fix

umagnus · umagnus · commit 6ea668d317c2 · 2024-07-11T04:30:26.000Z
diff --git a/deploy/example/mountstorage/README.md b/deploy/example/mountstorage/README.md
@@ -15,15 +15,71 @@ You can also use a different managed-identity for different persistent volumes (
 
 - Run `az account set --subscription "mysubscription"` to select the right subscription
 
-- Create a storage account container, e.g.
+- Create a storage account container(optional in dynamic provisioning), e.g.
     ```bash
     resourcegroup="blobfuse-mi"
     storageaccountname="myaksblob"
     az storage account create -g "$resourcegroup" -n "$storageaccountname" --access-tier Hot  --sku Standard_LRS
     az storage container create -n mycontainer --account-name "$storageaccountname" --public-access off
     ```
+    
+## dynamic provisioning in an existing resource group
+
+1. Grant cluster system assigned identity and kubelet identity `Contributor` role to resource group, if mount in an existing storage account, then should also grant identities to storage account
 
-## Option#1: grant kubelet identity access to storage account
+1. Grant kubelet identity `Storage Blob Data Owner` role to resource group to mount blob storage, if mount in an existing storage account, then should also grant identity to storage account
+
+1. Create a storage class in an existing resource group
+    - Option#1 create storage account by CSI driver, will create a new storage account when `storageAccount` and `containerName` are not provided.
+    - Option#2 use your own storage account, set storage account name for `storageAccount`, you can also set an existing container name for `containerName` if you want to mount an existing container.
+    ```yml
+    apiVersion: storage.k8s.io/v1
+    kind: StorageClass
+    metadata:
+      name: blob-fuse
+    provisioner: blob.csi.azure.com
+    parameters:
+      skuName: Premium_LRS 
+      protocol: fuse
+      resourceGroup: EXISTING_RESOURCE_GROUP_NAME
+      storageAccount: EXISTING_STORAGE_ACCOUNT_NAME # optional, if use existing storage account
+      containerName: EXISTING_CONTAINER_NAME # optional, if use existing container
+      AzureStorageAuthType: MSI
+      AzureStorageIdentityClientID: "xxxxx-xxxx-xxx-xxx-xxxxxxx"
+    reclaimPolicy: Delete
+    volumeBindingMode: Immediate
+    allowVolumeExpansion: true
+    mountOptions:
+      - -o allow_other
+      - --file-cache-timeout-in-seconds=120
+      - --use-attr-cache=true
+      - --cancel-list-on-mount-seconds=10  # prevent billing charges on mounting
+      - -o attr_timeout=120
+      - -o entry_timeout=120
+      - -o negative_timeout=120
+      - --log-level=LOG_WARNING  # LOG_WARNING, LOG_INFO, LOG_DEBUG
+      - --cache-size-mb=1000  # Default will be 80% of available memory, eviction will happen beyond that.
+    ```
+
+1. Create application
+    - Create a statefulset with volume mount
+      ```console
+      kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/statefulset.yaml
+      ```
+
+    - Execute `df -h` command in the container
+      ```console
+      kubectl exec -it statefulset-blob-0 -- df -h
+      ```
+      <pre>
+      Filesystem      Size  Used Avail Use% Mounted on
+      ...
+      blobfuse         14G   41M   13G   1% /mnt/blob
+      ...
+      </pre>
+
+## static provisioning(use an existing storage account)
+### Option#1: grant kubelet identity access to storage account
 
 1. Give kubelet identity access to storage account
     ```bash
@@ -38,7 +94,7 @@ You can also use a different managed-identity for different persistent volumes (
     az identity list -g "$resourcegroup" --query "[?name == 'blobfuse-mi-agentpool'].clientId" -o tsv
     ```
 
-## Option#2: grant a dedicated user-assigned managed identity access to storage account
+### Option#2: grant a dedicated user-assigned managed identity access to storage account
 You can use a dedicated user-assigned managed identity to mount the storage.
 
 1. Create user-assigned managed identity and give access to storage account
@@ -62,22 +118,27 @@ You can use a dedicated user-assigned managed identity to mount the storage.
     az identity list -g "$resourcegroup" --query "[?name == 'myaksblobmi'].clientId" -o tsv
     ```
 
-## Mount the azure blob storage
+### Mount the azure blob storage
+
+1. Create storage class
+    ```console
+    kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/storageclass-blobfuse.yaml
+    ```
 
-1. Create a ``volume.yaml`` file and set clientID for ``AzureStorageIdentityClientID``. \
+1. Create a `pv-blobfuse-csi-mount.yaml` file and set clientID for ``AzureStorageIdentityClientID``. \
    Please also check ``resourceGroup`` and ``storageAccount``.
     ```yml
     apiVersion: v1
     kind: PersistentVolume
     metadata:
-      name: pv-blob1
+      name: pv-blob
     spec:
       capacity:
         storage: 10Gi
       accessModes:
         - ReadWriteMany
       persistentVolumeReclaimPolicy: Retain  # If set as "Delete" container would be removed after pvc deletion
-      storageClassName: azureblob-fuse-premium
+      storageClassName: blob-fuse
       mountOptions:
         - -o allow_other
         - --file-cache-timeout-in-seconds=120
@@ -86,133 +147,31 @@ You can use a dedicated user-assigned managed identity to mount the storage.
         readOnly: false
         # make sure this volumeid is unique in the cluster
         # `#` is not allowed in self defined volumeHandle
-        volumeHandle: pv-blob1
+        volumeHandle: pv-blob
         volumeAttributes:
           protocol: fuse
           resourceGroup: blobfuse-mi
           storageAccount: myaksblob
           containerName: mycontainer
           AzureStorageAuthType: MSI
           AzureStorageIdentityClientID: "xxxxx-xxxx-xxx-xxx-xxxxxxx"
-    
-    ---
-    
-    apiVersion: v1
-    kind: PersistentVolumeClaim
-    metadata:
-      name: pvc-blob1
-    spec:
-      accessModes:
-        - ReadWriteMany
-      resources:
-        requests:
-          storage: 10Gi
-      volumeName: pv-blob1
-      storageClassName: azureblob-fuse-premium
-    ```
-
-1. Create a ``deployment.yaml`` file.
-    ```yml
-    apiVersion: apps/v1
-    kind: Deployment
-    metadata:
-      labels:
-        app: nginx
-      name: deployment-blob
-    spec:
-      replicas: 1
-      selector:
-        matchLabels:
-          app: nginx
-      template:
-        metadata:
-          labels:
-            app: nginx
-          name: deployment-blob
-        spec:
-          nodeSelector:
-            "kubernetes.io/os": linux
-          containers:
-            - name: deployment-blob
-              image: mcr.microsoft.com/oss/nginx/nginx:1.17.3-alpine
-              command:
-                - "/bin/sh"
-                - "-c"
-                - while true; do echo $(date) >> /mnt/blob/outfile; sleep 1; done
-              volumeMounts:
-                - name: blob
-                  mountPath: "/mnt/blob"
-                  readOnly: false
-          volumes:
-            - name: blob
-              persistentVolumeClaim:
-                claimName: pvc-blob1
-      strategy:
-        rollingUpdate:
-          maxSurge: 0
-          maxUnavailable: 1
-        type: RollingUpdate
     ```
 
-1. Apply the yaml files
-    ```bash
-    # create pv and pvc
-    kubectl apply -f volume.yaml
+1. Create PV
+    ```console
+    kubectl create -f pv-blobfuse-csi-mount.yaml
     # check it
     kubectl get pv
-    kubectl get pvc
-
-    # create deployment
-    kubectl apply -f deployment.yaml
-    # check pod
-    kubectl get pods
-    ```
-
-# dynamic provisioning in an existing resource group
-
-1. Grant cluster system assigned identity and kubelet identity `Contributor` role to resource group, if mount in an existing storage account, then should also grant identity to storage account
-
-1. Grant kubelet identity `Storage Blob Data Owner` role to resource group to mount blob storage, if mount in an existing storage account, then should also grant identity to storage account
-
-1. Create a storage class and give an existing resource group, CSI will create a new storage account when `storageAccount` is not provided.
-    ```yml
-    apiVersion: storage.k8s.io/v1
-    kind: StorageClass
-    metadata:
-      name: blob-fuse
-    provisioner: blob.csi.azure.com
-    parameters:
-      skuName: Premium_LRS 
-      protocol: fuse
-      resourceGroup: EXISTING_RESOURCE_GROUP_NAME
-      storageAccount: EXISTING_STORAGE_ACCOUNT_NAME # optional, if use existing storage account
-      containerName: EXISTING_CONTAINER_NAME # optional, if use existing container
-      AzureStorageAuthType: MSI
-      AzureStorageIdentityClientID: "xxxxx-xxxx-xxx-xxx-xxxxxxx"
-    reclaimPolicy: Delete
-    volumeBindingMode: Immediate
-    allowVolumeExpansion: true
-    mountOptions:
-      - -o allow_other
-      - --file-cache-timeout-in-seconds=120
-      - --use-attr-cache=true
-      - --cancel-list-on-mount-seconds=10  # prevent billing charges on mounting
-      - -o attr_timeout=120
-      - -o entry_timeout=120
-      - -o negative_timeout=120
-      - --log-level=LOG_WARNING  # LOG_WARNING, LOG_INFO, LOG_DEBUG
-      - --cache-size-mb=1000  # Default will be 80% of available memory, eviction will happen beyond that.
     ```
 
-1. Using dynamic provisioning
+1. Create PVC and a deployment with volume mount
     ```console
-    # create pvc and deployment
-    kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/deployment.yaml
+    kubectl create -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/deployment.yaml
     # check pod
     kubectl get pods
     ```
 
-# how to add another pv with a dedicated user-assigned identity?
+## how to add another pv with a dedicated user-assigned identity?
 
 1. Create another user-assigned managed identity and give access to storage account
     ```bash
diff --git a/deploy/example/mountstorage/deployment.yaml b/deploy/example/mountstorage/deployment.yaml
diff --git a/deploy/example/mountstorage/pv-blobfuse-csi-mount.yaml b/deploy/example/mountstorage/pv-blobfuse-csi-mount.yaml
@@ -1,14 +1,14 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: pv-blob1
+  name: pv-blob
 spec:
   capacity:
     storage: 10Gi
   accessModes:
     - ReadWriteMany
   persistentVolumeReclaimPolicy: Retain  # If set as "Delete" container would be removed after pvc deletion
-  storageClassName: azureblob-fuse-premium
+  storageClassName: blob-fuse
   mountOptions:
     - -o allow_other
     - --file-cache-timeout-in-seconds=120
@@ -17,26 +17,11 @@ spec:
     readOnly: false
     # make sure this volumeid is unique in the cluster
     # `#` is not allowed in self defined volumeHandle
-    volumeHandle: pv-blob1
+    volumeHandle: pv-blob
     volumeAttributes:
       protocol: fuse
       resourceGroup: aks-fuseblob-mi
       storageAccount: myaksblob
       containerName: mycontainer
       AzureStorageAuthType: MSI
       AzureStorageIdentityClientID: "xxxxxx-xxxx-xxxxxxxxxxx-xxxxxxx-xxxxx"
-
----
-
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: pvc-blob1
-spec:
-  accessModes:
-    - ReadWriteMany
-  resources:
-    requests:
-      storage: 10Gi
-  volumeName: pv-blob1
-  storageClassName: azureblob-fuse-premium
