Question about the secrect of Azure Storage Account?

[fengli858]

Could you explain how to use azure-secret.yaml (azure storage secret) in your process? I do not see how the azure-secret to be used? Thanks!

[andyzhangx]

azure-secret.yaml could be used in azure file, see example:
https://github.com/andyzhangx/Demo/tree/master/linux/azurefile#static-provisioning-for-azure-file-in-linux-support-from-v150

[fengli858]

@andyzhangx My Linux Pods are able to connect to my azure file share. My real problem is my Windows Pods are not able to connect to the existing Azure file shares (for both same resource group and different resource group). my k8s hybrid cluster (0.8.0) kubernetes 1.8.0.
the windows test pod yaml file is (static).
Thank you for your help!
apiVersion: v1
kind: Pod
metadata:
name: iis-azfile01
spec:
nodeSelector:
beta.kubernetes.io/os: windows
containers:

• image: microsoft/iis:latest
  name: iis-azfile01
  volumeMounts:
  • name: azureiis
    mountPath: '/mnt/azure'
    volumes:
  • name: azureiis
    azureFile:
    secretName: azure-secret
    shareName: k8stest02
    readOnly: false

[fengli858]

@andyzhangx I also follow you example of Windows Pods dynamic binding to azure files shares on k8s 1.8.0 (acs-engine 0.8.0). The file mount within the Windows Pods did not work. (The dynamic file share was created in storage account, but the pods cannot write file to it.)

[andyzhangx]

@fengli858 sorry I should update the azure file example doc earlier: azure file mount feature is only supported on Windows Server version 1709.
For how to set up k8s cluster with windows 1709, you should git pull latest acs-engine, make build, and then go build to get the most updated acs-engine binary and then follow the update example doc here:
https://github.com/andyzhangx/Demo/tree/master/windows/azurefile

Let me know if you have any other issue, thx.

[fengli858]

@andyzhangx Youe examples are very helpful! I am updating my systems to 1709 to try the Microsoft new docker images 1709. Thanks!

[fengli858]

@andyzhangx The problem of Kubernetes mount volume within Pod on Azure File Shares has been resolved after using new Microsoft Windows Container base image 1709 (for Windows Server 1709)!
Steps to resolve the issue: (Static binding to storage account at different resource group)

1. Rebuild Docker image using the Microsoft Windows Container Images tagged with 1709. (microsoft/aspnet: 3.5-windowsservercore-1709)
2. Create Kubernetes cluster on Azure using acs-engine 0.9.4 (github.com). The cluster has 2 Window’s work agent with Windows Server 1709.
3. Deploy the Docker images to cluster (with Azure File volume mount and storage access secrets) (see below yaml file)
4. My website custom log files appear on Azure File Shares (Azure storage account).
   Thank you for your hints!

[fengli858]

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: azurefile1709
spec:
replicas: 1
template:
metadata:
labels:
app: azurefile1709
spec:
nodeSelector:
beta.kubernetes.io/os: windows
containers:
- image: microsoft/aspnet:3.5-windowsservercore-1709
name: azurefile1709
ports:
- containerPort: 80
volumeMounts:
- name: azure
mountPath: '/mnt/azure'
volumes:
- name: azure
azureFile:
secretName: azure-secret
shareName: agilek8stest
readOnly: false

[fengli858]

@andyzhangx (1) For acs-engine 0.9.3 cluster (kubernetes 1.8.2), I got lots of error message when I deployed the Pods (such as Sync Pods Error, Cannot create sandbox ...) (2) When I switch to acs-engine 0.9.4 (kubenetes 1.8.2), the cluster works fine so far. (only 2 days -:))
Thanks!