Use Service Principal to provision static Azure Files for Persistent Volume
Question
Previously I was using the standard way of setting the PV on static azure files, ie create storage account and fileshare, create secret using the account name and secret of the storage account, then create the PV as below:
apiVersion: v1
kind: PersistentVolume
metadata:
name: elastic-storage
labels:
usage: elastic-storage
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
mountOptions:
- dir_mode=0777
- file_mode=0777
- uid=1000
- gid=1000
- mfsymlinks
- nobrl
persistentVolumeReclaimPolicy: Retain
azureFile:
secretName: azure-secret
shareName: elasticsearchfile2
readOnly: false
I am now wondering whether I can use service principal instead of the azure secret using storage account name and key to access the azure files.
1 answers
solution1
0 ACCPTED 2021-03-18 08:24:29
It's simple to understand. Azure supports the RBAC (role-based access) feature. And it can be used in the storage account. Just like two different users can read the same data in the database because they have enough permission the read. So if the service principal has enough permission for the storage account, then it also can access the storage account.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.