demo
demo copied to clipboard
andyzhangx
Question about the secrect of Azure Storage Account?
Could you explain how to use azure-secret.yaml (azure storage secret) in your process? I do not see how the azure-secret to be used? Thanks!
azure-secret.yaml could be used in azure file, see example:
https://github.com/andyzhangx/Demo/tree/master/linux/azurefile#static-provisioning-for-azure-file-in-linux-support-from-v150
@andyzhangx My Linux Pods are able to connect to my azure file share. My real problem is my Windows Pods are not able to connect to the existing Azure file shares (for both same resource group and different resource group). my k8s hybrid cluster (0.8.0) kubernetes 1.8.0. the windows test pod yaml file is (static). Thank you for your help! apiVersion: v1 kind: Pod metadata: name: iis-azfile01 spec: nodeSelector: beta.kubernetes.io/os: windows containers:
- image: microsoft/iis:latest
name: iis-azfile01
volumeMounts:
- name: azureiis mountPath: '/mnt/azure' volumes:
- name: azureiis azureFile: secretName: azure-secret shareName: k8stest02 readOnly: false
@andyzhangx I also follow you example of Windows Pods dynamic binding to azure files shares on k8s 1.8.0 (acs-engine 0.8.0). The file mount within the Windows Pods did not work. (The dynamic file share was created in storage account, but the pods cannot write file to it.)
@fengli858 sorry I should update the azure file example doc earlier: azure file mount feature is only supported on Windows Server version 1709.
For how to set up k8s cluster with windows 1709, you should git pull latest acs-engine, make build, and then go build to get the most updated acs-engine binary and then follow the update example doc here:
https://github.com/andyzhangx/Demo/tree/master/windows/azurefile
Let me know if you have any other issue, thx.
@andyzhangx Youe examples are very helpful! I am updating my systems to 1709 to try the Microsoft new docker images 1709. Thanks!
@andyzhangx The problem of Kubernetes mount volume within Pod on Azure File Shares has been resolved after using new Microsoft Windows Container base image 1709 (for Windows Server 1709)! Steps to resolve the issue: (Static binding to storage account at different resource group)
- Rebuild Docker image using the Microsoft Windows Container Images tagged with 1709. (microsoft/aspnet: 3.5-windowsservercore-1709)
- Create Kubernetes cluster on Azure using acs-engine 0.9.4 (github.com). The cluster has 2 Window’s work agent with Windows Server 1709.
- Deploy the Docker images to cluster (with Azure File volume mount and storage access secrets) (see below yaml file)
- My website custom log files appear on Azure File Shares (Azure storage account). Thank you for your hints!
apiVersion: extensions/v1beta1 kind: Deployment metadata: name: azurefile1709 spec: replicas: 1 template: metadata: labels: app: azurefile1709 spec: nodeSelector: beta.kubernetes.io/os: windows containers: - image: microsoft/aspnet:3.5-windowsservercore-1709 name: azurefile1709 ports: - containerPort: 80 volumeMounts: - name: azure mountPath: '/mnt/azure' volumes: - name: azure azureFile: secretName: azure-secret shareName: agilek8stest readOnly: false
@andyzhangx (1) For acs-engine 0.9.3 cluster (kubernetes 1.8.2), I got lots of error message when I deployed the Pods (such as Sync Pods Error, Cannot create sandbox ...) (2) When I switch to acs-engine 0.9.4 (kubenetes 1.8.2), the cluster works fine so far. (only 2 days -:)) Thanks!