Configure an Azure NetApp Files backend
Suggest changes
PDFs
You can configure Azure NetApp Files as the backend for Astra Trident. You can attach NFS and SMB volumes using an Azure NetApp Files backend. Astra Trident also supports credential management using managed identities for Azure Kubernetes Services (AKS) clusters.
Azure NetApp Files driver details
Astra Trident provides the following Azure NetApp Files storage drivers to communicate with the cluster. Supported access modes are: ReadWriteOnce (RWO), ReadOnlyMany (ROX), ReadWriteMany (RWX), ReadWriteOncePod (RWOP).
| Driver | Protocol | volumeMode | Access modes supported | File systems supported |
|---|---|---|---|---|
|
NFS |
Filesystem |
RWO, ROX, RWX, RWOP |
|
Considerations
-
The Azure NetApp Files service does not support volumes smaller than 100 GB. Astra Trident automatically creates 100-GiB volumes if a smaller volume is requested.
-
Astra Trident supports SMB volumes mounted to pods running on Windows nodes only.
Managed identities for AKS
Astra Trident supports managed identities for Azure Kubernetes Services clusters. To take advantage of streamlined credential management offered by managed identities, you must have:
-
A Kubernetes cluster deployed using AKS
-
Managed identities configured on the AKS kubernetes cluster
-
Astra Trident installed that includes the
cloudProviderto specify"Azure".Trident operatorTo install Astra Trident using the Trident operator, edit
tridentorchestrator_cr.yamlto setcloudProviderto"Azure". For example:apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullPolicy: IfNotPresent cloudProvider: "Azure"
HelmThe following example installs Astra Trident sets
cloudProviderto Azure using the environment variable$CP:helm install trident trident-operator-100.2402.0.tgz --create-namespace --namespace <trident-namespace> --set cloudProvider=$CP
tridentctlThe following example installs Astra Trident and sets the
cloudProviderflag toAzure:tridentctl install --cloud-provider="Azure" -n trident
Cloud identity for AKS
Cloud identity enables Kubernetes pods to access Azure resources by authenticating as a workload identity instead of by providing explicit Azure credentials.
To take advantage of cloud identity in Azure, you must have:
-
A Kubernetes cluster deployed using AKS
-
Workload identity and oidc-issuer configured on the AKS Kubernetes cluster
-
Astra Trident installed that includes the
cloudProviderto specify"Azure"andcloudIdentityspecifying workload identityTrident operatorTo install Astra Trident using the Trident operator, edit
tridentorchestrator_cr.yamlto setcloudProviderto"Azure"and setcloudIdentitytoazure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx.For example:
apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullPolicy: IfNotPresent cloudProvider: "Azure" *cloudIdentity: 'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'*
HelmSet the values for cloud-provider (CP) and cloud-identity (CI) flags using the following environment variables:
export CP="Azure"
export CI="azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"The following example installs Astra Trident and sets
cloudProviderto Azure using the environment variable$CPand sets thecloudIdentityusing the environment variable$CI:helm install trident trident-operator-100.2402.0.tgz --set cloudProvider=$CP --set cloudIdentity=$CI
tridentctlSet the values for cloud provider and cloud identity flags using the following environment variables:
export CP="Azure"
export CI="azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"The following example installs Astra Trident and sets the
cloud-providerflag to$CP, andcloud-identityto$CI:tridentctl install --cloud-provider=$CP --cloud-identity="$CI" -n trident