Add AKS clusters
Prerequisites
Your cluster must be running Stork 2.10 or higher. To install Stork on your Kubernetes cluster, copy and paste the command displayed below the Kubernetes Service radio group.
curl -fsL -o stork-spec.yaml "https://install.portworx.com/pxbackup?comp=stork&storkNonPx=true" kubectl apply -f stork-spec.yaml
Create a service principal in Azure AD:
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9"
If you do not want to use the
“Contributor”
role, then use the following permissions for PX-Backup on Azure:az role definition create --role-definition '{ "Name": "px-backup", "Description": "", "AssignableScopes": [ "/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9" ], "Permissions": [ { "Actions": [ "Microsoft.Compute/snapshots/read", "Microsoft.Compute/snapshots/write", "Microsoft.Compute/snapshots/delete", "Microsoft.Compute/snapshots/beginGetAccess/action", "Microsoft.Compute/snapshots/endGetAccess/action", "Microsoft.Compute/diskAccesses/read", "Microsoft.Compute/diskAccesses/write", "Microsoft.Compute/diskAccesses/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnectionsApproval/action", "Microsoft.Compute/locations/diskOperations/read", "Microsoft.Compute/disks/write", "Microsoft.Compute/disks/read", "Microsoft.Compute/disks/delete", "Microsoft.Compute/disks/beginGetAccess/action", "Microsoft.Compute/disks/endGetAccess/action", "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/read", "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/beginGetAccess/action", "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/endGetAccess/action", "Microsoft.StoragePool/locations/diskPoolZones/read", "Microsoft.StoragePool/diskPools/read", "Microsoft.StoragePool/diskPools/write", "Microsoft.StoragePool/diskPools/delete", "Microsoft.StoragePool/diskPools/start/action", "Microsoft.StoragePool/diskPools/deallocate/action", "Microsoft.StoragePool/diskPools/upgrade/action", "Microsoft.StoragePool/diskPools/iscsiTargets/read", "Microsoft.StoragePool/diskPools/iscsiTargets/write", "Microsoft.StoragePool/diskPools/iscsiTargets/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/read", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/write", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnectionProxies/validate/action", "Microsoft.Compute/diskAccesses/privateEndpointConnections/delete", "Microsoft.Compute/diskAccesses/privateEndpointConnections/read", "Microsoft.Compute/diskAccesses/privateEndpointConnections/write", "Microsoft.Compute/virtualMachineScaleSets/reimageAll/action", "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimageAll/action", "Microsoft.Compute/virtualMachines/capture/action", "Microsoft.Compute/virtualMachines/convertToManagedDisks/action", "Microsoft.Compute/virtualMachines/reimage/action", "Microsoft.Storage/storageAccounts/updateInternalProperties/action", "Microsoft.Storage/storageAccounts/hnsonmigration/action", "Microsoft.Storage/storageAccounts/restoreBlobRanges/action", "Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action", "Microsoft.Storage/storageAccounts/failover/action", "Microsoft.Storage/storageAccounts/listkeys/action", "Microsoft.Storage/storageAccounts/regeneratekey/action", "Microsoft.Storage/storageAccounts/rotateKey/action", "Microsoft.Storage/storageAccounts/revokeUserDelegationKeys/action", "Microsoft.Storage/storageAccounts/delete", "Microsoft.Storage/storageAccounts/read", "Microsoft.Storage/storageAccounts/listAccountSas/action", "Microsoft.Storage/storageAccounts/listServiceSas/action", "Microsoft.Storage/storageAccounts/write", "Microsoft.Storage/storageAccounts/accountMigrations/read", "Microsoft.Storage/storageAccounts/accountMigrations/write", "Microsoft.Storage/storageAccounts/inventoryPolicies/delete", "Microsoft.Storage/storageAccounts/inventoryPolicies/read", "Microsoft.Storage/storageAccounts/inventoryPolicies/write", "Microsoft.Storage/storageAccounts/restorePoints/delete", "Microsoft.Storage/storageAccounts/restorePoints/read", "Microsoft.Storage/storageAccounts/fileServices/shares/action", "Microsoft.Storage/storageAccounts/fileServices/read", "Microsoft.Storage/storageAccounts/fileServices/write", "Microsoft.Storage/storageAccounts/fileServices/shares/delete", "Microsoft.Storage/storageAccounts/fileServices/shares/read", "Microsoft.Storage/storageAccounts/fileServices/shares/lease/action", "Microsoft.Storage/storageAccounts/fileServices/shares/write", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/delete", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/read", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/write", "Microsoft.Storage/storageAccounts/objectReplicationPolicies/restorePointMarkers/write", "Microsoft.Storage/storageAccounts/managementPolicies/delete", "Microsoft.Storage/storageAccounts/managementPolicies/read", "Microsoft.Storage/storageAccounts/managementPolicies/write" ], "NotActions": [], "DataActions": [], "NotDataActions": [] } ] }'
On your cluster, create a secret from your Azure tenant ID, client ID, and client secret, and then set an environment variable for Stork:
kubectl create secret generic -n kube-system px-azure \ --from-literal=AZURE_TENANT_ID=<tenant> \ --from-literal=AZURE_CLIENT_ID=<appId> \ --from-literal=AZURE_CLIENT_SECRET=<password>
Update Stork with the
px-azure
secret:kubectl set env --from=secret/px-azure deploy/stork -n kube-system
Add the cluster to PX-Backup
From the home page, select Add Cluster:
In the Add Cluster page, under Select Kubernetes Platform, select Azure and then enter the cluster details:
- The name of the cluster.
- Retrieve the Kubeconfig from your cluster and paste it in the Kubeconfig text frame, or click Browse to upload it from a file.
Click Add Cluster.
Last edited: Thursday, Aug 25, 2022
Questions? Visit the Portworx forum.