Skip to main content

Configure an Azure NetApp Files backend

Contributors netapp-aruldeepa juliantap

You can configure Azure NetApp Files as the backend for Trident. You can attach NFS and SMB volumes using an Azure NetApp Files backend. Trident also supports credential management using managed identities for Azure Kubernetes Services (AKS) clusters.

Azure NetApp Files driver details

Trident provides the following Azure NetApp Files storage drivers to communicate with the cluster. Supported access modes are: ReadWriteOnce (RWO), ReadOnlyMany (ROX), ReadWriteMany (RWX), ReadWriteOncePod (RWOP).

Driver Protocol volumeMode Access modes supported File systems supported

azure-netapp-files

NFS
SMB

Filesystem

RWO, ROX, RWX, RWOP

nfs, smb

Considerations

  • The Azure NetApp Files service does not support volumes smaller than 50 GiB. Trident automatically creates 50-GiB volumes if a smaller volume is requested.

  • Trident supports SMB volumes mounted to pods running on Windows nodes only.

Managed identities for AKS

Trident supports managed identities for Azure Kubernetes Services clusters. To take advantage of streamlined credential management offered by managed identities, you must have:

  • A Kubernetes cluster deployed using AKS

  • Managed identities configured on the AKS kubernetes cluster

  • Trident installed that includes the cloudProvider to specify "Azure".

    Trident operator

    To install Trident using the Trident operator, edit tridentorchestrator_cr.yaml to set cloudProvider to "Azure". For example:

    apiVersion: trident.netapp.io/v1
kind: TridentOrchestrator
metadata:
  name: trident
spec:
  debug: true
  namespace: trident
  imagePullPolicy: IfNotPresent
  cloudProvider: "Azure"

Cloud identity for AKS

Cloud identity enables Kubernetes pods to access Azure resources by authenticating as a workload identity instead of by providing explicit Azure credentials.

To take advantage of cloud identity in Azure, you must have:

  • A Kubernetes cluster deployed using AKS

  • Workload identity and oidc-issuer configured on the AKS Kubernetes cluster

  • Trident installed that includes the cloudProvider to specify "Azure" and cloudIdentity specifying workload identity

    Trident operator

    To install Trident using the Trident operator, edit tridentorchestrator_cr.yaml to set cloudProvider to "Azure" and set cloudIdentity to azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx.

    For example:

    apiVersion: trident.netapp.io/v1
kind: TridentOrchestrator
metadata:
  name: trident
spec:
  debug: true
  namespace: trident
  imagePullPolicy: IfNotPresent
  cloudProvider: "Azure"
  *cloudIdentity: 'azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'*