title | description | ms.topic | ms.date | author | ms.author | ms.subservice |
---|---|---|---|---|---|---|
Container Storage Interface (CSI) drivers on Azure Kubernetes Service (AKS) |
Learn about and deploy the Container Storage Interface (CSI) drivers for Azure Disks and Azure Files in an Azure Kubernetes Service (AKS) cluster |
concept-article |
03/14/2024 |
schaffererin |
schaffererin |
aks-storage |
The Container Storage Interface (CSI) is a standard for exposing arbitrary block and file storage systems to containerized workloads on Kubernetes. By adopting and using CSI, Azure Kubernetes Service (AKS) can write, deploy, and iterate plug-ins to expose new or improve existing storage systems in Kubernetes without having to touch the core Kubernetes code and wait for its release cycles.
The CSI storage driver support on AKS allows you to natively use:
- Azure Disks can be used to create a Kubernetes DataDisk resource. Disks can use Azure Premium Storage, backed by high-performance SSDs, or Azure Standard Storage, backed by regular HDDs or Standard SSDs. For most production and development workloads, use Premium Storage. Azure Disks are mounted as ReadWriteOnce and are only available to one node in AKS. For storage volumes that can be accessed by multiple nodes simultaneously, use Azure Files.
- Azure Files can be used to mount an SMB 3.0/3.1 share backed by an Azure storage account to pods. With Azure Files, you can share data across multiple nodes and pods. Azure Files can use Azure Standard storage backed by regular HDDs or Azure Premium storage backed by high-performance SSDs.
- Azure Blob storage can be used to mount Blob storage (or object storage) as a file system into a container or pod. Using Blob storage enables your cluster to support applications that work with large unstructured datasets like log file data, images or documents, HPC, and others. Additionally, if you ingest data into Azure Data Lake storage, you can directly mount and use it in AKS without configuring another interim filesystem.
Tip
If you want a fully managed solution for block-level access to data, consider using Azure Container Storage instead of CSI drivers. Azure Container Storage integrates with Kubernetes, allowing dynamic and automatic provisioning of persistent volumes. Azure Container Storage supports Azure Disks, Ephemeral Disks, and Azure Elastic SAN (preview) as backing storage, offering flexibility and scalability for stateful applications running on Kubernetes clusters.
- You need the Azure CLI version 2.42 or later installed and configured. Run
az --version
to find the version. If you need to install or upgrade, see Install Azure CLI. - If the open-source CSI storage driver is installed on your cluster, uninstall it before enabling the Azure storage CSI driver.
- To enforce the Azure Policy for AKS policy definition Kubernetes clusters should use Container Storage Interface(CSI) driver StorageClass, the Azure Policy add-on needs to be enabled on new and existing clusters. For an existing cluster, review the Learn Azure Policy for Kubernetes to enable it.
CSI storage drivers support the following scenarios:
- Encrypted managed disks with customer-managed keys using Azure Key Vaults stored in a different Microsoft Entra tenant.
- Encrypt your Azure Storage disks hosting AKS OS and application data with customer-managed keys.
To enable CSI storage drivers on a new cluster, include one of the following parameters depending on the storage system:
--enable-disk-driver
allows you to enable the Azure Disks CSI driver.--enable-file-driver
allows you to enable the Azure Files CSI driver.--enable-blob-driver
allows you to enable the Azure Blob storage CSI driver.--enable-snapshot-controller
allows you to enable the snapshot controller.
az aks update --name myAKSCluster --resource-group myResourceGroup --enable-disk-driver --enable-file-driver --enable-blob-driver --enable-snapshot-controller
It might take several minutes to complete this action. Once it's complete, you should see in the output the status of enabling the driver on your cluster. The following example resembles the section indicating the results when enabling the Blob storage CSI driver:
"storageProfile": {
"blobCsiDriver": {
"enabled": true
},
To disable CSI storage drivers on a new cluster, include one of the following parameters depending on the storage system:
--disable-disk-driver
allows you to disable the Azure Disks CSI driver.--disable-file-driver
allows you to disable the Azure Files CSI driver.--disable-blob-driver
allows you to disable the Azure Blob storage CSI driver.--disable-snapshot-controller
allows you to disable the snapshot controller.
az aks create \
--name myAKSCluster \
--resource-group myResourceGroup \
--disable-disk-driver \
--disable-file-driver \
--disable-blob-driver \
--disable-snapshot-controller \
--generate-ssh-keys
To disable CSI storage drivers on an existing cluster, use one of the parameters listed earlier depending on the storage system:
az aks update \
--name myAKSCluster \
--resource-group myResourceGroup \
--disable-disk-driver \
--disable-file-driver \
--disable-blob-driver \
--disable-snapshot-controller
Note
We recommend deleting the corresponding PersistentVolumeClaim object instead of the PersistentVolume object when deleting a CSI volume. The external provisioner in the CSI driver will react to the deletion of the PersistentVolumeClaim and based on its reclamation policy, it issues the DeleteVolume call against the CSI volume driver commands to delete the volume. The PersistentVolume object is then deleted.
Starting with Kubernetes version 1.26, in-tree persistent volume types kubernetes.io/azure-disk and kubernetes.io/azure-file are deprecated and will no longer be supported. In-tree drivers refers to the storage drivers that are part of the core Kubernetes code opposed to the CSI drivers, which are plug-ins.
Removing these drivers following their deprecation isn't planned, however you should migrate to the corresponding CSI drivers disk.csi.azure.com and file.csi.azure.com. To review the migration options for your storage classes and upgrade your cluster to use Azure Disks and Azure Files CSI drivers, see Migrate from in-tree to CSI drivers.
If you've created in-tree driver storage classes, those storage classes continue to work since CSI migration is turned on after upgrading your cluster to 1.21.x. If you want to use CSI features you'll need to perform the migration.
- To use the CSI driver for Azure Disks, see Use Azure Disks with CSI drivers.
- To use the CSI driver for Azure Files, see Use Azure Files with CSI drivers.
- To use the CSI driver for Azure Blob storage, see Use Azure Blob storage with CSI drivers
- For more about storage best practices, see Best practices for storage and backups in Azure Kubernetes Service.
- For more information on CSI migration, see Kubernetes in-tree to CSI Volume Migration.