Does disabling CSI drivers impacts connectivity between azure key vault and AKS?

Tanul 1,246 Reputation points
2023-02-02T17:25:23.93+00:00

Team,

We are not using any persistent volume or any kind of storage etc. If we execute the command listed on this link

az aks update -n myAKSCluster -g myResourceGroup --disable-disk-driver --disable-file-driver --disable-blob-driver --disable-snapshot-controller

Does this impact the connectivity of azure key vault and AKS cluster. As per this link, csi drivers are also used here in key vault connectivity.

The csi drivers mentioned on both the links are different or they have some connection between each other. Please suggest?

Kind Regards,

Tanul

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,048 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,784 questions
0 comments No comments
{count} votes

Accepted answer
  1. deherman-MSFT 31,996 Reputation points Microsoft Employee
    2023-02-02T22:42:41.8+00:00

    I understand that you are concerned with disabling the CSI drivers for disks, files, blobs, and snapshots. You want to know if this will impact you if you are using Azure Key Vault Provider for Secrets Store CSI Driver. Please correct me if I am misunderstanding the issue.

    The Azure Key Vault Provider for Secrets Store CSI Driver is a separate CSI driver that allows you to securely store secrets in Azure Key Vault and retrieve them from within your AKS cluster. It is not dependent on the other CSI storage drivers and operates independently of them. You can use the Azure Key Vault Provider for Secrets Store CSI Driver even if the other CSI storage drivers are disabled.

    Hope this helps! Let me know if you still have questions or need further assistance.


    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


1 additional answer

Sort by: Most helpful
  1. Andrew Schull 86 Reputation points Microsoft Employee
    2023-02-02T22:20:17.5666667+00:00

    Hello Tanul,

    Thank you for reaching out and I hope you are doing well.

    From your question it looks like you are seeking to understand if CSI drivers are required when using the secret store CSI drivers.

    The CSI drivers and secret store CSI drivers are separate and have no dependencies. You should be safe to disable the CSI drivers as long as you are not using them for any storage in your cluster. I am including the GitHub links below which go into detail on how each separate driver set is utilized in our platform.

    kubernetes-sigs/azurefile-csi-driver


    Azure/secrets-store-csi-driver-provider-azure

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well. Feel free to reply with any other questions or concerns. Hope this helps!