I face the following situation:
I would like to access a storage account using Persistent Volume (PV) and Persistent Volume Claim (PVC) but without an access to the storage account’s access key. Hence, I would like to create the PV and PVC using my managed identity.
I have already created my user-assigned managed identity and added that to my Azure Kubernetes Services (AKS) cluster following this documentation:
https://learn.microsoft.com/en-us/azure/aks/use-managed-identity#enable-a-user-assigned-managed-identity
How should I create the PV and PVC in order to use that managed identity?
I do not find any documentation about that.
Thanks a lot!
As you have mentioned you have already enabled managed identity, get the client ID from there and update it in your pv
apiVersion: v1
kind: PersistentVolume
metadata:
name: azurefile-pv
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
csi:
driver: file.csi.azure.com
readOnly: false
volumeHandle: arkostorageaccount1#arkofilefileshare
volumeAttributes:
resourceGroup: arkorg
storageAccount: arkostorageaccount1
shareName: arkofilefileshare
useAAD: "true"
azureStorageIdentityClientID: dabcd-ab67-43e2-1234-7a35eb645f4b # Use your managed identity Client ID here
Assign the necessary role so it can access the Azure Storage Account.
Apply the updated PV and the PVC
pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: azurefile-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
volumeName: azurefile-pv
References:
- Use a managed identity in Azure Kubernetes Service (AKS)
- Create and use a volume with Azure Disks in Azure Kubernetes Service (AKS)