Configure an Azure NetApp Files backend
Suggest changes
PDFs
You can configure Azure NetApp Files as the backend for Trident. You can attach NFS and SMB volumes using an Azure NetApp Files backend. Trident also supports credential management using managed identities for Azure Kubernetes Services (AKS) clusters.
Azure NetApp Files driver details
Trident provides the following Azure NetApp Files storage drivers to communicate with the cluster. Supported access modes are: ReadWriteOnce (RWO), ReadOnlyMany (ROX), ReadWriteMany (RWX), ReadWriteOncePod (RWOP).
| Driver | Protocol | volumeMode | Access modes supported | File systems supported |
|---|---|---|---|---|
|
NFS |
Filesystem |
RWO, ROX, RWX, RWOP |
|
Considerations
-
The Azure NetApp Files service does not support volumes smaller than 50 GiB. Trident automatically creates 50-GiB volumes if a smaller volume is requested.
-
Trident supports SMB volumes mounted to pods running on Windows nodes only.
Managed identities for AKS
Trident supports managed identities for Azure Kubernetes Services clusters. To take advantage of streamlined credential management offered by managed identities, you must have:
-
A Kubernetes cluster deployed using AKS
-
Managed identities configured on the AKS kubernetes cluster
-
Trident installed that includes the
cloudProviderto specify"Azure".Trident operatorTo install Trident using the Trident operator, edit
tridentorchestrator_cr.yamlto setcloudProviderto"Azure". For example:apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullPolicy: IfNotPresent cloudProvider: "Azure"HelmThe following example installs Trident sets
cloudProviderto Azure using the environment variable$CP:helm install trident trident-operator-100.2506.0.tgz --create-namespace --namespace <trident-namespace> --set cloudProvider=$CP
tridentctlThe following example installs Trident and sets the
cloudProviderflag toAzure:tridentctl install --cloud-provider="Azure" -n trident
Cloud identity for AKS
Cloud identity enables Kubernetes pods to access Azure resources by authenticating as a workload identity instead of by providing explicit Azure credentials.
To take advantage of cloud identity in Azure, you must have:
-
A Kubernetes cluster deployed using AKS
-
Workload identity and oidc-issuer configured on the AKS Kubernetes cluster
-
Trident installed that includes the
cloudProviderto specify"Azure"andcloudIdentityspecifying workload identityTrident operatorTo install Trident using the Trident operator, edit
tridentorchestrator_cr.yamlto setcloudProviderto"Azure"and setcloudIdentitytoazure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx.For example:
apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullPolicy: IfNotPresent cloudProvider: "Azure" cloudIdentity: 'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx' # EditHelmSet the values for cloud-provider (CP) and cloud-identity (CI) flags using the following environment variables:
export CP="Azure"
export CI="'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'"The following example installs Trident and sets
cloudProviderto Azure using the environment variable$CPand sets thecloudIdentityusing the environment variable$CI:helm install trident trident-operator-100.6.0.tgz --set cloudProvider=$CP --set cloudIdentity="$CI"
tridentctlSet the values for cloud provider and cloud identity flags using the following environment variables:
export CP="Azure"
export CI="azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"The following example installs Trident and sets the
cloud-providerflag to$CP, andcloud-identityto$CI:tridentctl install --cloud-provider=$CP --cloud-identity="$CI" -n trident