From 4a5b804696bac83504192b5d50ccf7e8aafb9d63 Mon Sep 17 00:00:00 2001
From: Olly P <oppomeroy@gmail.com>
Date: Thu, 16 May 2019 19:47:41 +0100
Subject: [PATCH] Added Azure Disk and Azure File Storage for UCP Workloads
 (#8774)

* Added Azure Disk and Azure File

I have added Azure Disk and Azure file documentation for use with UCP
3.0 or newer.

* Added the Azure Disk Content
* Added the Azure File Content
* Updated the Toc to include Azure Disk and Azure File

Signed-off-by: Olly Pomeroy <olly@docker.com>

* Responding to feedback, inc changing Azure File to Azure Files

Following on from Steven and Deeps feedback this commit addresses those
nits. Including changing `Operators` to `Platform Operators`, switching
`Azure File` to `Azure Files` and many small formating changes.

Signed-off-by: Olly Pomeroy <olly@docker.com>

* Minor style updates

* Minor style updates

* Final edits
---
 _data/toc.yaml                               |   6 +-
 ee/ucp/kubernetes/storage/use-azure-disk.md  | 239 ++++++++++++++++++
 ee/ucp/kubernetes/storage/use-azure-files.md | 246 +++++++++++++++++++
 3 files changed, 490 insertions(+), 1 deletion(-)
 create mode 100644 ee/ucp/kubernetes/storage/use-azure-disk.md
 create mode 100644 ee/ucp/kubernetes/storage/use-azure-files.md

diff --git a/_data/toc.yaml b/_data/toc.yaml
index e9cef0d3f1..8c7efc3bd4 100644
--- a/_data/toc.yaml
+++ b/_data/toc.yaml
@@ -1377,8 +1377,12 @@ manuals:
         path: /ee/ucp/kubernetes/kubernetes-network-encryption/
       - sectiontitle: Persistent Storage
         section:
-        - title: Use NFS storage
+        - title: Use NFS Storage
           path: /ee/ucp/kubernetes/storage/use-nfs-volumes/
+        - title: Use Azure Disk Storage
+          path: /ee/ucp/kubernetes/storage/use-azure-disk/
+        - title: Use Azure Files Storage
+          path: /ee/ucp/kubernetes/storage/use-azure-files/
         - title: Use AWS EBS Storage
           path: /ee/ucp/kubernetes/storage/configure-aws-storage/  
     - title: API reference
diff --git a/ee/ucp/kubernetes/storage/use-azure-disk.md b/ee/ucp/kubernetes/storage/use-azure-disk.md
new file mode 100644
index 0000000000..a2471925a9
--- /dev/null
+++ b/ee/ucp/kubernetes/storage/use-azure-disk.md
@@ -0,0 +1,239 @@
+---
+title: Configuring Azure Disk Storage for Kubernetes
+description: Learn how to add persistent storage to your Docker Enterprise clusters running on Azure with Azure Disk. 
+keywords: Universal Control Plane, UCP, Docker EE, Kubernetes, storage, volume
+redirect_from:
+---
+
+Platform operators can provide persistent storage for workloads running on
+Docker Enterprise and Microsoft Azure by using Azure Disk. Platform
+operators can either pre-provision Azure Disks to be consumed by Kubernetes
+Pods, or can use the Azure Kubernetes integration to dynamically provision Azure
+Disks on demand.
+
+
+## Prerequisites
+
+This guide assumes you have already provisioned a UCP environment on 
+Microsoft Azure. The Cluster must be provisioned after meeting all of the
+prerequisites listed in [Install UCP on
+Azure](/ee/ucp/admin/install/install-on-azure.md).
+
+Additionally, this guide uses the Kubernetes Command Line tool `$
+kubectl` to provision Kubernetes objects within a UCP cluster. Therefore, this
+tool must be downloaded, along with a UCP client bundle. For more
+information on configuring CLI access for UCP, see [CLI Based
+Access](/ee/ucp/user-access/cli/).
+
+## Manually provision Azure Disks
+
+An operator can use existing Azure Disks or manually provision new ones to
+provide persistent storage for Kubernetes Pods. Azure Disks can be manually
+provisioned in the Azure Portal, using ARM Templates or the Azure CLI. The 
+following example uses the Azure CLI to manually provision an Azure
+Disk. 
+
+```bash
+$ RG=myresourcegroup
+
+$ az disk create \
+  --resource-group $RG \
+  --name k8s_volume_1  \
+  --size-gb 20 \
+  --query id \
+  --output tsv
+```
+
+Using the Azure CLI command in the previous example should return the Azure ID of the Azure Disk
+Object. If you are provisioning Azure resources using an alternative method,
+make sure you retrieve the Azure ID of the Azure Disk, because it is needed for another step. 
+
+```
+/subscriptions/<subscriptionID>/resourceGroups/<resourcegroup>/providers/Microsoft.Compute/disks/<diskname>
+```
+
+You can now create Kubernetes Objects that refer to this Azure Disk. The following
+example uses a Kubernetes Pod. However, the same Azure Disk syntax can be
+used for DaemonSets, Deployments, and StatefulSets. In the following example, the
+Azure Disk Name and ID reflect the manually created Azure Disk. 
+
+```bash
+$ cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mypod-azuredisk
+spec:
+  containers:
+  - image: nginx
+    name: mypod
+    volumeMounts:
+      - name: mystorage
+        mountPath: /data
+  volumes:
+      - name: mystorage
+        azureDisk:
+          kind: Managed
+          diskName: k8s_volume_1
+          diskURI: /subscriptions/<subscriptionID>/resourceGroups/<resourcegroup>/providers/Microsoft.Compute/disks/<diskname>
+EOF
+```
+
+## Dynamically provision Azure Disks
+
+### Define the Azure Disk Storage Class
+
+Kubernetes can dynamically provision Azure Disks using the Azure Kubernetes
+integration, which was configured when UCP was installed. For Kubernetes
+to determine which APIs to use when provisioning storage, you must 
+create Kubernetes Storage Classes specific to each storage backend. For more
+information on Kubernetes Storage Classes, see [Storage
+Classes](https://kubernetes.io/docs/concepts/storage/storage-classes/).
+
+In Azure there are 2 different Azure Disk types that can be consumed by
+Kubernetes: Azure Disk Standard Volumes and Azure Disk Premium Volumes. For more
+information on their differences, see [Azure
+Disks](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disks-types).
+
+Depending on your use case, you can deploy one or both of the Azure Disk storage Classes (Standard and Advanced).
+
+To create a Standard Storage Class:
+
+```bash
+$ cat <<EOF | kubectl create -f -
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: standard
+provisioner: kubernetes.io/azure-disk
+parameters:
+  storageaccounttype: Standard_LRS
+  kind: Managed
+EOF
+```
+
+To Create a Premium Storage Class:
+
+```bash
+$ cat <<EOF | kubectl create -f -
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: premium
+provisioner: kubernetes.io/azure-disk
+parameters:
+  storageaccounttype: Premium_LRS
+  kind: Managed
+EOF
+```
+
+To determine which Storage Classes have been provisioned:
+
+```bash
+$ kubectl get storageclasses
+NAME       PROVISIONER                AGE
+premium    kubernetes.io/azure-disk   1m
+standard   kubernetes.io/azure-disk   1m
+```
+
+### Create an Azure Disk with a Persistent Volume Claim
+
+After you create a Storage Class, you can use Kubernetes
+Objects to dynamically provision Azure Disks. This is done using Kubernetes
+Persistent Volumes Claims. For more information on Kubernetes Persistent Volume
+Claims, see
+[PVCs](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#introduction).
+
+The following example uses the standard storage class and creates a 5 GiB Azure Disk. Alter these values to fit your use case. 
+
+```bash
+$ cat <<EOF | kubectl create -f -
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: azure-disk-pvc
+spec:
+  storageClassName: standard
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+EOF
+```
+
+At this point, you should see a new Persistent Volume Claim and Persistent Volume
+inside of Kubernetes. You should also see a new Azure Disk created in the Azure
+Portal.
+
+```bash
+$ kubectl get persistentvolumeclaim
+NAME              STATUS    VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+azure-disk-pvc    Bound     pvc-587deeb6-6ad6-11e9-9509-0242ac11000b   5Gi        RWO            standard       1m
+
+$ kubectl get persistentvolume
+NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS    CLAIM                     STORAGECLASS   REASON    AGE
+pvc-587deeb6-6ad6-11e9-9509-0242ac11000b   5Gi        RWO            Delete           Bound     default/azure-disk-pvc    standard                 3m
+```
+
+### Attach the new Azure Disk to a Kubernetes pod
+
+Now that a Kubernetes Persistent Volume has been created, you can mount this into
+a Kubernetes Pod. The disk can be consumed by any Kubernetes object type, including
+a Deployment, DaemonSet, or StatefulSet. However, the following example just mounts
+the persistent volume into a standalone pod.
+
+```bash
+$ cat <<EOF | kubectl create -f -
+kind: Pod
+apiVersion: v1
+metadata:
+  name: mypod-dynamic-azuredisk
+spec:
+  containers:
+    - name: mypod
+      image: nginx
+      ports:
+        - containerPort: 80
+          name: "http-server"
+      volumeMounts:
+        - mountPath: "/usr/share/nginx/html"
+          name: storage
+  volumes:
+    - name: storage 
+      persistentVolumeClaim:
+        claimName: azure-disk-pvc
+EOF
+```
+
+### Azure Virtual Machine data disk capacity
+
+In Azure, there are limits to the number of data disks that can be attached to
+each Virtual Machine. This data is shown in  [Azure Virtual Machine
+Sizes](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general). 
+Kubernetes is aware of these restrictions, and prevents pods from
+deploying on Nodes that have reached their maximum Azure Disk Capacity. 
+
+This can be seen if a pod is stuck in the `ContainerCreating` stage:
+
+```bash
+$ kubectl get pods
+NAME                  READY     STATUS              RESTARTS   AGE
+mypod-azure-disk      0/1       ContainerCreating   0          4m
+```
+
+Describing the pod displays troubleshooting logs, showing the node has
+reached its capacity:
+
+```bash
+$ kubectl describe pods mypod-azure-disk
+<...>
+  Warning  FailedAttachVolume  7s (x11 over 6m)  attachdetach-controller  AttachVolume.Attach failed for volume "pvc-6b09dae3-6ad6-11e9-9509-0242ac11000b" : Attach volume "kubernetes-dynamic-pvc-6b09dae3-6ad6-11e9-9509-0242ac11000b" to instance "/subscriptions/<sub-id>/resourceGroups/<rg>/providers/Microsoft.Compute/virtualMachines/worker-03" failed with compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=409 -- Original Error: failed request: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="The maximum number of data disks allowed to be attached to a VM of this size is 4." Target="dataDisks"
+```
+
+## Where to go next
+
+- [Deploy an Ingress Controller on
+  Kubernetes](/ee/ucp/kubernetes/layer-7-routing/)
+- [Discover Network Encryption on
+  Kubernetes](/ee/ucp/kubernetes/kubernetes-network-encryption/)
diff --git a/ee/ucp/kubernetes/storage/use-azure-files.md b/ee/ucp/kubernetes/storage/use-azure-files.md
new file mode 100644
index 0000000000..6ba7ead84d
--- /dev/null
+++ b/ee/ucp/kubernetes/storage/use-azure-files.md
@@ -0,0 +1,246 @@
+---
+title: Configuring Azure Files Storage for Kubernetes
+description: Learn how to add persistent storage to your Docker Enterprise clusters running on Azure with Azure Files.
+keywords: Universal Control Plane, UCP, Docker EE, Kubernetes, storage, volume
+redirect_from:
+---
+
+Platform operators can provide persistent storage for workloads running on
+Docker Enterprise and Microsoft Azure by using Azure Files. You can either 
+pre-provision Azure Files Shares to be consumed by
+Kubernetes Pods or can you use the Azure Kubernetes integration to dynamically
+provision Azure Files Shares on demand.
+
+## Prerequisites
+
+This guide assumes you have already provisioned a UCP environment on 
+Microsoft Azure. The cluster must be provisioned after meeting all 
+prerequisites listed in [Install UCP on
+Azure](/ee/ucp/admin/install/install-on-azure.md).
+
+Additionally, this guide uses the Kubernetes Command Line tool `$
+kubectl` to provision Kubernetes objects within a UCP cluster. Therefore, you must download
+this tool along with a UCP client bundle. For more
+information on configuring CLI access to UCP, see [CLI Based
+Access](/ee/ucp/user-access/cli/).
+
+## Manually Provisioning Azure Files
+
+You can use existing Azure Files Shares or manually provision new ones to
+provide persistent storage for Kubernetes Pods. Azure Files Shares can be
+manually provisioned in the Azure Portal using ARM Templates or using the Azure
+CLI. The following example uses the Azure CLI to manually provision 
+Azure Files Shares. 
+
+### Creating an Azure Storage Account
+
+When manually creating an Azure Files Share, first create an Azure
+Storage Account for the file shares. If you have already provisioned
+a Storage Account, you can skip to [Creating an Azure Files
+Share](#creating-an-azure-file-share).
+
+> **Note**: the Azure Kubernetes Driver does not support Azure Storage Accounts
+> created using Azure Premium Storage. 
+
+```bash
+$ REGION=ukwest
+$ SA=mystorageaccount
+$ RG=myresourcegroup
+
+$ az storage account create \
+ --name $SA \
+ --resource-group $RG \
+ --location $REGION \
+ --sku Standard_LRS
+```
+
+### Creating an Azure Files Share
+
+Next, provision an Azure Files Share. The size of this share can be
+adjusted to fit the end user's requirements. If you have already created an
+Azure Files Share, you can skip to [Configuring a Kubernetes
+Secret](#configuring-a-kubernetes-secret).
+
+```bash
+$ SA=mystorageaccount
+$ RG=myresourcegroup
+$ FS=myfileshare
+$ SIZE=5
+
+# This Azure Collection String can also be found in the Azure Portal
+$ export AZURE_STORAGE_CONNECTION_STRING=`az storage account show-connection-string --name $SA --resource-group $RG -o tsv`
+
+$ az storage share create \
+  --name $FS \
+  --quota $SIZE \
+  --connection-string $AZURE_STORAGE_CONNECTION_STRING
+```
+
+### Configuring a Kubernetes Secret
+
+After a File Share has been created, you must load the Azure Storage
+Account Access key as a Kubernetes Secret into UCP. This provides access to
+the file share when Kubernetes attempts to mount the share into a pod. This key
+can be found in the Azure Portal or retrieved as shown in the following example by the Azure CLI: 
+
+```bash
+$ SA=mystorageaccount
+$ RG=myresourcegroup
+$ FS=myfileshare
+
+# The Azure Storage Account Access Key can also be found in the Azure Portal
+$ STORAGE_KEY=$(az storage account keys list --resource-group $RG --account-name $SA --query "[0].value" -o tsv)
+
+$ kubectl create secret generic azure-secret \
+  --from-literal=azurestorageaccountname=$SA \
+  --from-literal=azurestorageaccountkey=$STORAGE_KEY
+```
+
+### Mount the Azure Files Share into a Kubernetes Pod
+
+The final step is to mount the Azure Files Share, using the Kubernetes Secret, into
+a Kubernetes Pod. The following code creates a standalone Kubernetes pod, but you
+can also use alternative Kubernetes Objects such as Deployments, DaemonSets, or
+StatefulSets, with the existing Azure Files Share.
+
+```bash
+$ FS=myfileshare
+
+$ cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mypod-azurefile
+spec:
+  containers:
+  - image: nginx
+    name: mypod
+    volumeMounts:
+      - name: mystorage
+        mountPath: /data
+  volumes:
+  - name: mystorage
+    azureFile:
+      secretName: azure-secret
+      shareName: $FS
+      readOnly: false
+EOF
+```
+
+## Dynamically Provisioning Azure Files Shares
+
+### Defining the Azure Disk Storage Class
+
+Kubernetes can dynamically provision Azure Files Shares using the Azure
+Kubernetes integration, which was configured when UCP was installed. For
+Kubernetes to know which APIs to use when provisioning storage, you must
+create Kubernetes Storage Classes specific to each storage
+backend. For more information on Kubernetes Storage Classes, see [Storage
+Classes](https://kubernetes.io/docs/concepts/storage/storage-classes/).
+
+> Today, only the Standard Storage Class is supported when using the Azure
+> Kubernetes Plugin. File shares using the Premium Storage Class will fail to
+> mount. 
+
+```bash
+$ cat <<EOF | kubectl create -f -
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: standard
+provisioner: kubernetes.io/azure-file
+mountOptions:
+  - dir_mode=0777
+  - file_mode=0777
+  - uid=1000
+  - gid=1000
+parameters:
+  skuName: Standard_LRS
+EOF
+```
+
+To see which Storage Classes have been provisioned:
+
+```bash
+$ kubectl get storageclasses
+NAME       PROVISIONER                AGE
+azurefile  kubernetes.io/azure-file   1m
+```
+
+### Creating an Azure Files Share using a Persistent Volume Claim
+
+After you create a Storage Class, you can use Kubernetes
+Objects to dynamically provision Azure Files Shares. This is done using
+Kubernetes Persistent Volumes Claims
+[PVCs](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#introduction).
+Kubernetes uses an existing Azure Storage Account if one exists inside of the 
+Azure Resource Group. If an Azure Storage Account does not exist,
+Kubernetes creates one. 
+
+The following example uses the standard storage class and creates a 5 GB Azure
+File Share. Alter these values to fit your use case. 
+
+```bash
+$ cat <<EOF | kubectl create -f -
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: azure-file-pvc
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: standard
+  resources:
+    requests:
+      storage: 5Gi
+EOF
+```
+
+At this point, you should see a newly created Persistent Volume Claim and Persistent Volume: 
+
+```bash
+$ kubectl get pvc
+NAME             STATUS    VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
+azure-file-pvc   Bound     pvc-f7ccebf0-70e0-11e9-8d0a-0242ac110007   5Gi        RWX            standard       22s
+
+$ kubectl get pv
+NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS    CLAIM                    STORAGECLASS   REASON    AGE
+pvc-f7ccebf0-70e0-11e9-8d0a-0242ac110007   5Gi        RWX            Delete           Bound     default/azure-file-pvc   standard                 2m
+```
+
+### Attach the new Azure Files Share to a Kubernetes Pod
+
+Now that a Kubernetes Persistent Volume has been created, mount this into
+a Kubernetes Pod. The file share can be consumed by any Kubernetes object type
+such as a Deployment, DaemonSet, or StatefulSet. However, the following
+example just mounts the persistent volume into a standalone pod.
+
+```bash
+$ cat <<EOF | kubectl create -f -
+kind: Pod
+apiVersion: v1
+metadata:
+  name: mypod
+spec:
+  containers:
+    - name: task-pv-container
+      image: nginx
+      ports:
+        - containerPort: 80
+          name: "http-server"
+      volumeMounts:
+        - mountPath: "/usr/share/nginx/html"
+          name: storage
+  volumes:
+    - name: storage
+      persistentVolumeClaim:
+       claimName: azure-file-pvc
+EOF
+```
+
+## Where to go next
+
+- [Deploy an Ingress Controller on
+  Kubernetes](/ee/ucp/kubernetes/layer-7-routing/)
+- [Discover Network Encryption on
+  Kubernetes](/ee/ucp/kubernetes/kubernetes-network-encryption/)