Symantec Protection Engine Connector for Azure: Configuring Persistent Volume & Permissions
search cancel

Symantec Protection Engine Connector for Azure: Configuring Persistent Volume & Permissions

book

Article ID: 273093

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

You would like to configure a new release of Symantec Protection Engine (SPE) Connector for Azure, and want to know how to set Persistent Volume and Permissions.

Environment

SPE 9.1

Resolution

Setting up Azure File Share as Persistent Volume with the help of script
 
Use azure-file-share-script.ps1 script to create Azure File Share for PV 
 
1. Add Microsoft.Storage as an service endpoint inside the SPE Azure Kubernetes Cluster Subnet
Important point about configuring PV with Kubernetes Cluster. After creating a cluster, add Microsoft.Storage as a service point to Subnet. Image below for reference:
 

2. Download attached script  azure-file-share-script.ps1
3. Open Azure PowerShell
4. Open script and set below variables
 
#Kubernetes namespace. Please provide the same namespace as given in values.yaml file.
$namespace=""
 
#subscription id
$subscriptionID=""
$location="East US"
 
#pv resource group name
$resourceGroupName=""
 
#pv storage account name
$storageAccountName=""
 
#pv file share name
$fileshareName=""
 
#resource group name details for the Vnet used for Azure Connector Cluster e.g. MC_xxxxx_eastus i.e. MC_CustomerDemoCluster_SPEAzureDemoCluster_eastus
$vnetResourceGroupName=""
$vnetName=""
$subnetName=""
 
#Existing Kubernetes Variables
#cluster name and resource group information for spe-azure-connector
$SPE_K8S_CLUSTER_NAME=""
$SPE_K8S_CLUSTER_RES_GROUP=""
 
5. Save changes to script and execute script with azure cli
./azure-file-share-script.ps1
 
Setting up permissions and creating workload-identity with the help of script

Use spe-azure-identity-and-permission-setup.ps1 script to set permissions and enable workload identity for Kubernetes service account.

1. Download attached script  spe-azure-identity-and-permission-setup.ps1
2. Open Azure PowerShell
3. Set the value for azureconfig.json and assets.csv and place inside the script folder
4. Open script and set below variables

#working subscription, give subscribtion guid here like "8d75eda2-b5fc-4731-946e-ae355e1dXXXX"
$SUBSCRIPTION_ID=""
 
#managed identity that need to be created, give manage identity name here like : "spe-managed-identity"
$USER_ASSIGNED_MANAGED_IDENTITY_NAME=""
#existing resource group name where <spe-managed-identity> will be created
$IDENTITY_RESOURCE_GROUP=""
#region for <spe-managed-identity>, like:eastus
$IDENTITY_LOCATION=""
 
#Existing Kubernetes Variables
#cluster name and resource group information for spe-azure-connector
$SPE_K8S_CLUSTER_NAME=""
$SPE_K8S_CLUSTER_RES_GROUP=""
 
#service account namespace and name to be created inside spe-azure-connector cluster
$SERVICE_ACCOUNT_NAMESPACE=""
$SERVICE_ACCOUNT_NAME=""
#federated identity name to be created
$FEDERARATED_IDENTITY_NAME="kub-fed-identity"
 
#existing azure config file as an input, for providing permission on the resources.
$CONFIG_FILE = "azureconfig.json"
#existing asset.csv file, for providing permission on the assets
$ASSETS_FILE = "assets.csv"

5. Save changes to script and execute script with azure cli
./spe-azure-identity-and-permission-setup.ps1
 
NOTE: Do configure azureconfig.json and assets.csv before executing permission script

Attachments

1694070992555__Azure Connector Script.zip get_app
Powered by Wolken Software