update disks flow

khdownie · khdownie · commit 20c0e7771055 · 2024-06-19T09:03:14.000-07:00
diff --git a/articles/storage/container-storage/use-container-storage-with-managed-disks.md b/articles/storage/container-storage/use-container-storage-with-managed-disks.md
@@ -4,7 +4,7 @@ description: Configure Azure Container Storage for use with Azure managed disks.
 author: khdownie
 ms.service: azure-container-storage
 ms.topic: how-to
-ms.date: 03/12/2024
+ms.date: 06/19/2024
 ms.author: kendownie
 ms.custom: references_regions
 ---
@@ -20,15 +20,25 @@ ms.custom: references_regions
 > [!NOTE]
 > To use Azure Container Storage with Azure managed disks, your AKS cluster should have a node pool of at least three [general purpose VMs](../../virtual-machines/sizes-general.md) such as **standard_d4s_v5** for the cluster nodes, each with a minimum of four virtual CPUs (vCPUs).
 
-## Create a storage pool
+## Create and attach persistent volumes
+
+Follow these steps to create and attach a persistent volume.
+
+### 1. Create a storage pool
 
 First, create a storage pool, which is a logical grouping of storage for your Kubernetes cluster, by defining it in a YAML manifest file.
 
-If you enabled Azure Container Storage using `az aks create` or `az aks update` commands, you might already have a storage pool. Use `kubectl get sp -n acstor` to get the list of storage pools. If you have a storage pool already available that you want to use, you can skip this section and proceed to [Display the available storage classes](#display-the-available-storage-classes).
+You have the following options for creating a storage pool:
+
+- [Create a dynamic storage pool](#create-a-dynamic-storage-pool)
+- [Create a pre-provisioned storage pool](#create-a-pre-provisioned-storage-pool) using pre-provisioned Azure managed disks
+- [Create a dynamic storage pool using your own encryption key (optional)](#create-a-dynamic-storage-pool-using-your-own-encryption-key-optional)
+
+If you enabled Azure Container Storage using `az aks create` or `az aks update` commands, you might already have a storage pool. Use `kubectl get sp -n acstor` to get the list of storage pools. If you have a storage pool already available that you want to use, you can skip this step and proceed to [Display the available storage classes](#display-the-available-storage-classes).
 
-Follow these steps to create a storage pool for Azure Disks. You can also:
-- [Create a storage pool with a pre-provisioned Azure managed disk](#create-a-pre-provisioned-storage-pool)
-- [Create a storage pool that has server-side encryption with customer managed keys enabled](#enable-server-side-encryption-with-customer-managed-keys)
+#### Create a dynamic storage pool
+
+Follow these steps to create a dynamic storage pool for Azure Disks.
 
 1. Use your favorite text editor to create a YAML manifest file such as `code acstor-storagepool.yaml`.
 
@@ -69,7 +79,115 @@ Follow these steps to create a storage pool for Azure Disks. You can also:
 
 When the storage pool is created, Azure Container Storage will create a storage class on your behalf, using the naming convention `acstor-<storage-pool-name>`. Now you can [display the available storage classes](#display-the-available-storage-classes) and [create a persistent volume claim](#create-a-persistent-volume-claim).
 
-## Display the available storage classes
+#### Create a pre-provisioned storage pool
+
+If you have Azure managed disks that are already provisioned, you can create a pre-provisioned storage pool using those disks. Because the disks are already provisioned, you don't need to specify the skuName or storage capacity when creating the storage pool.
+
+Follow these steps to create a pre-provisioned storage pool for Azure Disks.
+
+1. Sign in to the Azure portal.
+
+1. For each disk that you want to use, navigate to the Azure managed disk and select **Settings** > **Properties**. Copy the entire string under **Resource ID** and put it in a text file.
+
+1. Use your favorite text editor to create a YAML manifest file such as `code acstor-storagepool.yaml`.
+
+1. Paste in the following code. The storage pool **name** value can be whatever you want. Replace `<resource-id>` with the resource ID of each managed disk. Save the file.
+
+   ```yml
+   apiVersion: containerstorage.azure.com/v1
+   kind: StoragePool
+   metadata:
+     name: sp-preprovisioned
+     namespace: acstor
+   spec:
+     poolType:
+       azureDisk:
+         disks:
+           - reference <resource-id1>
+           - reference <resource-id2>
+   ```
+
+1. Apply the YAML manifest file to create the storage pool.
+   
+   ```azurecli-interactive
+   kubectl apply -f acstor-storagepool.yaml 
+   ```
+   
+   When storage pool creation is complete, you'll see a message like:
+   
+   ```output
+   storagepool.containerstorage.azure.com/sp-preprovisioned created
+   ```
+   
+   You can also run this command to check the status of the storage pool. Replace `<storage-pool-name>` with your storage pool **name** value. For this example, the value would be **sp-preprovisioned**.
+   
+   ```azurecli-interactive
+   kubectl describe sp <storage-pool-name> -n acstor
+   ```
+
+When the storage pool is created, Azure Container Storage will create a storage class on your behalf, using the naming convention `acstor-<storage-pool-name>`. Now you can [display the available storage classes](#display-the-available-storage-classes) and [create a persistent volume claim](#create-a-persistent-volume-claim).
+
+#### Create a dynamic storage pool using your own encryption key (optional)
+
+All data in an Azure storage account is encrypted at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys (CMK) when you create your storage pool to encrypt the persistent volumes that you'll create.
+
+To use your own key for server-side encryption, you must have an [Azure Key Vault](../../key-vault/general/overview.md) with a key. The Key Vault should have purge protection enabled, and it must use the Azure RBAC permission model. Learn more about [customer-managed keys on Linux](../../virtual-machines/disk-encryption.md#customer-managed-keys).
+
+When creating your storage pool, you must define the CMK parameters. The required CMK encryption parameters are:
+
+- **keyVersion** specifies the version of the key to use
+- **keyName** is the name of your key
+- **keyVaultUri** is the uniform resource identifier of the Azure Key Vault, for example `https://user.vault.azure.net`
+- **Identity** specifies a managed identity with access to the vault, for example `/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourcegroups/MC_user-acstor-westus2-rg_user-acstor-westus2_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/user-acstor-westus2-agentpool`
+
+Follow these steps to create a storage pool using your own encryption key. All persistent volumes created from this storage pool will be encrypted using the same key.
+
+1. Use your favorite text editor to create a YAML manifest file such as `code acstor-storagepool-cmk.yaml`.
+
+1. Paste in the following code, supply the required parameters, and save the file. The storage pool **name** value can be whatever you want. For **skuName**, specify the level of performance and redundancy. Acceptable values are Premium_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, PremiumV2_LRS, and StandardSSD_ZRS. For **storage**, specify the amount of storage capacity for the pool in Gi or Ti. Be sure to supply the CMK encryption parameters.
+
+   ```yml
+   apiVersion: containerstorage.azure.com/v1
+   kind: StoragePool
+   metadata:
+     name: azuredisk
+     namespace: acstor
+   spec:
+     poolType:
+       azureDisk:
+         skuName: Premium_LRS
+         encryption: {
+           keyVersion: "<key-version>",
+           keyName: "<key-name>",
+           keyVaultUri: "<key-vault-uri>",
+           identity: "<identity>"
+         }
+     resources:
+       requests:
+         storage: 1Ti
+   ```
+
+1. Apply the YAML manifest file to create the storage pool.
+   
+   ```azurecli-interactive
+   kubectl apply -f acstor-storagepool-cmk.yaml 
+   ```
+   
+   When storage pool creation is complete, you'll see a message like:
+   
+   ```output
+   storagepool.containerstorage.azure.com/azuredisk created
+   ```
+   
+   You can also run this command to check the status of the storage pool. Replace `<storage-pool-name>` with your storage pool **name** value. For this example, the value would be **azuredisk**.
+   
+   ```azurecli-interactive
+   kubectl describe sp <storage-pool-name> -n acstor
+   ```
+
+When the storage pool is created, Azure Container Storage will create a storage class on your behalf, using the naming convention `acstor-<storage-pool-name>`.
+
+### 2. Display the available storage classes
 
 When the storage pool is ready to use, you must select a storage class to define how storage is dynamically created when creating persistent volume claims and deploying persistent volumes.
 
@@ -78,7 +196,7 @@ Run `kubectl get sc` to display the available storage classes. You should see a
 > [!IMPORTANT]
 > Don't use the storage class that's marked **internal**. It's an internal storage class that's needed for Azure Container Storage to work.
 
-## Create a persistent volume claim
+### 3. Create a persistent volume claim
 
 A persistent volume claim (PVC) is used to automatically provision storage based on a storage class. Follow these steps to create a PVC using the new storage class. 
 
@@ -120,7 +238,7 @@ A persistent volume claim (PVC) is used to automatically provision storage based
 
 Once the PVC is created, it's ready for use by a pod.
 
-## Deploy a pod and attach a persistent volume
+### 4. Deploy a pod and attach a persistent volume
 
 Create a pod using [Fio](https://github.com/axboe/fio) (Flexible I/O Tester) for benchmarking and workload simulation, and specify a mount path for the persistent volume. For **claimName**, use the **name** value that you used when creating the persistent volume claim.
 
@@ -178,117 +296,11 @@ Create a pod using [Fio](https://github.com/axboe/fio) (Flexible I/O Tester) for
 
 You've now deployed a pod that's using Azure Disks as its storage, and you can use it for your Kubernetes workloads.
 
-## Create a pre-provisioned storage pool
-
-If you have Azure managed disks that are already provisioned, you can create a pre-provisioned storage pool using those disks. Because the disks are already provisioned, you don't need to specify the skuName or storage capacity when creating the storage pool.
-
-Follow these steps to create a pre-provisioned storage pool for Azure Disks.
-
-1. Sign in to the Azure portal.
-
-1. For each disk that you want to use, navigate to the Azure managed disk and select **Settings** > **Properties**. Copy the entire string under **Resource ID** and put it in a text file.
-
-1. Use your favorite text editor to create a YAML manifest file such as `code acstor-storagepool.yaml`.
-
-1. Paste in the following code. The storage pool **name** value can be whatever you want. Replace `<resource-id>` with the resource ID of each managed disk. Save the file.
-
-   ```yml
-   apiVersion: containerstorage.azure.com/v1
-   kind: StoragePool
-   metadata:
-     name: sp-preprovisioned
-     namespace: acstor
-   spec:
-     poolType:
-       azureDisk:
-         disks:
-           - reference <resource-id1>
-           - reference <resource-id2>
-   ```
-
-1. Apply the YAML manifest file to create the storage pool.
-   
-   ```azurecli-interactive
-   kubectl apply -f acstor-storagepool.yaml 
-   ```
-   
-   When storage pool creation is complete, you'll see a message like:
-   
-   ```output
-   storagepool.containerstorage.azure.com/sp-preprovisioned created
-   ```
-   
-   You can also run this command to check the status of the storage pool. Replace `<storage-pool-name>` with your storage pool **name** value. For this example, the value would be **sp-preprovisioned**.
-   
-   ```azurecli-interactive
-   kubectl describe sp <storage-pool-name> -n acstor
-   ```
-
-When the storage pool is created, Azure Container Storage will create a storage class on your behalf, using the naming convention `acstor-<storage-pool-name>`. Now you can [display the available storage classes](#display-the-available-storage-classes) and [create a persistent volume claim](#create-a-persistent-volume-claim).
-
-## Enable server-side encryption with customer-managed keys
-
-If you already created a storage pool or you prefer to use the default Microsoft-managed encryption keys, skip this section and proceed to [Display the available storage classes](#display-the-available-storage-classes).
-
-All data in an Azure storage account is encrypted at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys (CMK) to encrypt the persistent volumes that you'll create from an Azure Disk storage pool.
-
-To use your own key, you must have an [Azure Key Vault](../../key-vault/general/overview.md) with a key. The Key Vault should have purge protection enabled, and it must use the Azure RBAC permission model. Learn more about [customer-managed keys on Linux](../../virtual-machines/disk-encryption.md#customer-managed-keys).
+## Manage persistent volumes and storage pools
 
-When creating your storage pool, you must define the CMK parameters. The required CMK encryption parameters are:
-
-- **keyVersion** specifies the version of the key to use
-- **keyName** is the name of your key
-- **keyVaultUri** is the uniform resource identifier of the Azure Key Vault, for example `https://user.vault.azure.net`
-- **Identity** specifies a managed identity with access to the vault, for example `/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourcegroups/MC_user-acstor-westus2-rg_user-acstor-westus2_westus2/providers/Microsoft.ManagedIdentity/userAssignedIdentities/user-acstor-westus2-agentpool`
-
-Follow these steps to create a storage pool using your own encryption key. All persistent volumes created from this storage pool will be encrypted using the same key.
-
-1. Use your favorite text editor to create a YAML manifest file such as `code acstor-storagepool-cmk.yaml`.
-
-1. Paste in the following code, supply the required parameters, and save the file. The storage pool **name** value can be whatever you want. For **skuName**, specify the level of performance and redundancy. Acceptable values are Premium_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, PremiumV2_LRS, and StandardSSD_ZRS. For **storage**, specify the amount of storage capacity for the pool in Gi or Ti. Be sure to supply the CMK encryption parameters.
-
-   ```yml
-   apiVersion: containerstorage.azure.com/v1
-   kind: StoragePool
-   metadata:
-     name: azuredisk
-     namespace: acstor
-   spec:
-     poolType:
-       azureDisk:
-         skuName: Premium_LRS
-         encryption: {
-           keyVersion: "<key-version>",
-           keyName: "<key-name>",
-           keyVaultUri: "<key-vault-uri>",
-           identity: "<identity>"
-         }
-     resources:
-       requests:
-         storage: 1Ti
-   ```
-
-1. Apply the YAML manifest file to create the storage pool.
-   
-   ```azurecli-interactive
-   kubectl apply -f acstor-storagepool-cmk.yaml 
-   ```
-   
-   When storage pool creation is complete, you'll see a message like:
-   
-   ```output
-   storagepool.containerstorage.azure.com/azuredisk created
-   ```
-   
-   You can also run this command to check the status of the storage pool. Replace `<storage-pool-name>` with your storage pool **name** value. For this example, the value would be **azuredisk**.
-   
-   ```azurecli-interactive
-   kubectl describe sp <storage-pool-name> -n acstor
-   ```
-
-When the storage pool is created, Azure Container Storage will create a storage class on your behalf, using the naming convention `acstor-<storage-pool-name>`.
+Now that you've created a persistent volume, you can detach and reattach it as needed. You can also expand or delete a storage pool.
 
-## Detach and reattach a persistent volume
+### Detach and reattach a persistent volume
 
 To detach a persistent volume, delete the pod that the persistent volume is attached to. Replace `<pod-name>` with the name of the pod, for example **fiopod**.
 
@@ -300,7 +312,7 @@ To reattach a persistent volume, simply reference the persistent volume claim na
 
 To check which persistent volume a persistent volume claim is bound to, run `kubectl get pvc <persistent-volume-claim-name>`.
 
-## Expand a storage pool
+### Expand a storage pool
 
 You can expand storage pools backed by Azure Disks to scale up quickly and without downtime. Shrinking storage pools isn't currently supported.
 
@@ -336,7 +348,7 @@ Follow these instructions to expand an existing storage pool for Azure Disks.
 
 1. Run `kubectl get sp -A` and the storage pool should reflect the new size.
 
-## Delete a storage pool
+### Delete a storage pool
 
 If you want to delete a storage pool, run the following command. Replace `<storage-pool-name>` with the storage pool name.
 
