准备配置Azure NetApp Files 后端
建议更改
PDF
在配置Azure NetApp Files 后端之前、您需要确保满足以下要求。
NFS和SMB卷的前提条件
如果您是首次使用Azure NetApp Files 或在新位置使用、则需要进行一些初始配置来设置Azure NetApp Files 并创建NFS卷。请参见 "Azure:设置Azure NetApp Files 并创建NFS卷"。
配置和使用 "Azure NetApp Files" 后端,您需要满足以下要求:
|
|
-
一个容量池。请参见 "Microsoft:为Azure NetApp Files 创建容量池"。
-
委派给Azure NetApp Files 的子网。请参见 "Microsoft:将子网委派给Azure NetApp Files"。
-
ssubscriptionID来自启用了 Azure NetApp Files 的 Azure 订阅。 -
tenantID,clientID,和clientSecret从 "应用程序注册" 在 Azure Active Directory 中,具有足够的 Azure NetApp Files 服务权限。应用程序注册应使用以下任一项:-
所有者或贡献者角色 "由Azure预定义"。
-
"自定义贡献者角色"订阅级别(`assignableScopes`的)具有以下权限,这些权限仅限于Trident所需的权限。创建自定义角色后,"使用Azure门户分配角色"。
自定义贡献者角色
{ "id": "/subscriptions/<subscription-id>/providers/Microsoft.Authorization/roleDefinitions/<role-definition-id>", "properties": { "roleName": "custom-role-with-limited-perms", "description": "custom role providing limited permissions", "assignableScopes": [ "/subscriptions/<subscription-id>" ], "permissions": [ { "actions": [ "Microsoft.NetApp/netAppAccounts/capacityPools/read", "Microsoft.NetApp/netAppAccounts/capacityPools/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/read", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/delete", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/read", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/write", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/delete", "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/MountTargets/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/read", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/read", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/write", "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/delete", "Microsoft.Features/features/read", "Microsoft.Features/operations/read", "Microsoft.Features/providers/features/read", "Microsoft.Features/providers/features/register/action", "Microsoft.Features/providers/features/unregister/action", "Microsoft.Features/subscriptionFeatureRegistrations/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } }
-
-
Azure
location至少包含一个 "委派子网"。自Trident 22.01日开始location参数是后端配置文件顶层的必填字段。在虚拟池中指定的位置值将被忽略。 -
以使用
Cloud Identity`请获取 `client ID从A "用户分配的托管身份" 并在中指定此IDazure.workload.identity/client-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx。
SMB卷的其他要求
要创建SMB卷、您必须具有:
-
已配置Active Directory并连接到Azure NetApp Files。请参见 "Microsoft:创建和管理Azure NetApp Files 的Active Directory连接"。
-
一个Kubernetes集群、其中包含一个Linux控制器节点以及至少一个运行Windows Server 2022的Windows工作节点。Trident仅支持挂载到Windows节点上运行的Pod的SMB卷。
-
至少一个包含Active Directory凭据的Trident密钥、以便Azure NetApp Files可以向Active Directory进行身份验证。生成密钥
smbcreds:kubectl create secret generic smbcreds --from-literal username=user --from-literal password='password'
-
配置为Windows服务的CSI代理。配置
csi-proxy、请参见 "GitHub:CSI代理" 或 "GitHub:适用于Windows的CSI代理" 适用于在Windows上运行的Kubernetes节点。