You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The documentation for attaching and provisioning blob storage in AKS does not give enough information regarding authentication, specifically with MSI auth. It's not clear from the documentation how a user assigned identity is attached to the AKS cluster so it can be used by the CSI driver to access a storage account. I'm not sure if the identity has to be at the VMSS level, kubelet level, or workload identity level.
Please consider adding a section that shows how auth works and how to set up managed identities to be used by the CSI driver, as well as what role-assignments are needed to access the blob storage.
Type of issue
Missing information
Feedback
The documentation for attaching and provisioning blob storage in AKS does not give enough information regarding authentication, specifically with MSI auth. It's not clear from the documentation how a user assigned identity is attached to the AKS cluster so it can be used by the CSI driver to access a storage account. I'm not sure if the identity has to be at the VMSS level, kubelet level, or workload identity level.
Please consider adding a section that shows how auth works and how to set up managed identities to be used by the CSI driver, as well as what role-assignments are needed to access the blob storage.
Page URL
https://learn.microsoft.com/en-us/azure/aks/azure-csi-blob-storage-provision?tabs=mount-nfs%2Csecret
Content source URL
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/aks/azure-csi-blob-storage-provision.md
Author
@tamram
Document Id
68bfe77f-cd0a-2d6e-f014-121e6a0d202e
The text was updated successfully, but these errors were encountered: