Share via

Persistent Volume using Azure Files with Service Principal

AIM Technical 1 Reputation point
2021-04-26T03:41:46.037+00:00

Dear all,

I would like to ask a question on the Azure Persistent volume setup, does Azure PV file share only support a plain text secretName?
Is it possible to use a service principal to setup the PV which maps to the azure file share?

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,420 questions
Azure Kubernetes Service
Azure Kubernetes Service
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
2,447 questions
Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 47,466 Reputation points Microsoft Employee Moderator
    2021-04-27T11:39:40.137+00:00

    @AIM Technical Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
    Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.

    Service principal is used for interacting with Azure APIs, this is required by AKS. Refer to this article How setup the PVC with Azure File share and there is no option to use the SP there, The SP is used for internal authentication by the cluster. PV would not require additional SP while setting up.

    Kindly let us know if you still have more questions on this. I wish to engage with you offline for a closer look.

    Hope this helps!

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

  2. Sumarigo-MSFT 47,466 Reputation points Microsoft Employee Moderator
    2021-05-04T15:55:42.98+00:00

    @AIM Technical This option is not available for now, The feature is currently in Public Preview but from K8s v1.21+ CSI drivers will become default
    https://github.com/kubernetes-sigs/azurefile-csi-driver/blob/master/deploy/example/e2e_usage.md#azurefile-static-provisioninguse-an-existing-azure-file-share

    The new CSI based drivers use MSI/SP.

    kubernetes-sigs/azurefile-csi-driver: Azure File CSI Driver (github.com)

    Enable Container Storage Interface (CSI) drivers on Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn
    Use Container Storage Interface (CSI) drivers for Azure Files on Azure Kubernetes Service (AKS) - Azure Kubernetes Service | Microsoft Learn

    This will make use of the cluster's SP/managed Identity. Recommended ways to enable CSI drivers: https://learn.microsoft.com/en-us/azure/aks/csi-storage-drivers

    If you wish you can leave your Feedback here. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    Kindly let us know if you still have more questions on this. I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you. Once again, apologies for any inconvenience with this issue.
    Thanks for your patience and co-operation.

    Hope this helps!

    ------------------------------------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.