Eric Leonard

Cloud Solution Architect focusing on cloud techhnologies. I love to learn and share my knowledge with others. Views are my own.

When working with containerized applications in Azure Kubernetes Service (AKS), you’ll often need to transfer data from your pods to Azure Blob Storage for backup, archival, or processing purposes. The best approach depends on your access level, available tools, and security requirements.

Here are four proven methods to accomplish this task, each with their own advantages and use cases.

Method 1: Azure CLI Inside the Pod ✅

If your pod has the Azure CLI installed and properly authenticated (via managed identity or service principal), this is often the most straightforward approach.

az storage blob upload \
  --account-name <storage_account_name> \
  --container-name <container_name> \
  --name <blob_name> \
  --file <local_file_path> \
  --auth-mode login

Alternative authentication options:

  • Use --auth-mode key with a storage account key
  • Use --sas-token if you have a shared access signature

This method is ideal when you need simple, command-line based transfers and your pod already has Azure CLI capabilities.

Method 2: Python with Azure Storage SDK ✅

For applications that require programmatic control or custom logic, the Azure Storage SDK for Python provides excellent flexibility.

from azure.storage.blob import BlobServiceClient

# Initialize the client
blob_service_client = BlobServiceClient.from_connection_string("<your_connection_string>")

# Get blob client
blob_client = blob_service_client.get_blob_client(
    container="<container_name>", 
    blob="<blob_name>"
)

# Upload the file
with open("<local_file_path>", "rb") as data:
    blob_client.upload_blob(data)

This approach is perfect for:

  • Custom applications with specific upload logic
  • Batch processing scenarios
  • Applications that need error handling and retry mechanisms

Method 3: Mount Blob Storage with CSI Driver ✅

The most seamless approach is to mount Azure Blob Storage directly into your pod using the Azure CSI Storage Driver.

Setup steps:

  1. Install the CSI driver in your AKS cluster
  2. Create PersistentVolume and PersistentVolumeClaim
  3. Mount the volume in your pod specification

Once configured, your pod can write directly to Blob Storage as if it were a local filesystem. This eliminates the need for explicit upload commands and provides the most native experience.

Benefits:

  • Transparent file operations
  • No code changes required
  • Automatic synchronization

Method 4: External Copy with kubectl ✅

When your pod lacks the necessary tools or you need to transfer data from a minimal container, you can extract files first and upload them externally.

# Copy file from pod to local machine
kubectl cp <namespace>/<pod_name>:<path_in_pod> ./localfile

# Upload from local machine to Blob Storage
az storage blob upload \
  --account-name <storage_account> \
  --container-name <container> \
  --name <blob_name> \
  --file ./localfile

This method works well for:

  • One-time data extractions
  • Debugging scenarios
  • Minimal container images without Azure tools

Authentication Best Practices 🔐

Choosing the right authentication method is crucial for security and maintainability:

  • Best for: AKS workloads with Azure AD Pod Identity
  • Advantages: No credential management, automatic token refresh
  • Use case: Production environments

Service Principal

  • Best for: Automation and CI/CD pipelines
  • Considerations: Requires credential rotation
  • Use case: Automated deployments

SAS Tokens

  • Best for: Temporary or limited access scenarios
  • Advantages: Fine-grained permissions, time-limited
  • Use case: Third-party integrations or temporary access

Choosing the Right Method

Method Best For Complexity Security
Azure CLI Simple transfers Low Good
Python SDK Custom applications Medium Excellent
CSI Driver Transparent access High (setup) Excellent
kubectl cp Debugging/one-off Low Variable

Conclusion

Each method serves different use cases, and you might even use multiple approaches within the same application. The CSI driver provides the most seamless experience for production workloads, while the Azure CLI offers simplicity for straightforward transfers. Python SDK gives you the most control for custom applications, and kubectl cp serves as a reliable fallback for troubleshooting scenarios.

Consider your security requirements, operational complexity, and team expertise when choosing the best approach for your specific use case.

You May Also Enjoy