AKS
Prerequisites
Your cluster must be running Stork 2.4 or higher. To install Stork on your Kubernetes cluster, copy and paste the command displayed below the Kubernetes Service radio group.
curl -fsL -o stork-spec.yaml "https://install.portworx.com/2.8?comp=stork&storkNonPx=true" kubectl apply -f stork-spec.yaml
Create a service principal in Azure AD:
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9"
If you do not want to use the
“Contributor”
role, then use the following permissions for PX-Backup on Azure:az role definition create --role-definition '{ "Name": "px-backup", "Description": "", "AssignableScopes": [ "/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9" ], "Permissions": [ { "Actions": [ "Microsoft.Compute/snapshots/read", "Microsoft.Compute/snapshots/write", "Microsoft.Compute/snapshots/delete", "Microsoft.Compute/snapshots/beginGetAccess/action", "Microsoft.Compute/snapshots/endGetAccess/action", "Microsoft.Compute/diskAccesses/read", "Microsoft.Compute/diskAccesses/write", "Microsoft.Compute/diskAccesses/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnectionsApproval/action", "Microsoft.Compute/locations/diskOperations/read", "Microsoft.Compute/disks/write", "Microsoft.Compute/disks/read", "Microsoft.Compute/disks/delete", "Microsoft.Compute/disks/beginGetAccess/action", "Microsoft.Compute/disks/endGetAccess/action", "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/read", "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/beginGetAccess/action", "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/endGetAccess/action", "Microsoft.StoragePool/locations/diskPoolZones/read", "Microsoft.StoragePool/diskPools/read", "Microsoft.StoragePool/diskPools/write", "Microsoft.StoragePool/diskPools/delete", "Microsoft.StoragePool/diskPools/start/action", "Microsoft.StoragePool/diskPools/deallocate/action", "Microsoft.StoragePool/diskPools/upgrade/action", "Microsoft.StoragePool/diskPools/iscsiTargets/read", "Microsoft.StoragePool/diskPools/iscsiTargets/write", "Microsoft.StoragePool/diskPools/iscsiTargets/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/read", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/write", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/validate/action", "Microsoft.Compute/diskAccesses/privateEndpointConnections/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnections/read", "Microsoft.Compute/diskAccesses/privateEndpointConnections/write", "Microsoft.Compute/virtualMachineScaleSets/reimageAll/action", "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimageAll/action", "Microsoft.Compute/virtualMachines/capture/action", "Microsoft.Compute/virtualMachines/convertToManagedDisks/action", "Microsoft.Compute/virtualMachines/reimage/action", "Microsoft.Storage/storageAccounts/updateInternalProperties/action", "Microsoft.Storage/storageAccounts/hnsonmigration/action", "Microsoft.Storage/storageAccounts/restoreBlobRanges/action", "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action", "Microsoft.Storage/storageAccounts/failover/action", "Microsoft.Storage/storageAccounts/listkeys/action", "Microsoft.Storage/storageAccounts/regeneratekey/action", "Microsoft.Storage/storageAccounts/rotateKey/action", "Microsoft.Storage/storageAccounts/revokeUserDelegationKeys/action", "Microsoft.Storage/storageAccounts/delete", "Microsoft.Storage/storageAccounts/read", "Microsoft.Storage/storageAccounts/listAccountSas/action", "Microsoft.Storage/storageAccounts/listServiceSas/action", "Microsoft.Storage/storageAccounts/write", "Microsoft.Storage/storageAccounts/accountMigrations/read", "Microsoft.Storage/storageAccounts/accountMigrations/write", "Microsoft.Storage/storageAccounts/inventoryPolicies/delete", "Microsoft.Storage/storageAccounts/inventoryPolicies/read", "Microsoft.Storage/storageAccounts/inventoryPolicies/write", "Microsoft.Storage/storageAccounts/restorePoints/delete", "Microsoft.Storage/storageAccounts/restorePoints/read", "Microsoft.Storage/storageAccounts/fileServices/shares/action", "Microsoft.Storage/storageAccounts/fileServices/read", "Microsoft.Storage/storageAccounts/fileServices/write", "Microsoft.Storage/storageAccounts/fileServices/shares/delete", "Microsoft.Storage/storageAccounts/fileServices/shares/read", "Microsoft.Storage/storageAccounts/fileServices/shares/lease/action", "Microsoft.Storage/storageAccounts/fileServices/shares/write", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/read", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/write", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write", "Microsoft.Storage/storageAccounts/managementPolicies/delete", "Microsoft.Storage/storageAccounts/managementPolicies/read", "Microsoft.Storage/storageAccounts/managementPolicies/write" ], "NotActions": [], "DataActions": [], "NotDataActions": [] } ] }'
On your cluster, create a secret from your Azure tenant ID, client ID, and client secret, and then set an environment variable for Stork:
kubectl create secret generic -n kube-system px-azure \ --from-literal=AZURE_TENANT_ID=<tenant> \ --from-literal=AZURE_CLIENT_ID=<appId> \ --from-literal=AZURE_CLIENT_SECRET=<password>
Update Stork with the
px-azure
secret:kubectl set env --from=secret/px-azure deploy/stork -n kube-system
Add the cluster to PX-Backup
From the home page, select Add Cluster:
On the Add Kubernetes Cluster page, enter the cluster details:
- The name of the cluster
- Retrieve the Kubeconfig from your cluster and paste it in the Kubeconfig text frame, or select the Browse button to upload it from a file.
- Select the Others radio button from the Kubernetes Service radio group
Select the Submit button
Last edited: Tuesday, Mar 1, 2022
Questions? Visit the Portworx forum.