You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4.2 KiB

Azure Disk CSI Driver

The Azure Disk CSI driver allows you to provision volumes for pods with a Kubernetes deployment over Azure Cloud. The CSI driver replaces to volume provisioning done by the in-tree azure cloud provider which is deprecated.

This documentation is an updated version of the in-tree Azure cloud provider documentation (

To deploy Azure Disk CSI driver, uncomment the azure_csi_enabled option in group_vars/all/azure.yml and set it to true.

Azure Disk CSI Storage Class

If you want to deploy the Azure Disk storage class to provision volumes dynamically, you should set persistent_volumes_enabled in group_vars/k8s_cluster/k8s_cluster.yml to true.


Before creating the instances you must first set the azure_csi_ variables in the group_vars/all.yml file.

All values can be retrieved using the azure cli tool which can be downloaded here:

After installation you have to run az login to get access to your account.

azure_csi_tenant_id + azure_csi_subscription_id

Run az account show to retrieve your subscription id and tenant id: azure_csi_tenant_id -> tenantId field azure_csi_subscription_id -> id field


The region your instances are located in, it can be something like francecentral or norwayeast. A full list of region names can be retrieved via az account list-locations


The name of the resource group your instances are in, a list of your resource groups can be retrieved via az group list

Or you can do az vm list | grep resourceGroup and get the resource group corresponding to the VMs of your cluster.

The resource group name is not case-sensitive.


The name of the virtual network your instances are in, can be retrieved via az network vnet list


The name of the resource group your vnet is in, can be retrieved via az network vnet list | grep resourceGroup and get the resource group corresponding to the vnet of your cluster.


The name of the subnet your instances are in, can be retrieved via az network vnet subnet list --resource-group RESOURCE_GROUP --vnet-name VNET_NAME


The name of the network security group your instances are in, can be retrieved via az network nsg list

azure_csi_aad_client_id + azure_csi_aad_client_secret

These will have to be generated first:

  • Create an Azure AD Application with:

    az ad app create --display-name kubespray --identifier-uris http://kubespray --homepage --password CLIENT_SECRET

Display name, identifier-uri, homepage and the password can be chosen

Note the AppId in the output.

  • Create Service principal for the application with:

    az ad sp create --id AppId

This is the AppId from the last command

  • Create the role assignment with:

    az role assignment create --role "Owner" --assignee http://kubespray --subscription SUBSCRIPTION_ID

azure_csi_aad_client_id must be set to the AppId, azure_csi_aad_client_secret is your chosen secret.


Use instance metadata service where possible. Boolean value.

Test the Azure Disk CSI driver

To test the dynamic provisioning using Azure CSI driver, make sure to have the storage class deployed (through persistent volumes), and apply the following manifest:

apiVersion: v1
kind: PersistentVolumeClaim
  name: pvc-azuredisk
    - ReadWriteOnce
      storage: 1Gi
kind: Pod
apiVersion: v1
  name: nginx-azuredisk
  nodeSelector: linux
    - image: nginx
      name: nginx-azuredisk
        - "/bin/sh"
        - "-c"
        - while true; do echo $(date) >> /mnt/azuredisk/outfile; sleep 1; done
        - name: azuredisk
          mountPath: "/mnt/azuredisk"
    - name: azuredisk
        claimName: pvc-azuredisk