-
Create an Azure Key Vault
-
Store
storage account key
orSAS token
assecret
in Azure Key Vault. -
Ensure service principal in cluster has all the required permissions to access content in your Azure key vault instance. If not, run the following commands:
# Assign Reader Role to the service principal for your keyvault aadclientid= keyvaultname= az role assignment create --role Reader --assignee $aadclientid --scope /subscriptions/<subscriptionid>/resourcegroups/<resourcegroup>/providers/Microsoft.KeyVault/vaults/$keyvaultname az keyvault set-policy -n $keyvaultname --key-permissions get --spn $aadclientid az keyvault set-policy -n $keyvaultname --secret-permissions get --spn $aadclientid az keyvault set-policy -n $keyvaultname --certificate-permissions get --spn $aadclientid
Please refer to install Azure Blob Storage CSI driver
- Download a
pv-blobfuse-csi-keyvault.yaml
, editkeyVaultURL
,keyVaultSecretName
,containerName
in PV
keyVaultSecretVersion
is the optional parameter. If not specified, it will be current version.
wget https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/pv-blobfuse-csi-keyvault.yaml
vi pv-blobfuse-csi-keyvault.yaml
kubectl apply -f pv-blobfuse-csi-keyvault.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/pvc-blob-csi-static.yaml