you create a capacity pool for the apps that you intend to protect with Astra, choose the required performance and capacity for those apps.

    Provisioning the right amount of capacity ensures that users can create persistent volumes as they are needed. If capacity isn’t available, then the persistent volumes can’t be provisioned.

  • An Azure NetApp Files capacity pool can use the manual or auto QoS type. Astra supports auto QoS capacity pools. Manual QoS capacity pools aren’t supported.

Delegate a subnet to Azure NetApp Files

You need to delegate a subnet to Azure NetApp Files so that Astra can create persistent volumes in that subnet. Note that Azure NetApp Files enables you to have only one delegated subnet in a VNet.

If you’re using peered VNets, then both sides of the peering connection must be online: the VNet where your Kubernetes clusters reside and the VNet that has the Azure NetApp Files delegated subnet.

Create an Azure service principal

Astra requires a Azure service principal that is assigned the Contributor role. Astra uses this service principal to facilitate Kubernetes application data management on your behalf.

A service principal is an identity created specifically for use with applications, services, and tools. Assigning a role to the service principal restricts access to specific Azure resources.

Follow the steps below to create a service principal using the Azure CLI. You’ll need to save the output in a JSON file and provide it to Astra later on. Refer to Azure documentation for more details about using the CLI.

The following steps assume that you have permission to create a service principal and that you have the Microsoft Azure SDK (az command) installed on your machine.

Requirements
  • The service principal must use regular authentication. Certificates aren’t supported.

  • The service principal must be granted Contributor or Owner access to your Azure subscription.

  • The Azure subscription must contain the AKS clusters and your Azure NetApp Files account.

Steps
  1. Identify the subscription and tenant ID where your AKS clusters reside (these are the clusters that you want to manage in Astra).

    az configure --list-defaults
    az account list --output table
  2. Create the service principal, assign the Contributor role, and specify the scope to the entire subscription where the clusters reside.

    az ad sp create-for-rbac --name http://sp-astra-service-principal --role contributor --scopes /subscriptions/SUBSCRIPTION-ID
  3. Store the resulting Azure CLI output as a JSON file.

    You’ll need to provide this file to Astra so that Astra can discover your AKS clusters and manage Kubernetes data management operations. Learn about managing credentials in Astra.

  4. Optional: Add the subscription ID to the JSON file so that Astra automatically populates the ID when you select the file.

    Otherwise, you’ll need to enter the subscription ID in Astra when prompted.

    Example

    {
      "appId": "0db3929a-bfb0-4c93-baee-aaf8",
      "displayName": "sp-example-dev-sandbox",
      "name": "http://sp-example-dev-sandbox",
      "password": "mypassword",
      "tenant": "011cdf6c-7512-4805-aaf8-7721afd8ca37",
      "subscriptionId": "99ce999a-8c99-99d9-a9d9-99cce99f99ad"
    }
  5. Optional: Test your service principal.

    az login --service-principal --username APP-ID-SERVICEPRINCIPAL --password PASSWORD --tenant TENANT-ID
    az group list --subscription SUBSCRIPTION-ID
    az aks list --subscription SUBSCRIPTION-ID
    az storage container list --subscription SUBSCRIPTION-ID