After your bootstrap is running and your cluster is created, you will need to install the Azure Disk CSI Driver on your pre-provisioned Azure Kubernetes cluster. The DKP pre-provisioned provider installs by default the storage-local-static-provisioner CSI driver, which is not suitable for production environments. For this reason, it needs to be replaced by the Azure Disk CSI Driver.


Before you begin using DKP you must have:

  • An x86_64-based Linux or macOS machine.

  • Download the dkp binary for Linux, or macOS. To check which version of DKP you installed for compatibility reasons, run the dkp version -h command (dkp version).

  • Docker version 18.09.2 or later installed.

  • kubectl for interacting with the running cluster.

  • Azure CLI.

  • A valid Azure account with credentials configured.

  • Create a custom Azure image using KIB.

On macOS, Docker runs in a virtual machine. Configure this virtual machine with at least 8GB of memory.

Set Environment Variables with Credentials:

An Azure Service Principal is needed for deploying resources. To configure your Azure environment, follow below:

  1. Log in to Azure:

    az login

        "cloudName": "AzureCloud",
        "homeTenantId": "a1234567-b132-1234-1a11-1234a5678b90",
        "id": "b1234567-abcd-11a1-a0a0-1234a5678b90",
        "isDefault": true,
        "managedByTenants": [],
        "name": "Mesosphere Developer Subscription",
        "state": "Enabled",
        "tenantId": "a1234567-b132-1234-1a11-1234a5678b90",
        "user": {
          "name": "",
          "type": "user"
  2. Create an Azure Service Principal (SP) by running the following command:
    Note: If an SP with the name exists, this command will rotate the password.

    az ad sp create-for-rbac --role contributor --name "$(whoami)-konvoy" --scopes=/subscriptions/$(az account show --query id -o tsv)

      "appId": "7654321a-1a23-567b-b789-0987b6543a21",
      "displayName": "azure-cli-2021-03-09-23-17-06",
      "password": "Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C",
      "tenant": "a1234567-b132-1234-1a11-1234a5678b90"
  3. Set the required environment variables using that output:

    export AZURE_SUBSCRIPTION_ID="<id>"       # b1234567-abcd-11a1-a0a0-1234a5678b90
    export AZURE_TENANT_ID="<tenant>"         # a1234567-b132-1234-1a11-1234a5678b90
    export AZURE_CLIENT_ID="<appId>"          # 7654321a-1a23-567b-b789-0987b6543a21
    export AZURE_CLIENT_SECRET="<password>"   # Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C
    export AZURE_RESOURCE_GROUP="<resource group name>" # set to the name of the resorce group
    export AZURE_LOCATION="westus"            # set to the location you are using
  4. Set your KUBECONFIG environment variable:

    export kubeconfig=${CLUSTER_NAME}.conf
  5. Create the Secret with the Azure credentials, this will be used by the Azure CSI driver:

    1. Create an azure.json file:

      cat <<EOF > azure.json
        "cloud": "AzurePublicCloud",
        "tenantId": "$AZURE_TENANT_ID",
        "subscriptionId": "$AZURE_SUBSCRIPTION_ID",
        "aadClientId": "$AZURE_CLIENT_ID",
        "aadClientSecret": "$AZURE_CLIENT_SECRET",
        "resourceGroup": "$AZURE_RESOURCE_GROUP",
        "location": "$AZURE_LOCATION"
    2. Create the Secret:

      kubectl create secret generic azure-cloud-provider --namespace=kube-system --type=Opaque --from-file=cloud-config=azure.json
  6. Install the Azure Disk CSI driver:

    $ curl -skSL | bash -s v1.26.2 snapshot –
  7. Check the status to see if the driver is ready for use:

    kubectl -n kube-system get pod -o wide --watch -l app=csi-azuredisk-controller
    kubectl -n kube-system get pod -o wide --watch -l app=csi-azuredisk-node
  8. Now Kubernetes knows that this is Azure disk, and will create clusters on Azure. You are ready to create the StorageClass for the Azure Disk CSI Driver:

    kubectl create -f
  9. Change the default storage class to this new StorageClass so that every new disk will be created in the Azure environment:

    kubectl patch sc/localvolumeprovisioner -p '{"metadata": {"annotations":{"":"false"}}}'
    kubectl patch sc/managed-csi -p '{"metadata": {"annotations":{"":"true"}}}'
  10. Verify that the StorageClass chosen is currently the default:

    kubectl get storageclass

For more information about Azure Disk CSI for persistent storage and changing the default StorageClass, refer to that page in the documentation: Default Storage Providers in DKP

Next Step:

Pre-provisioned Modify the Calico Installation