WARNING: This driver is in maintenance mode. To access Azure blob storage in Kubernetes, you need to install Blob CSI driver, if you are using AKS, you could install managed blob csi driver on AKS.
- supported Kubernetes version: v1.7.0 or above
- supported agent OS: Linux
This driver allows Kubernetes to access virtual filesystem backed by the Azure Blob storage.
| Name | Meaning | Example | Mandatory |
|---|---|---|---|
| container | identical to container-name in blobfuse mount options |
test |
Yes |
| tmppath | identical to tmp-path in blobfuse mount options |
/mnt/blobfuse{random-num}(by default) |
No |
| driverpath | location of blobfuse binary |
/usr/bin/blobfuse |
No |
| mountoptions | other mount options | --file-cache-timeout-in-seconds=120 --use-https=true |
No |
fsGroupsecurityContext setting
Blobfuse driver does not honor fsGroup securityContext setting, instead user could use -o gid=1000 in mountoptions to set ownership, example pv-blobfuse-flexvol-gid.yaml, check https://github.com/Azure/azure-storage-fuse#mount-options for more mountoptions.
mcr.microsoft.com/k8s/flexvolume/blobfuse-flexvolume:1.0.18
- An azure storage account and a container should be created in the same region with the kubernetes cluster and storage account name, account key, container name should be provided in below example.
- Make sure blobfuse driver has already been installed on every agent node of Kubernetes cluster
Note: skip this step in AKS and aks-engine
Please refer to config kubelet service to enable FlexVolume driver
- v1.9 or above
kubectl apply -f https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/blobfuse/deployment/blobfuse-flexvol-installer-1.9.yaml- check daemonset status:
watch kubectl describe daemonset blobfuse-flexvol-installer --namespace=kube-system
watch kubectl get po --namespace=kube-system -o wideinstall blobfuse driver manually, follow step here
- create a secret which stores azure storage account name and account key
kubectl create secret generic blobfusecreds --from-literal accountname=ACCOUNT-NAME --from-literal accountkey="ACCOUNT-KEY" --type="azure/blobfuse"- create a secret which stores azure storage account name and account SAS token
kubectl create secret generic blobfusecreds --from-literal accountname=ACCOUNT-NAME --from-literal accountsastoken="sastoken" --type="azure/blobfuse"Sovereign Cloud support, add
blobendpointparameter in above commands
kubectl create secret generic blobfusecreds --from-literal blobendpoint="<youraccountname>.blob.core.chinacloudapi.cn" ...available sovereign cloud names(more details could be found here):
<youraccountname>.blob.core.usgovcloudapi.net
<youraccountname>.blob.core.chinacloudapi.cn
<youraccountname>.blob.core.cloudapi.de
- download
nginx-flex-blobfuse.yamlfile and modifycontainer,tmppath(optional) field
wget -O nginx-flex-blobfuse.yaml https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/blobfuse/nginx-flex-blobfuse.yaml
vi nginx-flex-blobfuse.yaml- create a pod with blobfuse flexvolume driver mount
kubectl create -f nginx-flex-blobfuse.yamlNote: access modes of blobfuse PV supports ReadWriteOnce(RWO), ReadOnlyMany(ROX) and ReadWriteMany(RWX)
- download
pv-blobfuse-flexvol.yamlfile, modifycontainerfield and create a blobfuse flexvolume persistent volume(PV)
wget https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/blobfuse/pv-blobfuse-flexvol.yaml
vi pv-blobfuse-flexvol.yaml
kubectl create -f pv-blobfuse-flexvol.yaml- create a blobfuse flexvolume persistent volume claim(PVC)
kubectl create -f https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/blobfuse/pvc-blobfuse-flexvol.yaml- check status of PV & PVC until its Status changed from
PendingtoBound
kubectl get pv
kubectl get pvc- create a pod with blobfuse flexvolume PVC
kubectl create -f https://raw.githubusercontent.com/Azure/kubernetes-volume-drivers/master/flexvolume/blobfuse/nginx-flex-blobfuse-pvc.yaml- watch the status of pod until its Status changed from
PendingtoRunning
watch kubectl describe po nginx-flex-blobfuse- enter the pod container
kubectl exec -it nginx-flex-blobfuse -- bash
root@nginx-flex-blobfuse:/# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 30G 5.5G 24G 19% /
tmpfs 3.4G 0 3.4G 0% /dev
tmpfs 3.4G 0 3.4G 0% /sys/fs/cgroup
blobfuse 30G 5.5G 24G 19% /data
...In the above example, there is a /data directory mounted as blobfuse filesystem.
Since flexvolume does not support dynamic provisioning, storageClass should be set as empty in Helm chart, take wordpress as an example:
- Set up a blobfuse flexvolume PV and also
blobfusecredsfirst
kubectl create secret generic blobfusecreds --from-literal accountname=ACCOUNT-NAME --from-literal accountkey="ACCOUNT-KEY" --type="azure/blobfuse"
kubectl create -f pv-blobfuse-flexvol.yaml- Specify
persistence.accessMode=ReadWriteMany,persistence.storageClass="-"in wordpress chart
helm install --set persistence.accessMode=ReadWriteMany,persistence.storageClass="-" stable/wordpress- Check blobfuse flexvolume installation result on the node
sudo cat /var/log/blobfuse-flexvol-installer.log- Get blobfuse driver version
kubectl get po -n kube-system | grep blobfuse
kubectl describe po blobfuse-flexvol-installer-xxxxx -n kube-system | grep blobfuse-flexvolume- If there is pod mounting error like following
MountVolume.SetUp failed for volume "test" : invalid character 'C' looking for beginning of value
Please attach log file /var/log/blobfuse-driver.log and file an issue
-
Get
/var/log/sysloglog -
Get blobfuse mount on the agent node
mount | grep blobfuse | uniq- In most failure cases, the failure is due to incorrect storage account name, key or container, follow below guide to check on agent node:
mkdir test
export AZURE_STORAGE_ACCOUNT=
export AZURE_STORAGE_ACCESS_KEY=
# only for sovereign cloud
# export AZURE_STORAGE_BLOB_ENDPOINT=<youraccountname>.blob.core.chinacloudapi.cn
blobfuse test --container-name=CONTAINER-NAME --tmp-path=/tmp/blobfuse -o allow_other --file-cache-timeout-in-seconds=120