准备配置Azure NetApp Files 后端
建议更改
PDF
在配置Azure NetApp Files 后端之前、您需要确保满足以下要求。
NFS和SMB卷的前提条件
如果您是首次使用Azure NetApp Files 或在新位置使用、则需要进行一些初始配置来设置Azure NetApp Files 并创建NFS卷。请参阅 "Azure:设置Azure NetApp Files 并创建NFS卷"。
要配置和使用 "Azure NetApp Files"后端、您需要满足以下条件:
|
|
-
一个容量池。请参阅 "Microsoft:为Azure NetApp Files 创建容量池"。
-
委派给Azure NetApp Files 的子网。请参阅 "Microsoft:将子网委派给Azure NetApp Files"。
-
`subscriptionID`通过启用了Azure NetApp Files的Azure订阅。
-
tenantIDclientID`和 `clientSecret"应用程序注册"中具有足够权限的Azure NetApp Files服务。应用程序注册应使用以下任一项:-
所有者或贡献者角色"由Azure预定义"。
-
"自定义贡献者角色"订阅级别的(
assignableScopes)具有以下权限,这些权限仅限于Astra Trident所需的权限。创建自定义角色后,"使用Azure门户分配角色"。自定义贡献者角色
{ "id": "/subscriptions/<subscription-id>/providers/Microsoft.Authorization/roleDefinitions/<role-definition-id>", "properties": { "roleName": "custom-role-with-limited-perms", "description": "custom role providing limited permissions", "assignableScopes": [ "/subscriptions/<subscription-id>" ], "permissions": [ { "actions": [ "Microsoft.NetApp/netAppAccounts/capacityPools/read", "Microsoft.NetApp/netAppAccounts/capacityPools/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/read", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/delete", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/read", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/delete", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/MountTargets/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/read", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/read", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/write", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/delete", "Microsoft.Features/features/read", "Microsoft.Features/operations/read", "Microsoft.Features/providers/features/read", "Microsoft.Features/providers/features/register/action", "Microsoft.Features/providers/features/unregister/action", "Microsoft.Features/subscriptionFeatureRegistrations/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } }
-
-
至少包含一个 "委派子网"的Azure
location。自Trident 22.01起、 `location`参数是后端配置文件顶层的必填字段。在虚拟池中指定的位置值将被忽略。 -
要使用
Cloud Identity,请从 "用户分配的托管身份"获取client ID`并在中指定该ID `azure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx。
SMB卷的其他要求
要创建SMB卷、您必须具有:
-
已配置Active Directory并连接到Azure NetApp Files。请参阅 "Microsoft:创建和管理Azure NetApp Files 的Active Directory连接"。
-
一个Kubernetes集群、其中包含一个Linux控制器节点以及至少一个运行Windows Server 2022的Windows工作节点。Astra Trident仅支持将SMB卷挂载到Windows节点上运行的Pod。
-
至少一个包含Active Directory凭据的Astra Trident密钥、以便Azure NetApp Files 可以向Active Directory进行身份验证。生成密钥
smbcreds:kubectl create secret generic smbcreds --from-literal username=user --from-literal password='password'
-
配置为Windows服务的CSI代理。要配置
csi-proxy,请参阅"GitHub:CSI代理"或了解在Windows上运行的Kubornetes"GitHub:适用于Windows的CSI代理"节点。