refer to driver parameters for more detailed usage
- Create storage class
kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/storageclass-blobfuse.yaml
This option does not depend on cloud provider config file, supports cross subscription and on-premise cluster scenario.
- Use
kubectl create secret
to createazure-secret
with existing storage account name and key
kubectl create secret generic azure-secret --from-literal azurestorageaccountname=NAME --from-literal azurestorageaccountkey="KEY" --type=Opaque
- create storage class referencing
azure-secret
kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/storageclass-blob-secret.yaml
- Create a statefulset with volume mount
kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/statefulset.yaml
- Execute
df -h
command in the container
kubectl exec -it statefulset-blob-0 -- df -h
Filesystem Size Used Avail Use% Mounted on ... blobfuse 14G 41M 13G 1% /mnt/blob ...
make sure cluster identity could access storage account
- Download blob storage CSI storage class, edit
resourceGroup
,storageAccount
,containerName
in storage class
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: blob-fuse
provisioner: blob.csi.azure.com
parameters:
resourceGroup: EXISTING_RESOURCE_GROUP_NAME
storageAccount: EXISTING_STORAGE_ACCOUNT_NAME # cross subscription is not supported
containerName: EXISTING_CONTAINER_NAME
reclaimPolicy: Retain # If set as "Delete" container would be removed after pvc deletion
volumeBindingMode: Immediate
- Create storage class and PVC
kubectl create -f storageclass-blobfuse-existing-container.yaml
kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/pvc-blob-csi.yaml
- Use
kubectl create secret
to createazure-secret
with existing storage account name and key(or sastoken)
kubectl create secret generic azure-secret --from-literal azurestorageaccountname=NAME --from-literal azurestorageaccountkey="KEY" --type=Opaque
or create azure-secret
with existing storage account name and sastoken:
kubectl create secret generic azure-secret --from-literal azurestorageaccountname=NAME --from-literal azurestorageaccountsastoken
="sastoken" --type=Opaque
storage account key(or sastoken) could also be stored in Azure Key Vault, check example here: read-from-keyvault
- Create PV: download
pv-blobfuse-csi.yaml
file and editcontainerName
involumeAttributes
apiVersion: v1
kind: PersistentVolume
metadata:
annotations:
pv.kubernetes.io/provisioned-by: blob.csi.azure.com
name: pv-blob
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
csi:
driver: blob.csi.azure.com
# make sure volumeid is unique for every storage blob container in the cluster
# the # character is reserved for internal use, the / character is not allowed
volumeHandle: account-name_container-name
volumeAttributes:
containerName: EXISTING_CONTAINER_NAME
nodeStageSecretRef:
name: azure-secret
namespace: default
- Create PV and PVC
kubectl create -f pv-blobfuse-csi.yaml
kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/pvc-blob-csi-static.yaml
- make sure pvc is created and in
Bound
status after a while
kubectl describe pvc pvc-blob
kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/nginx-pod-blob.yaml
- Execute
df -h
command in the container
kubectl exec -it nginx-blob -- df -h
Filesystem Size Used Avail Use% Mounted on ... blobfuse 14G 41M 13G 1% /mnt/blob ...
In the above example, there is a /mnt/blob
directory mounted as blobfuse
filesystem.
- inline volume does not support nfs protocol
- to avoid performance issue, use persistent volume instead of inline volume when numerous pods are accessing the same volume.
- in below blobfuse mount example, create
azure-secret
with existing storage account name and key in the same namespace as pod, both secret and pod are indefault
namespace
kubectl create secret generic azure-secret --from-literal azurestorageaccountname=NAME --from-literal azurestorageaccountkey="KEY" --type=Opaque
- download
nginx-pod-azurefile-inline-volume.yaml
file and editcontainerName
,secretName
wget https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/nginx-blobfuse-inline-volume.yaml
#edit nginx-blobfuse-inline-volume.yaml
kubectl create -f nginx-blobfuse-inline-volume.yaml