This chapter covers Azure Container Storage, a critical topic for the AZ-305 exam that focuses on designing storage solutions for containerized workloads, particularly Azure Kubernetes Service (AKS). Understanding how to choose and configure storage for containers is essential for the 'Design storage solutions' objective (2.1), which accounts for approximately 15-20% of the exam. We will explore the different storage options available for containers in Azure, their performance characteristics, access modes, and when to use each one, with a focus on real-world design decisions that solutions architects must make.
Jump to a section
Imagine a large food hall with many food stalls (containers). Each stall needs access to ingredients (data) to prepare meals. Some ingredients are common to all stalls, like salt and pepper (shared configuration files), while others are unique to each stall, like a secret sauce recipe (container-specific data). The food hall provides a central pantry (Azure Disk) that can be assigned exclusively to one stall, with high-speed access but only that stall can use it. For ingredients that multiple stalls need simultaneously, like flour and sugar, the food hall uses a shared walk-in cooler (Azure Files) that any stall can access via a standard door (SMB/NFS). For bulk storage of dry goods that need to be accessed from anywhere, even outside the food hall, they use a warehouse (Azure Blob) with a loading dock (HTTP/HTTPS). However, when a stall is moved to a different location in the hall (container rescheduled to another node), the exclusive pantry must be physically moved with it (persistent volume with ReadWriteOnce access mode). If the stall is temporary and only needs a scratchpad for prep work, it can use a simple countertop (emptyDir) that is wiped clean when the stall closes. The food hall manager (Kubernetes) must carefully assign storage to each stall, ensuring that the right type of storage is used for the right purpose, and that access permissions are correctly set so that no stall accidentally uses another's secret sauce.
What is Azure Container Storage and Why Does It Exist?
Azure Container Storage refers to the suite of storage options available for containerized applications running on Azure, primarily within Azure Kubernetes Service (AKS). Containers are ephemeral by design—they can be created, destroyed, and rescheduled across nodes at any time. This poses a challenge for stateful applications that need to persist data beyond the lifecycle of a single container. Container storage solutions provide persistent volumes that survive container restarts and rescheduling, enabling stateful workloads like databases, message queues, and file servers to run in containers.
The AZ-305 exam expects you to understand three main types of storage for containers: block storage (Azure Disk), file storage (Azure Files), and object storage (Azure Blob). Each has distinct characteristics in terms of performance, access modes, and use cases. Additionally, you must understand Kubernetes volume abstractions like PersistentVolume (PV), PersistentVolumeClaim (PVC), and StorageClass, as well as the concept of CSI (Container Storage Interface) drivers that enable integration with Azure storage services.
How Container Storage Works Internally
In Kubernetes, storage is abstracted through a series of layers. A developer creates a PersistentVolumeClaim (PVC) that specifies storage requirements (size, access mode, performance tier). The Kubernetes control plane then binds this PVC to a PersistentVolume (PV), which is a storage resource provisioned by an administrator or dynamically provisioned by a StorageClass. The StorageClass defines the type of storage (e.g., Azure Disk with Premium SSD), the provisioner (e.g., disk.csi.azure.com), and any parameters like caching or mount options.
When a pod is scheduled on a node, the kubelet on that node uses the CSI driver to attach the storage device. For Azure Disk, this involves calling the Azure API to attach a managed disk as a block device to the node's VM. The CSI driver then formats and mounts the filesystem inside the pod's container. For Azure Files, the CSI driver mounts an SMB or NFS share over the network. For Azure Blob, the CSI driver mounts a blob container using BlobFuse or NFS 3.0.
The key internal detail is the access mode: - ReadWriteOnce (RWO): The volume can be mounted as read-write by a single node. Used for Azure Disk, which is a block device that can only be attached to one VM at a time. - ReadWriteMany (RWX): The volume can be mounted as read-write by many nodes simultaneously. Used for Azure Files (SMB/NFS) and Azure Blob (NFS). - ReadOnlyMany (ROX): The volume can be mounted as read-only by many nodes.
When a pod is rescheduled to a different node, a PVC with RWO requires the disk to be detached from the old node and attached to the new node. This process is handled automatically by the CSI driver but introduces a latency of several seconds to minutes depending on disk size and region. For RWX volumes, the share remains available and the new node simply mounts it.
Key Components, Values, and Defaults
Azure Disk:
- Performance tiers: Standard HDD, Standard SSD, Premium SSD, Ultra Disk. Default for AKS is Premium SSD with a size-dependent IOPS/throughput.
- Max size: 32,767 GiB for managed disks.
- Max IOPS: Up to 160,000 for Ultra Disk.
- Access mode: Only RWO (single node).
- PersistentVolumeReclaimPolicy: Default is Delete for dynamic provisioning; can be Retain.
- StorageClass parameters: cachingmode (None, ReadOnly, ReadWrite), maxShares (for shared disk, but not commonly used).
Azure Files:
- Performance tiers: Standard (transaction optimized, hot, cool) and Premium (based on provisioned size).
- Max share size: 100 TiB for standard, 100 TiB for premium.
- Protocols: SMB 3.0 (with encryption) and NFS 4.1 (premium only).
- Access mode: RWX (multiple nodes).
- Default StorageClass: azurefile-csi with protocol: smb.
- Limitations: NFS support is only available on premium file shares; SMB requires port 445 to be open.
Azure Blob:
- Performance tiers: Hot, Cool, Archive.
- Access modes: RWX via NFS 3.0 (premium block blobs only) or via BlobFuse (virtual filesystem).
- Default StorageClass: azureblob-nfs-premium for NFS.
- Limitations: NFS access requires a premium block blob storage account with hierarchical namespace enabled.
Kubernetes Defaults:
- Default StorageClass in AKS: managed-csi (Azure Disk Premium SSD) for Windows and Linux.
- Volume expansion: Supported for Azure Disk and Azure Files (increase size only).
- Snapshot and restore: Supported via VolumeSnapshot CRDs for Azure Disk and Azure Files.
Configuration and Verification Commands
To create a StorageClass for Azure Disk with Ultra Disk:
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: ultra-disk
provisioner: disk.csi.azure.com
parameters:
skuname: UltraSSD_LRS
cachingmode: None
diskIOPSReadWrite: "2000"
diskMBpsReadWrite: "100"
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
allowVolumeExpansion: trueTo create a PVC using this StorageClass:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ultra-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: ultra-disk
resources:
requests:
storage: 100GiTo verify the binding:
kubectl get pvc
kubectl get pv
kubectl describe pvc ultra-pvcTo check the mounted volume inside a pod:
kubectl exec <pod-name> -- df -h
kubectl exec <pod-name> -- mount | grep /mntInteraction with Related Technologies
Container storage interacts with:
- Azure NetApp Files: Provides high-performance NFS volumes with RWX access, suitable for HPC and enterprise workloads. It uses its own CSI driver netapp.csi.azure.com.
- Azure Container Instances (ACI): Supports Azure Files mounts via volume mounts, but not Azure Disk.
- Azure Red Hat OpenShift: Similar storage options via CSI.
- Azure Policy: Can enforce allowed StorageClasses or storage configurations via Azure Policy for AKS.
- Azure Backup: Supports backup of AKS workloads with persistent volumes using Azure Backup for AKS.
The exam often tests the trade-offs between these options. For example, Azure Disk offers the lowest latency for a single pod, but cannot be shared. Azure Files can be shared but has higher latency. Azure Blob is best for large-scale read-heavy workloads like data lakes.
Performance Considerations
Azure Disk: IOPS and throughput scale with disk size. Premium SSD: 120 IOPS/GB up to 20,000 IOPS. Ultra Disk: configurable IOPS and throughput independent of size.
Azure Files: Premium shares provide consistent IOPS (100 IOPS/GB up to 100,000 IOPS). Standard shares are burstable.
Azure Blob: NFS performance depends on blob type; premium block blobs offer low latency.
For stateful sets (e.g., Cassandra, Kafka), use Azure Disk with RWO and multiple replicas, each with its own PVC. For shared configuration, use Azure Files or Azure Blob with RWX.
High Availability and Disaster Recovery
Azure Disk: Use LRS or ZRS (preview) for replication. For DR, use Azure Backup or snapshot and restore across regions.
Azure Files: LRS, ZRS, GRS, or GZRS. Premium shares only support LRS and ZRS.
Azure Blob: LRS, ZRS, GRS, RA-GRS, GZRS, RA-GZRS.
For cross-region failover, Azure Files with GRS is a common choice, but note that failover is manual and may take hours.
Define Storage Requirements
Identify the workload's storage needs: access mode (RWO or RWX), performance (IOPS/throughput), capacity, and durability. For example, a database requires high IOPS (Premium SSD or Ultra Disk) and RWO, while a shared file server needs RWX and moderate performance (Premium Files). Also consider if the data is ephemeral or persistent. This step determines which Azure storage service to use. The AZ-305 exam emphasizes matching storage to workload characteristics.
Choose Storage Service
Based on requirements, select Azure Disk, Azure Files, or Azure Blob. For block storage with single-node access, choose Azure Disk. For file sharing across multiple nodes, choose Azure Files. For object storage with high scalability and HTTP access, choose Azure Blob. Also consider Azure NetApp Files for enterprise NFS workloads. Each service has different performance tiers and replication options. This decision is critical for cost and performance optimization.
Create StorageClass and PVC
Define a StorageClass with the appropriate provisioner (e.g., `disk.csi.azure.com` for Azure Disk) and parameters (SKU, caching). Then create a PVC specifying access mode, storage size, and StorageClass. Kubernetes will dynamically provision a PV if the StorageClass supports dynamic provisioning. For static provisioning, create a PV manually referencing an existing Azure disk or file share. The PVC must be in the same namespace as the pod.
Mount Volume in Pod
In the pod spec, add a volume entry referencing the PVC name, and a volumeMount inside the container specifying the mount path. When the pod is scheduled, the CSI driver attaches the storage to the node, formats it if needed, and mounts it into the container's filesystem. For Azure Disk, this involves attaching a managed disk to the VM. For Azure Files, it mounts an SMB/NFS share. The pod can then read/write data.
Manage Lifecycle and Scaling
When a pod is deleted, the PVC and PV may persist depending on the reclaim policy. For stateful sets, each replica gets its own PVC. To scale, ensure sufficient PVs are available. For volume expansion, edit the PVC to request more storage; the CSI driver will resize the underlying disk or share. For snapshots, create a VolumeSnapshotClass and VolumeSnapshot to capture point-in-time copies. This step is essential for data protection and scaling.
Enterprise Scenario 1: E-commerce Platform with Stateful Microservices
A large e-commerce company runs its product catalog, shopping cart, and order processing on AKS. The product catalog is read-heavy and uses a shared Azure Files share (Premium SSD) mounted as RWX for product images and descriptions, allowing multiple front-end pods to serve the same content. The shopping cart service uses Azure Disk (Premium SSD) with RWO for each user session, ensuring low-latency writes. The order processing service uses Azure Blob (NFS) for storing large order logs. The challenge is managing IOPS at peak traffic (Black Friday). They over-provision Premium Disk size to meet IOPS requirements and use Azure Files with provisioned IOPS. Misconfiguration occurred when they initially used Standard HDD for the catalog, causing timeouts under load. They also learned that Azure Disk's RWO prevents multiple replicas from writing simultaneously, so they had to implement a leader-election pattern for the cart service.
Enterprise Scenario 2: Financial Services with Compliance Requirements
A bank runs its transaction processing on AKS, requiring high durability and cross-region DR. They use Azure Disk with ZRS for RWO volumes for each transaction pod. For shared configuration files that need to be accessed by all pods, they use Azure Files with GRS (geo-redundant storage) to ensure data survives a regional outage. However, they discovered that Azure Files GRS failover is manual and can take up to 24 hours, which is unacceptable. They implemented a DR strategy using Azure Backup for AKS to take snapshots of persistent volumes and replicate them to a secondary region. They also use Azure Policy to enforce that only Premium SSD and Premium Files are used, and that encryption at rest is enabled. A common mistake was assuming that Azure Disk ZRS provides automatic failover; it does not—it only protects against zonal failures within a region.
Enterprise Scenario 3: Media Streaming Platform with Large Files
A media company stores video files on Azure Blob (hot tier) and uses AKS to transcode them. They mount Blob containers via NFS 3.0 (premium block blobs) to allow multiple transcoding pods to read the same file simultaneously. They chose NFS over BlobFuse because of better performance for large sequential reads. However, they hit the limit of 100 MB/s per blob for NFS, so they had to stripe files across multiple blobs. They also use Azure Disk for temporary scratch space during transcoding (emptyDir with medium=Memory for speed). A misconfiguration occurred when they used standard Blob storage (not premium block blobs) for NFS, which is not supported. They also learned that NFS access requires the storage account to have hierarchical namespace enabled, which cannot be changed after creation.
What AZ-305 Tests on Container Storage
The AZ-305 exam (Objective 2.1) tests your ability to recommend a container storage solution based on workload requirements. Specific areas include:
- Access modes: Understand RWO vs RWX and which Azure storage service supports each.
- Performance tiers: Know the IOPS/throughput characteristics of Standard HDD, Standard SSD, Premium SSD, Ultra Disk, and Premium Files.
- CSI drivers: Recognize that Azure Disk, Azure Files, and Azure Blob each have their own CSI driver.
- StorageClass parameters: Be familiar with common parameters like skuname, cachingmode, and protocol.
- Use cases: Map workloads to storage: database (Azure Disk), shared files (Azure Files), large-scale unstructured data (Azure Blob).
Common Wrong Answers and Why Candidates Choose Them
Choosing Azure Files for a database workload: Candidates think 'shared storage is good for high availability' but databases require low latency and RWO. Azure Files has higher latency and RWX can cause corruption if multiple pods write simultaneously. The correct answer is Azure Disk with Premium SSD or Ultra Disk.
Selecting Azure Disk with RWX: Azure Disk only supports RWO. The exam may present a scenario requiring shared access; candidates might incorrectly choose Azure Disk because it's faster. The correct answer is Azure Files or Azure Blob.
Assuming all Azure storage supports NFS: Only Azure Files (premium) and Azure Blob (premium block blobs with hierarchical namespace) support NFS. Azure Disk does not natively support NFS; it uses block device attachment.
Ignoring replication options: Candidates may choose LRS for critical data because it's cheapest. The exam expects you to choose ZRS or GRS for high availability across zones or regions.
Specific Numbers and Terms that Appear on the Exam
Max IOPS for Premium SSD: 20,000 IOPS (for P30 disk).
Max IOPS for Ultra Disk: 160,000 IOPS.
Azure Files premium share max IOPS: 100,000 IOPS (for 100 TiB share).
Access mode acronyms: RWO, RWX, ROX.
CSI driver names: disk.csi.azure.com, file.csi.azure.com, blob.csi.azure.com.
StorageClass default: managed-csi.
Edge Cases and Exceptions
Windows containers: Support Azure Disk and Azure Files but not Azure Blob NFS mount (only BlobFuse).
Ephemeral OS disks: Use local VM storage for faster performance but data is lost on VM deallocation.
Volume expansion: Only supported for Azure Disk and Azure Files; not for Azure Blob.
Snapshot: Supported for Azure Disk and Azure Files; for Azure Blob, use blob snapshots.
How to Eliminate Wrong Answers
If the scenario mentions 'shared access across multiple pods,' eliminate Azure Disk immediately. If 'low latency' is required, eliminate Azure Files (unless Premium Files with low latency is specified). If 'object storage' or 'HTTP access' is mentioned, choose Azure Blob. Always check the access mode: RWO for single node, RWX for multiple nodes. Also consider cost: for archival, use Azure Blob Cool or Archive tier.
Azure Disk supports only ReadWriteOnce (RWO); Azure Files and Blob support ReadWriteMany (RWX).
Azure Disk Premium SSD provides up to 20,000 IOPS; Ultra Disk up to 160,000 IOPS.
Azure Files Premium supports NFS 4.1; Standard only SMB 3.0.
Azure Blob NFS requires premium block blobs with hierarchical namespace enabled.
Default StorageClass in AKS is 'managed-csi' for Azure Disk Premium SSD.
PersistentVolumeClaim (PVC) must match the access mode and storage class of the PersistentVolume (PV).
Volume expansion is supported for Azure Disk and Azure Files (increase only).
For cross-region DR, use Azure Files GRS or Azure Backup for AKS with disk snapshots.
These come up on the exam all the time. Here's how to tell them apart.
Azure Disk
Block storage, attached as a block device
Supports only ReadWriteOnce (RWO)
Higher IOPS and lower latency (Premium SSD/Ultra Disk)
Cannot be shared across multiple pods on different nodes
Best for stateful applications like databases
Azure Files
File storage, accessed via SMB or NFS
Supports ReadWriteMany (RWX)
Lower IOPS and higher latency compared to Premium Disk
Can be shared across multiple pods and nodes
Best for shared configuration, logs, or file sharing
Mistake
Azure Disk can be mounted as ReadWriteMany on multiple nodes.
Correct
Azure Disk only supports ReadWriteOnce (RWO) because it is a block device that can only be attached to one VM at a time. For multi-node access, use Azure Files or Azure Blob.
Mistake
Azure Files NFS is supported on all performance tiers.
Correct
NFS 4.1 is only supported on Premium Azure Files shares. Standard Azure Files only supports SMB 3.0.
Mistake
Azure Blob can be mounted in a container using the same CSI driver as Azure Disk.
Correct
Azure Blob uses its own CSI driver `blob.csi.azure.com`, not `disk.csi.azure.com`. The mounting mechanism is different (NFS or BlobFuse vs block device).
Mistake
Persistent volumes in AKS are automatically backed up by default.
Correct
There is no automatic backup of persistent volumes. You must configure backup using Azure Backup for AKS or manual snapshots.
Mistake
Azure Disk supports volume expansion downwards.
Correct
Volume expansion for Azure Disk is only supported to increase size, not decrease. You must create a new smaller disk and migrate data.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Azure Disk is block storage that provides low latency and high IOPS, but it can only be mounted by a single pod on a single node (ReadWriteOnce). Azure Files is file storage accessed via SMB or NFS that can be mounted by multiple pods across multiple nodes (ReadWriteMany). Use Azure Disk for stateful workloads like databases that require high performance and exclusive access. Use Azure Files for shared configuration files, logs, or content that needs to be accessed by multiple pods simultaneously.
No, Azure Disk does not natively support NFS. It is attached as a block device (e.g., /dev/sdc) and formatted with a filesystem like ext4 or xfs. To use NFS, you would need to run an NFS server inside a pod that exports the Azure Disk volume, but this is not a recommended practice due to complexity and performance overhead. Instead, use Azure Files (Premium tier supports NFS 4.1) or Azure Blob (premium block blobs with NFS 3.0).
The maximum size of an Azure Managed Disk is 32,767 GiB (32 TiB) for all tiers (Standard HDD, Standard SSD, Premium SSD, Ultra Disk). However, AKS has a default limit on the total number of disks per node, which depends on the VM size. For example, a Standard_DS2_v2 VM supports up to 4 data disks. Always check the VM's maximum data disk count when planning storage.
Choose Azure Files if you need a traditional file share accessed via SMB or NFS, with a hierarchical directory structure. It is ideal for shared configuration files, logs, or any application that expects a POSIX-like filesystem. Choose Azure Blob if you need object storage with massive scalability, HTTP/HTTPS access, and lower cost for large volumes of unstructured data (e.g., images, videos, backups). Azure Blob can be mounted via NFS 3.0 (premium) or BlobFuse, but it does not support all filesystem operations (e.g., rename).
If the volume uses ReadWriteOnce (RWO), the CSI driver detaches the disk from the old node and attaches it to the new node. This process can take several seconds to minutes. During this time, the pod may be in a 'ContainerCreating' state. For ReadWriteMany (RWX) volumes, the share remains accessible and the new node simply mounts it, resulting in faster rescheduling.
Yes, if the pods are scheduled on the same node, multiple pods can mount the same Azure Disk volume using the same PVC. However, the access mode is still RWO, meaning only one node can have the disk attached. If pods are on different nodes, they cannot share the same disk. For multi-node access, use Azure Files or Azure Blob.
The default reclaim policy for dynamically provisioned PVs in AKS is 'Delete'. When the PVC is deleted, the PV and the underlying Azure storage resource (disk or file share) are also deleted. To retain the data, you can change the reclaim policy to 'Retain' in the StorageClass definition or manually change it on the PV after creation.
You've just covered Azure Container Storage — now see how well it sticks with free AZ-305 practice questions. Full explanations included, no account needed.
Done with this chapter?