简体中文版经机器翻译而成,仅供参考。如与英语版出现任何冲突,应以英语版为准。

准备配置Azure NetApp Files 后端

提供者

在配置Azure NetApp Files 后端之前、您需要确保满足以下要求。

如果您是首次使用 Azure NetApp Files 或在新位置使用,则需要进行一些初始配置。

要求

配置和使用 "Azure NetApp Files" 后端,您需要满足以下要求:

  • ssubscriptionID 来自启用了 Azure NetApp Files 的 Azure 订阅。

  • tenantIDclientID,和 clientSecret"应用程序注册" 在 Azure Active Directory 中,具有足够的 Azure NetApp Files 服务权限。应用程序注册应使用以下任一项:

    • 所有者或贡献者角色 "由Azure预定义"

    • "自定义贡献者角色" 订阅级别 (assignableScopes)、并具有以下权限、这些权限仅限于Astra Trident所需的权限。创建自定义角色后、 "使用Azure门户分配角色"

      {
          "id": "/subscriptions/<subscription-id>/providers/Microsoft.Authorization/roleDefinitions/<role-definition-id>",
          "properties": {
              "roleName": "custom-role-with-limited-perms",
              "description": "custom role providing limited permissions",
              "assignableScopes": [
                  "/subscriptions/<subscription-id>"
              ],
              "permissions": [
                  {
                      "actions": [
                          "Microsoft.NetApp/netAppAccounts/capacityPools/read",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/write",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/read",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/write",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/delete",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/read",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/write",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots/delete",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/read",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/write",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/delete",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/subvolumes/GetMetadata/action",
                          "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/MountTargets/read",
                          "Microsoft.Network/virtualNetworks/read",
                          "Microsoft.Network/virtualNetworks/subnets/read",
                          "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/read",
                          "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/write",
                          "Microsoft.Features/featureProviders/subscriptionFeatureRegistrations/delete",
                          "Microsoft.Features/features/read",
                          "Microsoft.Features/operations/read",
                          "Microsoft.Features/providers/features/read",
                          "Microsoft.Features/providers/features/register/action",
                          "Microsoft.Features/providers/features/unregister/action",
                          "Microsoft.Features/subscriptionFeatureRegistrations/read"
                      ],
                      "notActions": [],
                      "dataActions": [],
                      "notDataActions": []
                  }
              ]
          }
      }
  • Azure location 至少包含一个 "委派子网"。自Trident 22.01日开始 location 参数是后端配置文件顶层的必填字段。在虚拟池中指定的位置值将被忽略。

SMB卷的其他要求

  • 一个Kubernetes集群、其中包含一个Linux控制器节点以及至少一个运行Windows Server 2019的Windows工作节点。Astra Trident仅支持将SMB卷挂载到Windows节点上运行的Pod。

  • 至少有一个包含Active Directory凭据的Astra Trident密钥、以便ANF可以向Active Directory进行身份验证。以生成密钥 smbcreds

    kubectl create secret generic smbcreds --from-literal username=user --from-literal password='pw'
  • 配置为Windows服务的CSI代理。配置 csi-proxy、请参见 "GitHub:CSI代理""GitHub:适用于Windows的CSI代理" 适用于在Windows上运行的Kubernetes节点。