docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Azure Disk and Azure File Storage for UCP Workloads (#8774) 

* Added Azure Disk and Azure File

I have added Azure Disk and Azure file documentation for use with UCP
3.0 or newer.

* Added the Azure Disk Content
* Added the Azure File Content
* Updated the Toc to include Azure Disk and Azure File

Signed-off-by: Olly Pomeroy <olly@docker.com>

* Responding to feedback, inc changing Azure File to Azure Files

Following on from Steven and Deeps feedback this commit addresses those
nits. Including changing `Operators` to `Platform Operators`, switching
`Azure File` to `Azure Files` and many small formating changes.

Signed-off-by: Olly Pomeroy <olly@docker.com>

* Minor style updates

* Minor style updates

* Final edits
This commit is contained in:
Olly P 2019-05-16 19:47:41 +01:00 committed by Maria Bermudez
parent 3a7e7673dd
commit 4a5b804696
3 changed files with 490 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_data/toc.yaml
View File

@ -1377,8 +1377,12 @@ manuals:
path: /ee/ucp/kubernetes/kubernetes-network-encryption/
- sectiontitle: Persistent Storage
section:
- title: Use NFS storage
- title: Use NFS Storage
path: /ee/ucp/kubernetes/storage/use-nfs-volumes/
- title: Use Azure Disk Storage
path: /ee/ucp/kubernetes/storage/use-azure-disk/
- title: Use Azure Files Storage
path: /ee/ucp/kubernetes/storage/use-azure-files/
- title: Use AWS EBS Storage
path: /ee/ucp/kubernetes/storage/configure-aws-storage/
- title: API reference

239
ee/ucp/kubernetes/storage/use-azure-disk.md Normal file
View File

@ -0,0 +1,239 @@
---
title: Configuring Azure Disk Storage for Kubernetes
description: Learn how to add persistent storage to your Docker Enterprise clusters running on Azure with Azure Disk.
keywords: Universal Control Plane, UCP, Docker EE, Kubernetes, storage, volume
redirect_from:
---
Platform operators can provide persistent storage for workloads running on
Docker Enterprise and Microsoft Azure by using Azure Disk. Platform
operators can either pre-provision Azure Disks to be consumed by Kubernetes
Pods, or can use the Azure Kubernetes integration to dynamically provision Azure
Disks on demand.
## Prerequisites
This guide assumes you have already provisioned a UCP environment on
Microsoft Azure. The Cluster must be provisioned after meeting all of the
prerequisites listed in [Install UCP on
Azure](/ee/ucp/admin/install/install-on-azure.md).
Additionally, this guide uses the Kubernetes Command Line tool `$
kubectl` to provision Kubernetes objects within a UCP cluster. Therefore, this
tool must be downloaded, along with a UCP client bundle. For more
information on configuring CLI access for UCP, see [CLI Based
Access](/ee/ucp/user-access/cli/).
## Manually provision Azure Disks
An operator can use existing Azure Disks or manually provision new ones to
provide persistent storage for Kubernetes Pods. Azure Disks can be manually
provisioned in the Azure Portal, using ARM Templates or the Azure CLI. The
following example uses the Azure CLI to manually provision an Azure
Disk.
```bash
$ RG=myresourcegroup
$ az disk create \
--resource-group $RG \
--name k8s_volume_1 \
--size-gb 20 \
--query id \
--output tsv
```
Using the Azure CLI command in the previous example should return the Azure ID of the Azure Disk
Object. If you are provisioning Azure resources using an alternative method,
make sure you retrieve the Azure ID of the Azure Disk, because it is needed for another step.
```
/subscriptions/<subscriptionID>/resourceGroups/<resourcegroup>/providers/Microsoft.Compute/disks/<diskname>
```
You can now create Kubernetes Objects that refer to this Azure Disk. The following
example uses a Kubernetes Pod. However, the same Azure Disk syntax can be
used for DaemonSets, Deployments, and StatefulSets. In the following example, the
Azure Disk Name and ID reflect the manually created Azure Disk.
```bash
$ cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
name: mypod-azuredisk
spec:
containers:
- image: nginx
name: mypod
volumeMounts:
- name: mystorage
mountPath: /data
volumes:
- name: mystorage
azureDisk:
kind: Managed
diskName: k8s_volume_1
diskURI: /subscriptions/<subscriptionID>/resourceGroups/<resourcegroup>/providers/Microsoft.Compute/disks/<diskname>
EOF
```
## Dynamically provision Azure Disks
### Define the Azure Disk Storage Class
Kubernetes can dynamically provision Azure Disks using the Azure Kubernetes
integration, which was configured when UCP was installed. For Kubernetes
to determine which APIs to use when provisioning storage, you must
create Kubernetes Storage Classes specific to each storage backend. For more
information on Kubernetes Storage Classes, see [Storage
Classes](https://kubernetes.io/docs/concepts/storage/storage-classes/).
In Azure there are 2 different Azure Disk types that can be consumed by
Kubernetes: Azure Disk Standard Volumes and Azure Disk Premium Volumes. For more
information on their differences, see [Azure
Disks](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disks-types).
Depending on your use case, you can deploy one or both of the Azure Disk storage Classes (Standard and Advanced).
To create a Standard Storage Class:
```bash
$ cat <<EOF | kubectl create -f -
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: standard
provisioner: kubernetes.io/azure-disk
parameters:
storageaccounttype: Standard_LRS
kind: Managed
EOF
```
To Create a Premium Storage Class:
```bash
$ cat <<EOF | kubectl create -f -
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: premium
provisioner: kubernetes.io/azure-disk
parameters:
storageaccounttype: Premium_LRS
kind: Managed
EOF
```
To determine which Storage Classes have been provisioned:
```bash
$ kubectl get storageclasses
NAME PROVISIONER AGE
premium kubernetes.io/azure-disk 1m
standard kubernetes.io/azure-disk 1m
```
### Create an Azure Disk with a Persistent Volume Claim
After you create a Storage Class, you can use Kubernetes
Objects to dynamically provision Azure Disks. This is done using Kubernetes
Persistent Volumes Claims. For more information on Kubernetes Persistent Volume
Claims, see
[PVCs](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#introduction).
The following example uses the standard storage class and creates a 5 GiB Azure Disk. Alter these values to fit your use case.
```bash
$ cat <<EOF | kubectl create -f -
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: azure-disk-pvc
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
EOF
```
At this point, you should see a new Persistent Volume Claim and Persistent Volume
inside of Kubernetes. You should also see a new Azure Disk created in the Azure
Portal.
```bash
$ kubectl get persistentvolumeclaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
azure-disk-pvc Bound pvc-587deeb6-6ad6-11e9-9509-0242ac11000b 5Gi RWO standard 1m
$ kubectl get persistentvolume
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-587deeb6-6ad6-11e9-9509-0242ac11000b 5Gi RWO Delete Bound default/azure-disk-pvc standard 3m
```
### Attach the new Azure Disk to a Kubernetes pod
Now that a Kubernetes Persistent Volume has been created, you can mount this into
a Kubernetes Pod. The disk can be consumed by any Kubernetes object type, including
a Deployment, DaemonSet, or StatefulSet. However, the following example just mounts
the persistent volume into a standalone pod.
```bash
$ cat <<EOF | kubectl create -f -
kind: Pod
apiVersion: v1
metadata:
name: mypod-dynamic-azuredisk
spec:
containers:
- name: mypod
image: nginx
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: storage
volumes:
- name: storage
persistentVolumeClaim:
claimName: azure-disk-pvc
EOF
```
### Azure Virtual Machine data disk capacity
In Azure, there are limits to the number of data disks that can be attached to
each Virtual Machine. This data is shown in [Azure Virtual Machine
Sizes](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes-general).
Kubernetes is aware of these restrictions, and prevents pods from
deploying on Nodes that have reached their maximum Azure Disk Capacity.
This can be seen if a pod is stuck in the `ContainerCreating` stage:
```bash
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
mypod-azure-disk 0/1 ContainerCreating 0 4m
```
Describing the pod displays troubleshooting logs, showing the node has
reached its capacity:
```bash
$ kubectl describe pods mypod-azure-disk
<...>
Warning FailedAttachVolume 7s (x11 over 6m) attachdetach-controller AttachVolume.Attach failed for volume "pvc-6b09dae3-6ad6-11e9-9509-0242ac11000b" : Attach volume "kubernetes-dynamic-pvc-6b09dae3-6ad6-11e9-9509-0242ac11000b" to instance "/subscriptions/<sub-id>/resourceGroups/<rg>/providers/Microsoft.Compute/virtualMachines/worker-03" failed with compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=409 -- Original Error: failed request: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="The maximum number of data disks allowed to be attached to a VM of this size is 4." Target="dataDisks"
```
## Where to go next
- [Deploy an Ingress Controller on
Kubernetes](/ee/ucp/kubernetes/layer-7-routing/)
- [Discover Network Encryption on
Kubernetes](/ee/ucp/kubernetes/kubernetes-network-encryption/)

246
ee/ucp/kubernetes/storage/use-azure-files.md Normal file
View File

@ -0,0 +1,246 @@
---
title: Configuring Azure Files Storage for Kubernetes
description: Learn how to add persistent storage to your Docker Enterprise clusters running on Azure with Azure Files.
keywords: Universal Control Plane, UCP, Docker EE, Kubernetes, storage, volume
redirect_from:
---
Platform operators can provide persistent storage for workloads running on
Docker Enterprise and Microsoft Azure by using Azure Files. You can either
pre-provision Azure Files Shares to be consumed by
Kubernetes Pods or can you use the Azure Kubernetes integration to dynamically
provision Azure Files Shares on demand.
## Prerequisites
This guide assumes you have already provisioned a UCP environment on
Microsoft Azure. The cluster must be provisioned after meeting all
prerequisites listed in [Install UCP on
Azure](/ee/ucp/admin/install/install-on-azure.md).
Additionally, this guide uses the Kubernetes Command Line tool `$
kubectl` to provision Kubernetes objects within a UCP cluster. Therefore, you must download
this tool along with a UCP client bundle. For more
information on configuring CLI access to UCP, see [CLI Based
Access](/ee/ucp/user-access/cli/).
## Manually Provisioning Azure Files
You can use existing Azure Files Shares or manually provision new ones to
provide persistent storage for Kubernetes Pods. Azure Files Shares can be
manually provisioned in the Azure Portal using ARM Templates or using the Azure
CLI. The following example uses the Azure CLI to manually provision
Azure Files Shares.
### Creating an Azure Storage Account
When manually creating an Azure Files Share, first create an Azure
Storage Account for the file shares. If you have already provisioned
a Storage Account, you can skip to [Creating an Azure Files
Share](#creating-an-azure-file-share).
> **Note**: the Azure Kubernetes Driver does not support Azure Storage Accounts
> created using Azure Premium Storage.
```bash
$ REGION=ukwest
$ SA=mystorageaccount
$ RG=myresourcegroup
$ az storage account create \
--name $SA \
--resource-group $RG \
--location $REGION \
--sku Standard_LRS
```
### Creating an Azure Files Share
Next, provision an Azure Files Share. The size of this share can be
adjusted to fit the end user's requirements. If you have already created an
Azure Files Share, you can skip to [Configuring a Kubernetes
Secret](#configuring-a-kubernetes-secret).
```bash
$ SA=mystorageaccount
$ RG=myresourcegroup
$ FS=myfileshare
$ SIZE=5
# This Azure Collection String can also be found in the Azure Portal
$ export AZURE_STORAGE_CONNECTION_STRING=`az storage account show-connection-string --name $SA --resource-group $RG -o tsv`
$ az storage share create \
--name $FS \
--quota $SIZE \
--connection-string $AZURE_STORAGE_CONNECTION_STRING
```
### Configuring a Kubernetes Secret
After a File Share has been created, you must load the Azure Storage
Account Access key as a Kubernetes Secret into UCP. This provides access to
the file share when Kubernetes attempts to mount the share into a pod. This key
can be found in the Azure Portal or retrieved as shown in the following example by the Azure CLI:
```bash
$ SA=mystorageaccount
$ RG=myresourcegroup
$ FS=myfileshare
# The Azure Storage Account Access Key can also be found in the Azure Portal
$ STORAGE_KEY=$(az storage account keys list --resource-group $RG --account-name $SA --query "[0].value" -o tsv)
$ kubectl create secret generic azure-secret \
--from-literal=azurestorageaccountname=$SA \
--from-literal=azurestorageaccountkey=$STORAGE_KEY
```
### Mount the Azure Files Share into a Kubernetes Pod
The final step is to mount the Azure Files Share, using the Kubernetes Secret, into
a Kubernetes Pod. The following code creates a standalone Kubernetes pod, but you
can also use alternative Kubernetes Objects such as Deployments, DaemonSets, or
StatefulSets, with the existing Azure Files Share.
```bash
$ FS=myfileshare
$ cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
name: mypod-azurefile
spec:
containers:
- image: nginx
name: mypod
volumeMounts:
- name: mystorage
mountPath: /data
volumes:
- name: mystorage
azureFile:
secretName: azure-secret
shareName: $FS
readOnly: false
EOF
```
## Dynamically Provisioning Azure Files Shares
### Defining the Azure Disk Storage Class
Kubernetes can dynamically provision Azure Files Shares using the Azure
Kubernetes integration, which was configured when UCP was installed. For
Kubernetes to know which APIs to use when provisioning storage, you must
create Kubernetes Storage Classes specific to each storage
backend. For more information on Kubernetes Storage Classes, see [Storage
Classes](https://kubernetes.io/docs/concepts/storage/storage-classes/).
> Today, only the Standard Storage Class is supported when using the Azure
> Kubernetes Plugin. File shares using the Premium Storage Class will fail to
> mount.
```bash
$ cat <<EOF | kubectl create -f -
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: standard
provisioner: kubernetes.io/azure-file
mountOptions:
- dir_mode=0777
- file_mode=0777
- uid=1000
- gid=1000
parameters:
skuName: Standard_LRS
EOF
```
To see which Storage Classes have been provisioned:
```bash
$ kubectl get storageclasses
NAME PROVISIONER AGE
azurefile kubernetes.io/azure-file 1m
```
### Creating an Azure Files Share using a Persistent Volume Claim
After you create a Storage Class, you can use Kubernetes
Objects to dynamically provision Azure Files Shares. This is done using
Kubernetes Persistent Volumes Claims
[PVCs](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#introduction).
Kubernetes uses an existing Azure Storage Account if one exists inside of the
Azure Resource Group. If an Azure Storage Account does not exist,
Kubernetes creates one.
The following example uses the standard storage class and creates a 5 GB Azure
File Share. Alter these values to fit your use case.
```bash
$ cat <<EOF | kubectl create -f -
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: azure-file-pvc
spec:
accessModes:
- ReadWriteMany
storageClassName: standard
resources:
requests:
storage: 5Gi
EOF
```
At this point, you should see a newly created Persistent Volume Claim and Persistent Volume:
```bash
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
azure-file-pvc Bound pvc-f7ccebf0-70e0-11e9-8d0a-0242ac110007 5Gi RWX standard 22s
$ kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-f7ccebf0-70e0-11e9-8d0a-0242ac110007 5Gi RWX Delete Bound default/azure-file-pvc standard 2m
```
### Attach the new Azure Files Share to a Kubernetes Pod
Now that a Kubernetes Persistent Volume has been created, mount this into
a Kubernetes Pod. The file share can be consumed by any Kubernetes object type
such as a Deployment, DaemonSet, or StatefulSet. However, the following
example just mounts the persistent volume into a standalone pod.
```bash
$ cat <<EOF | kubectl create -f -
kind: Pod
apiVersion: v1
metadata:
name: mypod
spec:
containers:
- name: task-pv-container
image: nginx
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/usr/share/nginx/html"
name: storage
volumes:
- name: storage
persistentVolumeClaim:
claimName: azure-file-pvc
EOF
```
## Where to go next
- [Deploy an Ingress Controller on
Kubernetes](/ee/ucp/kubernetes/layer-7-routing/)
- [Discover Network Encryption on
Kubernetes](/ee/ucp/kubernetes/kubernetes-network-encryption/)