OKD supports Microsoft Azure File volumes. You can provision your OKD cluster with persistent storage using Azure. Some familiarity with Kubernetes and Azure is assumed.

High availability of storage in the infrastructure is left to the underlying storage provider.

Before you begin

  1. Install samba-client, samba-common, and cifs-utils on all nodes:

    $ sudo yum install samba-client samba-common cifs-utils
  2. Enable SELinux booleans on all nodes:

    $ /usr/sbin/setsebool -P virt_use_samba on
    $ /usr/sbin/setsebool -P virt_sandbox_use_samba on

Mount options are not available in OKD 3.7.43. You cannot use Azure File in OKD 3.7.43. To use Azure file, upgrade to OKD 3.7.46.

Configuring Azure File for regional cloud

While Azure Disk is compatible with multiple regional clouds, Azure File supports only the Azure public cloud, because the endpoint is hard-coded.

Creating the PV

Azure File does not support the Recycle reclaim policy.

Creating the Azure Storage Account secret

Define the Azure Storage Account name and key in a secret configuration, which is then converted to base64 for use by OKD.

  1. Obtain an Azure Storage Account name and key and encode to base64:

    apiVersion: v1
    kind: Secret
      name: azure-secret
    type: Opaque
      azurestorageaccountname: azhzdGVzdA==
      azurestorageaccountkey: eElGMXpKYm5ub2pGTE1Ta0JwNTBteDAyckhzTUsyc2pVN21GdDRMMTNob0I3ZHJBYUo4akQ2K0E0NDNqSm9nVjd5MkZVT2hRQ1dQbU02WWFOSHk3cWc9PQ==
  2. Save the secret definition to a file, for example azure-secret.yaml, then create the secret:

    $ oc create -f azure-secret.yaml
  3. Verify that the secret was created:

    $ oc get secret azure-secret
    NAME          TYPE      DATA      AGE
    azure-secret   Opaque    1         23d
  4. Define the PV in an object definition before creating it in OKD:

    PV object definition using Azure File example
    apiVersion: "v1"
    kind: "PersistentVolume"
      name: "pv0001" (1)
        storage: "5Gi" (2)
        - "ReadWriteMany"
      azureFile: (3)
        secretName: azure-secret (4)
        shareName: example (5)
        readOnly: false (6)
    1 The name of the volume. This is how it is identified via PV claims or from pods.
    2 The amount of storage allocated to this volume.
    3 This defines the volume type being used: azureFile plug-in.
    4 The name of the secret used.
    5 The name of the file share.
    6 Defaults to false (read/write). ReadOnly here forces the ReadOnly setting in VolumeMounts.
  5. Save the definition to a file, for example azure-file-pv.yaml, and create the PV:

    $ oc create -f azure-file-pv.yaml
    persistentvolume "pv0001" created
  6. Verify that the PV was created:

    $ oc get pv
    pv0001    <none>    5Gi        RWM           Available                       2s

Now you can request storage using PV claims, which can now use your new PV.

PV claims only exist in the user’s namespace and can only be referenced by a pod within that same namespace. Any attempt to access a PV from a different namespace causes the pod to fail.