Merge pull request #271870 from anthonychu/20240401-add-nfs

v-shils · web-flow · commit 7d772362d139 · 2024-04-15T11:50:31.000-07:00
[Container Apps] Add NFS file shares
diff --git a/articles/container-apps/storage-mounts-azure-files.md b/articles/container-apps/storage-mounts-azure-files.md
@@ -24,6 +24,9 @@ In this tutorial, you learn how to:
 > * Mount the storage share in an individual container
 > * Verify the storage mount by viewing the website access log
 
+> [!NOTE]
+> Azure Container Apps supports mounting file shares using SMB and NFS protocols. This tutorial demonstrates mounting an Azure Files share using the SMB protocol. To learn more about mounting NFS shares, see [Use storage mounts in Azure Container Apps](storage-mounts.md).
+
 ## Prerequisites
 
 - Install the latest version of the [Azure CLI](/cli/azure/install-azure-cli).
diff --git a/articles/container-apps/storage-mounts.md b/articles/container-apps/storage-mounts.md
@@ -6,7 +6,7 @@ author: craigshoemaker
 ms.service: container-apps
 ms.custom: devx-track-azurecli
 ms.topic: conceptual
-ms.date: 09/13/2023
+ms.date: 04/10/2024
 ms.author: cshoe
 zone_pivot_groups: arm-azure-cli-portal
 ---
@@ -23,7 +23,7 @@ A container app has access to different types of storage. A single app can take
 
 ## Ephemeral storage
 
-A container app can read and write temporary data to ephemeral storage. Ephermal storage can be scoped to a container or a replica. The total amount of container-scoped and replica-scoped storage available to each replica depends on the total amount of vCPUs allocated to the replica.
+A container app can read and write temporary data to ephemeral storage. Ephemeral storage can be scoped to a container or a replica. The total amount of container-scoped and replica-scoped storage available to each replica depends on the total amount of vCPUs allocated to the replica.
 
 | vCPUs | Total ephemeral storage |
 |--|--|
@@ -227,12 +227,21 @@ Azure Files storage has the following characteristics:
 * All containers that mount the share can access files written by any other container or method.
 * More than one Azure Files volume can be mounted in a single container.
 
-To enable Azure Files storage in your container, you need to set up your container as follows:
+Azure Files supports both SMB and NFS protocols. You can mount an Azure Files share using either protocol. The file share you define in the environment must be configured with the same protocol used by the file share in the storage account.
+
+> [!NOTE]
+> Support for mounting NFS shares in Azure Container Apps is in preview.
+
+To enable Azure Files storage in your container, you need to set up your environment and container app as follows:
 
 * Create a storage definition in the Container Apps environment.
-* Define a volume of type `AzureFile` in a revision.
+* If you are using NFS, your environment must be configured with a custom VNet and the storage account must be configured to allow access from the VNet. For more information, see [NFS file shares in Azure Files
+](../storage/files/files-nfs-protocol.md).
+* If your environment is configured with a custom VNet, you must allow ports 445 and 2049 in the network security group (NSG) associated with the subnet.
+* Define a volume of type `AzureFile` (SMB) or `NfsAzureFile` (NFS) in a revision.
 * Define a volume mount in one or more containers in the revision.
 * The Azure Files storage account used must be accessible from your container app's virtual network. For more information, see [Grant access from a virtual network](/azure/storage/common/storage-network-security#grant-access-from-a-virtual-network).
+    * If you're using NFS, you must also disable secure transfer. For more information, see [NFS file shares in Azure Files](../storage/files/files-nfs-protocol.md) and the *Create an NFS Azure file share* section in [this tutorial](../storage/files/storage-files-quick-create-use-linux.md#create-an-nfs-azure-file-share).
 
 ### Prerequisites
 
@@ -248,13 +257,16 @@ To enable Azure Files storage in your container, you need to set up your contain
 
 When configuring a container app to mount an Azure Files volume using the Azure CLI, you must use a YAML definition to create or update your container app.
 
-For a step-by-step tutorial, refer to [Create an Azure Files storage mount in Azure Container Apps](storage-mounts-azure-files.md).
+For a step-by-step tutorial on mounting an SMB file share, refer to [Create an Azure Files storage mount in Azure Container Apps](storage-mounts-azure-files.md).
 
 1. Add a storage definition to your Container Apps environment.
-  
+
+    # [SMB](#tab/smb)
+
     ```azure-cli
     az containerapp env storage set --name my-env --resource-group my-group \
         --storage-name mystorage \
+        --storage-type AzureFile \
         --azure-file-account-name <STORAGE_ACCOUNT_NAME> \
         --azure-file-account-key <STORAGE_ACCOUNT_KEY> \
         --azure-file-share-name <STORAGE_SHARE_NAME> \
@@ -265,6 +277,28 @@ For a step-by-step tutorial, refer to [Create an Azure Files storage mount in Az
 
     Valid values for `--access-mode` are `ReadWrite` and `ReadOnly`.
 
+    # [NFS](#tab/nfs)
+
+    ```azure-cli
+    az containerapp env storage set --name my-env --resource-group my-group \
+        --storage-name mystorage \
+        --storage-type NfsAzureFile \
+        --server <NFS_SERVER> \
+        --azure-file-share-name <STORAGE_SHARE_NAME> \
+        --access-mode ReadWrite
+    ```
+
+    Replace `<NFS_SERVER>` with the NFS server address in the format `<STORAGE_ACCOUNT_NAME>.file.core.windows.net`. For example, if your storage account name is `mystorageaccount`, the NFS server address is `mystorageaccount.file.core.windows.net`.
+    
+    Replace `<STORAGE_SHARE_NAME>` with the name of the file share in the format `/<STORAGE_ACCOUNT_NAME>/<STORAGE_SHARE_NAME>`. For example, if your storage account name is `mystorageaccount` and the file share name is `myshare`, the share name is `/mystorageaccount/myshare`.
+
+    Valid values for `--access-mode` are `ReadWrite` and `ReadOnly`.
+
+    > [!NOTE]
+    > To mount NFS Azure Files, you must use a Container Apps environment with a custom VNet. The Storage account must be configured to allow access from the VNet.
+
+    ---
+
 1. To update an existing container app to mount a file share, export your app's specification to a YAML file named *app.yaml*.
 
     ```azure-cli
@@ -275,12 +309,14 @@ For a step-by-step tutorial, refer to [Create an Azure Files storage mount in Az
 
     - Add a `volumes` array to the `template` section of your container app definition and define a volume. If you already have a `volumes` array, add a new volume to the array.
         - The `name` is an identifier for the volume.
-        - For `storageType`, use `AzureFile`.
+        - For `storageType`, use `AzureFile` for SMB, or `NfsAzureFile` for NFS. This value must match the storage type you defined in the environment.
         - For `storageName`, use the name of the storage you defined in the environment.
     - For each container in the template that you want to mount Azure Files storage, define a volume mount in the `volumeMounts` array of the container definition.
         - The `volumeName` is the name defined in the `volumes` array.
         - The `mountPath` is the path in the container to mount the volume.
 
+    # [SMB](#tab/smb)
+
     ```yaml
     properties:
       managedEnvironmentId: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.App/managedEnvironments/<ENVIRONMENT_NAME>
@@ -298,6 +334,27 @@ For a step-by-step tutorial, refer to [Create an Azure Files storage mount in Az
           storageName: mystorage
     ```
 
+    # [NFS](#tab/nfs)
+
+    ```yaml
+    properties:
+      managedEnvironmentId: /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP_NAME>/providers/Microsoft.App/managedEnvironments/<ENVIRONMENT_NAME>
+      configuration:
+      template:
+        containers:
+        - image: <IMAGE_NAME>
+          name: my-container
+          volumeMounts:
+          - volumeName: azure-files-volume
+            mountPath: /my-files
+        volumes:
+        - name: azure-files-volume
+          storageType: NfsAzureFile
+          storageName: mystorage
+    ```
+
+    ---
+
 1. Update your container app using the YAML file.
 
     ```azure-cli
@@ -315,6 +372,8 @@ The following ARM template snippets demonstrate how to add an Azure Files share
 
 1. Add a `storages` child resource to the Container Apps environment.
 
+    # [SMB](#tab/smb)
+
     ```json
     {
       "type": "Microsoft.App/managedEnvironments",
@@ -352,11 +411,66 @@ The following ARM template snippets demonstrate how to add an Azure Files share
     }
     ```
 
+    # [NFS](#tab/nfs)
+
+    ```json
+    {
+      "type": "Microsoft.App/managedEnvironments",
+      "apiVersion": "2023-05-01",
+      "name": "[parameters('environment_name')]",
+      "location": "[parameters('location')]",
+      "properties": {
+        "daprAIInstrumentationKey": "[parameters('dapr_ai_instrumentation_key')]",
+        "appLogsConfiguration": {
+          "destination": "log-analytics",
+          "logAnalyticsConfiguration": {
+            "customerId": "[parameters('log_analytics_customer_id')]",
+            "sharedKey": "[parameters('log_analytics_shared_key')]"
+          }
+        },
+        "workloadProfiles": [
+          {
+            "name": "Consumption",
+            "workloadProfileType": "Consumption"
+          }
+        ],
+        "vnetConfiguration": {
+          "infrastructureSubnetId": "[parameters('custom_vnet_subnet_id')]",
+          "internal": false
+        },
+      },
+      "resources": [
+        {
+          "type": "storages",
+          "name": "myazurefiles",
+          "apiVersion": "2023-11-02-preview",
+          "dependsOn": [
+            "[resourceId('Microsoft.App/managedEnvironments', parameters('environment_name'))]"
+          ],
+          "properties": {
+            "nfsAzureFile": {
+              "server": "[concat(parameters('storage_account_name'), '.file.core.windows.net')]",
+              "shareName": "[concat('/', parameters('storage_account_name'), '/', parameters('storage_share_name'))]",
+              "accessMode": "ReadWrite"
+            }
+          }
+        }
+      ]
+    }
+    ```
+
+    > [!NOTE]
+    > To mount NFS Azure Files, you must use a Container Apps environment with a custom VNet. The Storage account must be configured to allow access from the VNet.
+
+    ---
+
 1. Update the container app resource to add a volume and volume mount.
 
+    # [SMB](#tab/smb)
+
     ```json
     {
-      "apiVersion": "2022-03-01",
+      "apiVersion": "2023-05-01",
       "type": "Microsoft.App/containerApps",
       "name": "[parameters('containerappName')]",
       "location": "[parameters('location')]",
@@ -398,9 +512,57 @@ The following ARM template snippets demonstrate how to add an Azure Files share
     }
     ```
 
+    # [NFS](#tab/nfs)
+
+    ```json
+    {
+      "apiVersion": "2023-11-02-preview",
+      "type": "Microsoft.App/containerApps",
+      "name": "[parameters('containerappName')]",
+      "location": "[parameters('location')]",
+      "properties": {
+        
+        ...
+
+        "template": {
+          "revisionSuffix": "myrevision",
+          "containers": [
+            {
+              "name": "main",
+              "image": "[parameters('container_image')]",
+              "resources": {
+                "cpu": 0.5,
+                "memory": "1Gi"
+              },
+              "volumeMounts": [
+                {
+                  "mountPath": "/myfiles",
+                  "volumeName": "azure-files-volume"
+                }
+              ]
+            }
+          ],
+          "scale": {
+            "minReplicas": 1,
+            "maxReplicas": 3
+          },
+          "volumes": [
+            {
+              "name": "azure-files-volume",
+              "storageType": "NfsAzureFile",
+              "storageName": "myazurefiles"
+            }
+          ]
+        }
+      }
+    }
+    ```
+
+    ---
+
     - Add a `volumes` array to the `template` section of your container app definition and define a volume. If you already have a `volumes` array, add a new volume to the array.
         - The `name` is an identifier for the volume.
-        - For `storageType`, use `AzureFile`.
+        - For `storageType`, use `AzureFile` for SMB, or `NfsAzureFile` for NFS. This value must match the storage type you defined in the environment.
         - For `storageName`, use the name of the storage you defined in the environment.
     - For each container in the template that you want to mount Azure Files storage, define a volume mount in the `volumeMounts` array of the container definition.
         - The `volumeName` is the name defined in the `volumes` array.
@@ -412,6 +574,8 @@ See the [ARM template API specification](azure-resource-manager-api-spec.md) for
 
 ::: zone pivot="azure-portal"
 
+# [SMB](#tab/smb)
+
 To configure a volume mount for Azure Files storage in the Azure portal, add a file share to your Container Apps environment and then add a volume mount to your container app by creating a new revision.
 
 1. In the Azure portal, navigate to your Container Apps environment.
@@ -451,4 +615,10 @@ To configure a volume mount for Azure Files storage in the Azure portal, add a f
 
 1. Select **Create** to create the new revision.
 
+# [NFS](#tab/nfs)
+
+Azure portal doesn't support creating NFS Azure Files volumes. To create an NFS Azure Files volume, use the [Azure CLI](storage-mounts.md?tabs=nfs&pivots=azure-cli#azure-files) or [ARM template](storage-mounts.md?tabs=nfs&pivots=azure-resource-manager#azure-files).
+
+---
+
 ::: zone-end
