Skip to main content

Configure an Azure NetApp Files backend

Contributors netapp-aruldeepa juliantap

You can configure Azure NetApp Files as the backend for Trident. You can attach NFS and SMB volumes using an Azure NetApp Files backend. Trident also supports credential management using managed identities for Azure Kubernetes Services (AKS) clusters.

Azure NetApp Files driver details

Trident provides the following Azure NetApp Files storage drivers to communicate with the cluster. Supported access modes are: ReadWriteOnce (RWO), ReadOnlyMany (ROX), ReadWriteMany (RWX), ReadWriteOncePod (RWOP).

Driver Protocol volumeMode Access modes supported File systems supported

azure-netapp-files

NFS
SMB

Filesystem

RWO, ROX, RWX, RWOP

nfs, smb

Considerations

  • The Azure NetApp Files service does not support volumes smaller than 50 GiB. Trident automatically creates 50-GiB volumes if a smaller volume is requested.

  • Trident supports SMB volumes mounted to pods running on Windows nodes only.

Managed identities for AKS

Trident supports managed identities for Azure Kubernetes Services clusters. To take advantage of streamlined credential management offered by managed identities, you must have:

  • A Kubernetes cluster deployed using AKS

  • Managed identities configured on the AKS kubernetes cluster

  • Trident installed that includes the cloudProvider to specify "Azure".

    Trident operator

    To install Trident using the Trident operator, edit tridentorchestrator_cr.yaml to set cloudProvider to "Azure". For example:

    apiVersion: trident.netapp.io/v1
    kind: TridentOrchestrator
    metadata:
      name: trident
    spec:
      debug: true
      namespace: trident
      imagePullPolicy: IfNotPresent
      cloudProvider: "Azure"
    Helm

    The following example installs Trident sets cloudProvider to Azure using the environment variable $CP:

    helm install trident trident-operator-100.2410.0.tgz --create-namespace --namespace <trident-namespace> --set cloudProvider=$CP
    tridentctl

    The following example installs Trident and sets the cloudProvider flag to Azure:

    tridentctl install --cloud-provider="Azure" -n trident

Cloud identity for AKS

Cloud identity enables Kubernetes pods to access Azure resources by authenticating as a workload identity instead of by providing explicit Azure credentials.

To take advantage of cloud identity in Azure, you must have:

  • A Kubernetes cluster deployed using AKS

  • Workload identity and oidc-issuer configured on the AKS Kubernetes cluster

  • Trident installed that includes the cloudProvider to specify "Azure" and cloudIdentity specifying workload identity

    Trident operator

    To install Trident using the Trident operator, edit tridentorchestrator_cr.yaml to set cloudProvider to "Azure" and set cloudIdentity to azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx.

    For example:

    apiVersion: trident.netapp.io/v1
    kind: TridentOrchestrator
    metadata:
      name: trident
    spec:
      debug: true
      namespace: trident
      imagePullPolicy: IfNotPresent
      cloudProvider: "Azure"
      *cloudIdentity: 'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'*
    Helm

    Set the values for cloud-provider (CP) and cloud-identity (CI) flags using the following environment variables:

    export CP="Azure"
    export CI="'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'"

    The following example installs Trident and sets cloudProvider to Azure using the environment variable $CP and sets the cloudIdentity using the environment variable $CI:

    helm install trident trident-operator-100.2410.0.tgz --set cloudProvider=$CP --set cloudIdentity="$CI"
    tridentctl

    Set the values for cloud provider and cloud identity flags using the following environment variables:

    export CP="Azure"
    export CI="azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"

    The following example installs Trident and sets the cloud-provider flag to $CP, and cloud-identity to $CI:

    tridentctl install --cloud-provider=$CP --cloud-identity="$CI" -n trident