lastcoolnameleft
8/6/2018 - 4:10 PM

Azure Files + Symlink

Azure Files + Symlink

aks-azure-files-symlink.md
content_copyfile_download
  • Rendered
  • Source
# kubectl create secret generic azure-files-secret --from-literal=azurestorageaccountname=STORAGE_ACCOUNT_NAME --from-literal=azurestorageaccountkey=STORAGE_ACCOUNT_KEY
apiVersion: v1
kind: PersistentVolume
metadata:
  name: azure-files-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  azureFile:
    secretName: azure-files-secret
    shareName: k8sshare
    readOnly: false
  mountOptions:
  - dir_mode=0777
  - file_mode=0777
  - uid=1000
  - gid=1000
  - mfsymlinks
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: azure-files-pvc
spec:
  accessModes:
  - ReadWriteMany
  resources:
    requests:
      storage: 5Gi
  volumeName: azure-files-pv
  storageClassName: ""
---
kind: Pod
apiVersion: v1
metadata:
  name: azure-volumes
spec:
  containers:
    - name: nginx
      image: nginx
      volumeMounts:
      - mountPath: "/mnt/azure-files"
        name: azure-files
  volumes:
    - name: azure-files
      persistentVolumeClaim:
        claimName: azure-files-pvc

Test

root@azure-volumes:/mnt/azure-files# dd if=/dev/zero of=/mnt/azure-files/output bs=8k count=10k
10240+0 records in
10240+0 records out
83886080 bytes (84 MB, 80 MiB) copied, 5.6235 s, 14.9 MB/s
root@azure-volumes:/mnt/azure-files# echo "foo" > foo.txt
root@azure-volumes:/mnt/azure-files# ln -s foo.txt bar.txt
root@azure-volumes:/mnt/azure-files# cat bar.txt
foo

If you encounter this issue with PVC:

  Warning  ProvisioningFailed  11s   persistentvolume-controller  Failed to provision volume with StorageClass "azurefile": Couldn't create secret secrets is forbidden: User "system:serviceaccount:kube-system:persistent-volume-binder" cannot create secrets in the namespace "default"

Solution: https://github.com/kubernetes/kubernetes/issues/59543

# kubectl create clusterrole system:azure-cloud-provider --verb=get,create --resource=secrets

clusterrole.rbac.authorization.k8s.io "system:azure-cloud-provider" created
#  kubectl create clusterrolebinding system:azure-cloud-provider --clusterrole=system:azure-cloud-provider --serviceaccount=kube-system:persistent-volume-binder

clusterrolebinding.rbac.authorization.k8s.io "system:azure-cloud-provider" created