Prepare to configure an Azure NetApp Files backend
Before you can configure your ANF backend, you need to ensure the following requirements are met.
If you are using Azure NetApp Files for the first time or in a new location, some initial configuration is required.
-
To set up Azure NetApp files and create an NFS volume, refer to Azure: Set up Azure NetApp Files and create an NFS volume.
-
To configure Azure NetApp Files and add an SMB volume, refer to: Azure: Create an SMB volume for Azure NetApp Files.
Requirements
To configure and use an Azure NetApp Files backend, you need the following:
-
subscriptionID
from an Azure subscription with Azure NetApp Files enabled. -
tenantID
,clientID
, andclientSecret
from an App Registration in Azure Active Directory with sufficient permissions to the Azure NetApp Files service. The App Registration should use either:-
The Owner or Contributor role predefined by Azure
-
A custom Contributor role at the subscription level (
assignableScopes
) with the following permissions that are limited to only what Astra Trident requires. After creating the custom role, assign the role using the Azure portal.{ "id": "/subscriptions/<subscription-id>/providers/Microsoft.Authorization/roleDefinitions/<role-definition-id>", "properties": { "roleName": "custom-role-with-limited-perms", "description": "custom role providing limited permissions", "assignableScopes": [ "/subscriptions/<subscription-id>" ], "permissions": [ { "actions": [ "Microsoft.NetApp/netAppAccounts/capacityPools/read", "Microsoft.NetApp/netAppAccounts/capacityPools/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/read", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/delete", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/read", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/delete", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/read", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/delete", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/GetMetadata/action", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/MountTargets/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/read", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/read", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/write", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/delete", "Microsoft.Features/features/read", "Microsoft.Features/operations/read", "Microsoft.Features/providers/features/read", "Microsoft.Features/providers/features/register/action", "Microsoft.Features/providers/features/unregister/action", "Microsoft.Features/subscriptionFeatureRegistrations/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } }
-
-
The Azure
location
that contains at least one delegated subnet. As of Trident 22.01, thelocation
parameter is a required field at the top level of the backend configuration file. Location values specified in virtual pools are ignored.
Additional requirements for SMB volumes
-
A Kubernetes cluster with a Linux controller node and at least one Windows worker node running Windows Server 2019. Astra Trident supports SMB volumes mounted to pods running on Windows nodes only.
-
At least one Astra Trident secret containing your Active Directory credentials so ANF can authenticate to Active Directory. To generate secret
smbcreds
:kubectl create secret generic smbcreds --from-literal username=user --from-literal password='pw'
-
A CSI proxy configured as a Windows service. To configure a
csi-proxy
, refer to GitHub: CSI Proxy or GitHub: CSI Proxy for Windows for Kubernetes nodes running on Windows.