Fixes to AKS article for incorrect/outdated info; Pv2.

Author: wmgries

articles/storage/files/azure-kubernetes-service-workloads.md

@@ -22,11 +22,13 @@ Azure Kubernetes Service is a managed Kubernetes service for deploying and scali
 
 Azure Files supports `ReadWriteMany` (RWX) access mode required for multi-pod shared storage. Use the following SKU guidance:
 
-| Workload type | Recommended SKU | Expected latency | Max IOPS (per share) |
-|---------------|-----------------|------------------|----------------------|
-| Config files, low I/O | Standard_LRS | 10–15 ms | 1,000 |
-| Logging, moderate I/O | Premium_LRS | 1–2 ms | Up to 100,000 |
-| Media/content, high throughput | Premium_ZRS | 1–2 ms | Up to 100,000 |
+| Workload type | File share type | Storage account kind | Storage account SKU |
+|-|-|-|-|
+| Logging, moderate I/O | SSD provisioned v2 with Local redundancy | `FileStorage` | `PremiumV2_LRS` |
+| Media/content, high throughput | SSD provisioned v2 with Zone redundancy | `FileStorage` | `PremiumV2_ZRS` |
+| Config files, low I/O | SSD provisioned v2, HDD provisioned v2, or HDD pay-as-you-go with Local redundancy | `FileStorage` (provisioned v2) or `StorageV2` (pay-as-you-go) | `PremiumV2_LRS`, `StandardV2_LRS`, `Standard_LRS` |
+
+For complete scalability and performance information, see [Scalability and performance targets for Azure Files](storage-files-scale-targets.md).
 
 Deploy the storage account in the same Azure region as your AKS cluster to minimize network latency.
 
@@ -40,17 +42,19 @@ Azure Files integrates with Kubernetes through the Container Storage Interface (
 
 ### SSD file shares for optimal performance
 
-Azure Files storage tiers:
+Azure Files has two media tiers. For new deployments, SSD provisioned v2 is recommended for most workloads:
+
+- **SSD** (recommended): Suitable for logging, media serving, databases, and latency-sensitive workloads. Available with the provisioned v2 billing model (recommended, `PremiumV2_LRS` / `PremiumV2_ZRS`) or the legacy provisioned v1 billing model (`Premium_LRS` / `Premium_ZRS`). Up to 102,400 IOPS and 10,340 MiB/sec throughput per share.
+- **HDD**: Suitable for config files and infrequent access. Available with the provisioned v2 billing model (`StandardV2_LRS` / `StandardV2_ZRS`) or the pay-as-you-go billing model (`Standard_LRS` / `Standard_ZRS`). Up to 50,000 IOPS and 5,120 MiB/sec throughput per share with provisioned v2. For very small shares, HDD pay-as-you-go (`Standard_LRS` / `Standard_ZRS`) may be more cost-effective because HDD provisioned v2 requires a minimum amount of provisioned IOPS and throughput with no free baseline. For most other HDD workloads, SSD provisioned v2 is actually more cost-effective at small share sizes due to its included baseline IOPS and throughput.
 
-- **Standard (HDD)**: Up to 1,000 IOPS, 60 MiB/s throughput per share. Use for config files, infrequent access.
-- **Premium (SSD)**: Baseline 400 IOPS + 1 IOPS per GiB provisioned, up to 100,000 IOPS. Use for logging, media serving, databases.
+For complete scalability and performance information, see [Scalability and performance targets for Azure Files](storage-files-scale-targets.md).
 
 Deploy file shares in the same region as your AKS cluster. Cross-region mounts add 50–100+ ms latency.
 
 ### Protocol support
 
 - **SMB 3.x**: Linux and Windows nodes. Requires port 445 outbound. Supports storage account key or Microsoft Entra ID authentication.
-- **NFS 4.1**: Linux nodes only. Requires Premium SKU and virtual network-enabled storage account. No authentication; relies on network security.
+- **NFS 4.1**: Linux nodes only. Requires SSD file shares and a virtual network-enabled storage account. No authentication; relies on network security.
 
 ### Security and compliance
 
@@ -91,6 +95,87 @@ Some common use cases for Azure Files with AKS include:
 - **Batch processing and ETL workloads**: Azure Files enables efficient data sharing between batch processing jobs, ETL pipelines, and data processing workflows where multiple pods need access to input data and output results.
 - **Development and testing environments**: Shared storage for development teams to collaborate on code, share test data, and maintain consistent development environments across different pods and nodes.
 
+## Dynamic provisioning: auto-create Azure file shares
+
+Dynamic provisioning automatically creates Azure file shares when you create a persistent volume claim. Verify your environment meets these requirements:
+
+| Requirement | Details |
+|-------------|----------|
+| **AKS version** | 1.21 or later |
+| **CSI driver version** | v1.0.0 or later (preinstalled on AKS 1.21+) |
+| **Supported node pools** | Linux: SMB and NFS protocols; Windows: SMB protocol only |
+| **Role assignments** | AKS cluster identity requires Storage Account Contributor role; for private endpoints, also requires Private DNS Zone Contributor |
+| **SKU options** | SSD provisioned v2 (recommended): `PremiumV2_LRS`, `PremiumV2_ZRS`; SSD provisioned v1: `Premium_LRS`, `Premium_ZRS`; HDD provisioned v2: `StandardV2_LRS`, `StandardV2_ZRS`, `StandardV2_GRS`, `StandardV2_GZRS`; HDD pay-as-you-go: `Standard_LRS`, `Standard_ZRS`, `Standard_GRS`, `Standard_GZRS` |
+| **Region constraints** | NFS protocol requires SSD file shares and a virtual network-enabled storage account; ZRS requires availability zone support |
+
+With dynamic provisioning, storage is automatically created when a persistent volume claim is created. The Azure Files CSI driver supports dynamic provisioning through Kubernetes storage classes.
+
+### Prerequisites for dynamic provisioning
+
+Ensure the following are in place before creating a StorageClass for dynamic provisioning:
+
+- AKS cluster version 1.21 or later
+- Linux node pool (for NFS) or Linux/Windows node pool (for SMB)
+- AKS cluster identity with **Storage Account Contributor** role on the resource group
+- For NFS: SSD file share (such as `PremiumV2_LRS` or `Premium_LRS`) with virtual network service endpoint enabled
+- For private endpoints: **Private DNS Zone Contributor** role on the private DNS zone
+
+### Steps to configure dynamic provisioning
+
+1. **Create the StorageClass** – Define the provisioning parameters (SKU, protocol, mount options).
+2. **Create a PersistentVolumeClaim (PVC)** – Reference the StorageClass; the CSI driver auto-creates the Azure file share.
+3. **Deploy your workload** – Mount the PVC in your pod spec.
+4. **Verify** – Confirm PVC is `Bound` and the mount path is accessible.
+
+### StorageClass parameters for dynamic provisioning
+
+Use these parameters when defining a StorageClass for Azure Files dynamic provisioning:
+
+| Parameter | Value | Description |
+|-----------|-------|-------------|
+| `provisioner` | `file.csi.azure.com` | Azure Files CSI driver identifier |
+| `parameters.skuName` | `PremiumV2_LRS`, `PremiumV2_ZRS`, `Premium_LRS`, `Premium_ZRS`, `StandardV2_LRS`, `StandardV2_ZRS`, `StandardV2_GRS`, `StandardV2_GZRS`, `Standard_LRS`, `Standard_ZRS`, `Standard_GRS`, `Standard_GZRS` | Storage redundancy and tier |
+| `parameters.protocol` | `smb` or `nfs` | NFS requires SSD file shares and Linux nodes |
+| `allowVolumeExpansion` | `true` / `false` | Enable online volume resize |
+| `reclaimPolicy` | `Delete` / `Retain` | Action when PVC is deleted |
+| `volumeBindingMode` | `Immediate` / `WaitForFirstConsumer` | When to provision storage |
+
+This YAML defines a storage class (Kubernetes provisioning template) for dynamic provisioning of SSD provisioned v2 Azure file shares with the SMB protocol. For Linux mount options, see [SMB mount options reference](#smb-mount-options-reference-linux).
+
+```yaml
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: azurefile-csi-premiumv2-custom
+provisioner: file.csi.azure.com
+parameters:
+  skuName: PremiumV2_LRS          # SSD provisioned v2 (recommended). Alternatives: Premium_LRS (SSD v1), StandardV2_LRS (HDD v2), Standard_LRS (HDD pay-as-you-go)
+  protocol: smb
+allowVolumeExpansion: true
+mountOptions:
+  # Canonical permissions: 0755/uid=1000/gid=1000 for least privilege.
+  # Use 0777/uid=0/gid=0 only if app requires root or broad write access.
+  - dir_mode=0755
+  - file_mode=0755
+  - uid=1000
+  - gid=1000
+  - mfsymlinks
+  - cache=strict
+  - actimeo=30
+```
+
+**Verify StorageClass:**
+
+```bash
+# Check StorageClass exists
+kubectl get sc azurefile-csi-premiumv2-custom -o jsonpath="{.provisioner}"
+# Expected: file.csi.azure.com
+
+# Test dynamic provisioning with a PVC (replace with your PVC name)
+kubectl get pvc <YOUR_PVC_NAME, e.g., my-azurefile-pvc> -o jsonpath="{.status.phase}"
+# Expected: Bound (after creating a PVC referencing this StorageClass)
+```
+
 ## Azure Files for shared configuration and secrets
 
 Before deploying shared configuration storage, verify your environment meets these requirements:
@@ -101,7 +186,7 @@ Before deploying shared configuration storage, verify your environment meets the
 | **CSI driver version** | v1.0.0 or later (preinstalled on AKS 1.21+) |
 | **Supported node pools** | Linux and Windows |
 | **Role assignments** | Storage Account Contributor or Storage File Data SMB Share Contributor on the storage account |
-| **SKU options** | Standard_LRS, Standard_ZRS, Premium_LRS, Premium_ZRS |
+| **SKU options** | SSD provisioned v2: `PremiumV2_LRS`, `PremiumV2_ZRS` (recommended); SSD provisioned v1: `Premium_LRS`, `Premium_ZRS`; HDD provisioned v2: `StandardV2_LRS`, `StandardV2_ZRS`; HDD pay-as-you-go: `Standard_LRS`, `Standard_ZRS` |
 | **Region constraints** | ZRS SKUs require regions with availability zone support |
 
 Azure Files is particularly useful for:
@@ -120,7 +205,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: azurefile-csi-premium
+  storageClassName: azurefile-csi-premiumv2-custom
   resources:
     requests:
       storage: 10Gi
@@ -173,7 +258,7 @@ Before deploying centralized logging storage, verify your environment meets thes
 | **CSI driver version** | v1.0.0 or later (preinstalled on AKS 1.21+) |
 | **Supported node pools** | Linux (recommended for DaemonSet log collectors); Windows supported with SMB protocol |
 | **Role assignments** | Storage Account Contributor or Storage File Data SMB Share Contributor on the storage account |
-| **SKU options** | Premium_LRS or Premium_ZRS recommended for high-throughput logging |
+| **SKU options** | `PremiumV2_LRS` or `PremiumV2_ZRS` recommended for high-throughput logging (SSD provisioned v2); `Premium_LRS` or `Premium_ZRS` also supported (SSD provisioned v1) |
 | **Region constraints** | Deploy storage account in the same region as AKS cluster for optimal latency |
 
 Azure Files can serve as a central repository for application logs, enabling log aggregation from multiple pods and providing persistent storage for log analysis tools.
@@ -188,7 +273,7 @@ metadata:
 spec:
   accessModes:
     - ReadWriteMany
-  storageClassName: azurefile-csi-premium
+  storageClassName: azurefile-csi-premiumv2-custom
   resources:
     requests:
       storage: 100Gi
@@ -240,87 +325,6 @@ kubectl exec ds/log-collector -- ls -la /logs
 # Expected: directory listing with log files
 ```
 
-## Dynamic provisioning: auto-create Azure file shares
-
-Dynamic provisioning automatically creates Azure file shares when you create a persistent volume claim. Verify your environment meets these requirements:
-
-| Requirement | Details |
-|-------------|----------|
-| **AKS version** | 1.21 or later |
-| **CSI driver version** | v1.0.0 or later (preinstalled on AKS 1.21+) |
-| **Supported node pools** | Linux: SMB and NFS protocols; Windows: SMB protocol only |
-| **Role assignments** | AKS cluster identity requires Storage Account Contributor role; for private endpoints, also requires Private DNS Zone Contributor |
-| **SKU options** | Standard: Standard_LRS (locally redundant), Standard_GRS (geo-redundant, includes read access as RA-GRS), Standard_ZRS (zone-redundant), Standard_GZRS (geo-zone-redundant, includes read access as RA-GZRS); Premium: Premium_LRS, Premium_ZRS |
-| **Region constraints** | NFS protocol requires premium file shares and a virtual network-enabled storage account; ZRS requires availability zone support |
-
-With dynamic provisioning, storage is automatically created when a persistent volume claim is created. The Azure Files CSI driver supports dynamic provisioning through Kubernetes storage classes.
-
-### Prerequisites for dynamic provisioning
-
-Ensure the following are in place before creating a StorageClass for dynamic provisioning:
-
-- AKS cluster version 1.21 or later
-- Linux node pool (for NFS) or Linux/Windows node pool (for SMB)
-- AKS cluster identity with **Storage Account Contributor** role on the resource group
-- For NFS: Premium SKU storage account with virtual network service endpoint enabled
-- For private endpoints: **Private DNS Zone Contributor** role on the private DNS zone
-
-### Steps to configure dynamic provisioning
-
-1. **Create the StorageClass** – Define the provisioning parameters (SKU, protocol, mount options).
-2. **Create a PersistentVolumeClaim (PVC)** – Reference the StorageClass; the CSI driver auto-creates the Azure file share.
-3. **Deploy your workload** – Mount the PVC in your pod spec.
-4. **Verify** – Confirm PVC is `Bound` and the mount path is accessible.
-
-### StorageClass parameters for dynamic provisioning
-
-Use these parameters when defining a StorageClass for Azure Files dynamic provisioning:
-
-| Parameter | Value | Description |
-|-----------|-------|-------------|
-| `provisioner` | `file.csi.azure.com` | Azure Files CSI driver identifier |
-| `parameters.skuName` | `Premium_LRS`, `Premium_ZRS`, `Standard_LRS`, `Standard_ZRS`, `Standard_GRS`, `Standard_GZRS` | Storage redundancy and tier |
-| `parameters.protocol` | `smb` or `nfs` | NFS requires Premium SKU and Linux nodes |
-| `allowVolumeExpansion` | `true` / `false` | Enable online volume resize |
-| `reclaimPolicy` | `Delete` / `Retain` | Action when PVC is deleted |
-| `volumeBindingMode` | `Immediate` / `WaitForFirstConsumer` | When to provision storage |
-
-This YAML defines a storage class (Kubernetes provisioning template) for dynamic provisioning of SSD (premium) Azure file shares with SMB protocol. For Linux mount options, see [SMB mount options reference](#smb-mount-options-reference-linux).
-
-```yaml
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
-  name: azurefile-csi-premium
-provisioner: file.csi.azure.com
-parameters:
-  skuName: Premium_LRS
-  protocol: smb
-allowVolumeExpansion: true
-mountOptions:
-  # Canonical permissions: 0755/uid=1000/gid=1000 for least privilege.
-  # Use 0777/uid=0/gid=0 only if app requires root or broad write access.
-  - dir_mode=0755
-  - file_mode=0755
-  - uid=1000
-  - gid=1000
-  - mfsymlinks
-  - cache=strict
-  - actimeo=30
-```
-
-**Verify StorageClass:**
-
-```bash
-# Check StorageClass exists
-kubectl get sc azurefile-csi-premium -o jsonpath="{.provisioner}"
-# Expected: file.csi.azure.com
-
-# Test dynamic provisioning with a PVC (replace with your PVC name)
-kubectl get pvc <YOUR_PVC_NAME, e.g., my-azurefile-pvc> -o jsonpath="{.status.phase}"
-# Expected: Bound (after creating a PVC referencing this StorageClass)
-```
-
 ## Static provisioning: use existing Azure file shares
 
 Static provisioning connects to preexisting Azure file shares. Verify your environment meets these requirements:
@@ -344,7 +348,7 @@ Ensure the following are in place before creating a PersistentVolume for static
 - Linux node pool (for NFS) or Linux/Windows node pool (for SMB)
 - Preexisting Azure storage account and file share
 - For SMB: Kubernetes Secret containing `azurestorageaccountname` and `azurestorageaccountkey`
-- For NFS: Storage account with Premium SKU and virtual network service endpoint; no secret required
+- For NFS: Storage account with SSD file shares (such as `PremiumV2_LRS` or `Premium_LRS`) and virtual network service endpoint; no secret required
 - Network connectivity from AKS nodes to the storage account (public endpoint, service endpoint, or private endpoint)
 
 ### Steps to configure static provisioning
@@ -471,17 +475,17 @@ Ensure the following are in place before configuring private endpoints for Azure
 5. **Deploy your workload** – Mount the PVC in your pod spec.
 6. **Verify** – Confirm the PVC binds and that DNS resolves to a private IP (`nslookup <storageaccount>.file.core.windows.net`).
 
-This YAML example demonstrates how to create Azure file storage with private endpoint configuration for enhanced security. For Linux mount options, see [SMB mount options reference](#smb-mount-options-reference-linux).
+This YAML example demonstrates how to create Azure file storage with private endpoint configuration for enhanced security. The CSI driver automatically discovers the virtual network from the AKS cluster configuration, so `vnetResourceGroup`, `vnetName`, and `subnetName` are optional if the virtual network is in the same resource group as the AKS cluster. Specify them explicitly for cross-resource-group or multi-VNet scenarios. For Linux mount options, see [SMB mount options reference](#smb-mount-options-reference-linux).
 
 ```yaml
 apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:
-  name: azurefile-csi-private
+  name: azurefile-csi-private-custom
 provisioner: file.csi.azure.com
 allowVolumeExpansion: true
 parameters:
-  skuName: Premium_LRS
+  skuName: PremiumV2_LRS          # SSD provisioned v2 (recommended). Alternatives: Premium_LRS (SSD v1), StandardV2_LRS (HDD v2)
   networkEndpointType: privateEndpoint
 reclaimPolicy: Delete
 volumeBindingMode: Immediate
@@ -503,7 +507,7 @@ mountOptions:
 
 ```bash
 # Check StorageClass exists with private endpoint
-kubectl get sc azurefile-csi-private -o jsonpath="{.parameters.networkEndpointType}"
+kubectl get sc azurefile-csi-private-custom -o jsonpath="{.parameters.networkEndpointType}"
 # Expected: privateEndpoint
 
 # After creating a PVC, verify private endpoint connectivity
@@ -513,5 +517,6 @@ kubectl get pvc <YOUR_PVC_NAME, e.g., secure-pvc> -o jsonpath="{.status.phase}"
 
 ## See also
 
+- [Scalability and performance targets for Azure Files](storage-files-scale-targets.md)
 - [Use Azure Files CSI driver in AKS](/azure/aks/azure-files-csi)
 - [Create and use a volume with Azure Files in AKS](/azure/aks/azure-csi-files-storage-provision)