Configure an Azure NetApp Files backend
You can configure Azure NetApp Files as the backend for Trident. You can attach NFS and SMB volumes using an Azure NetApp Files backend. Trident also supports credential management using managed identities for Azure Kubernetes Services (AKS) clusters.
Azure NetApp Files driver details
Trident provides the following Azure NetApp Files storage drivers to communicate with the cluster. Supported access modes are: ReadWriteOnce (RWO), ReadOnlyMany (ROX), ReadWriteMany (RWX), ReadWriteOncePod (RWOP).
Driver | Protocol | volumeMode | Access modes supported | File systems supported |
---|---|---|---|---|
|
NFS |
Filesystem |
RWO, ROX, RWX, RWOP |
|
Considerations
-
The Azure NetApp Files service does not support volumes smaller than 50 GiB. Trident automatically creates 50-GiB volumes if a smaller volume is requested.
-
Trident supports SMB volumes mounted to pods running on Windows nodes only.
Managed identities for AKS
Trident supports managed identities for Azure Kubernetes Services clusters. To take advantage of streamlined credential management offered by managed identities, you must have:
-
A Kubernetes cluster deployed using AKS
-
Managed identities configured on the AKS kubernetes cluster
-
Trident installed that includes the
cloudProvider
to specify"Azure"
.Trident operatorTo install Trident using the Trident operator, edit
tridentorchestrator_cr.yaml
to setcloudProvider
to"Azure"
. For example:apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullPolicy: IfNotPresent cloudProvider: "Azure"
HelmThe following example installs Trident sets
cloudProvider
to Azure using the environment variable$CP
:helm install trident trident-operator-100.2410.0.tgz --create-namespace --namespace <trident-namespace> --set cloudProvider=$CP
tridentctl
The following example installs Trident and sets the
cloudProvider
flag toAzure
:tridentctl install --cloud-provider="Azure" -n trident
Cloud identity for AKS
Cloud identity enables Kubernetes pods to access Azure resources by authenticating as a workload identity instead of by providing explicit Azure credentials.
To take advantage of cloud identity in Azure, you must have:
-
A Kubernetes cluster deployed using AKS
-
Workload identity and oidc-issuer configured on the AKS Kubernetes cluster
-
Trident installed that includes the
cloudProvider
to specify"Azure"
andcloudIdentity
specifying workload identityTrident operatorTo install Trident using the Trident operator, edit
tridentorchestrator_cr.yaml
to setcloudProvider
to"Azure"
and setcloudIdentity
toazure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
.For example:
apiVersion: trident.netapp.io/v1 kind: TridentOrchestrator metadata: name: trident spec: debug: true namespace: trident imagePullPolicy: IfNotPresent cloudProvider: "Azure" *cloudIdentity: 'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'*
HelmSet the values for cloud-provider (CP) and cloud-identity (CI) flags using the following environment variables:
export CP="Azure"
export CI="'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'"
The following example installs Trident and sets
cloudProvider
to Azure using the environment variable$CP
and sets thecloudIdentity
using the environment variable$CI
:helm install trident trident-operator-100.2410.0.tgz --set cloudProvider=$CP --set cloudIdentity="$CI"
tridentctl
Set the values for cloud provider and cloud identity flags using the following environment variables:
export CP="Azure"
export CI="azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"
The following example installs Trident and sets the
cloud-provider
flag to$CP
, andcloud-identity
to$CI
:tridentctl install --cloud-provider=$CP --cloud-identity="$CI" -n trident