You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/container-storage/use-container-storage-with-managed-disks.md
+9-5Lines changed: 9 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Configure Azure Container Storage Preview for use with Azure manage
4
4
author: khdownie
5
5
ms.service: azure-container-storage
6
6
ms.topic: how-to
7
-
ms.date: 11/01/2023
7
+
ms.date: 11/03/2023
8
8
ms.author: kendownie
9
9
ms.custom: references_regions
10
10
---
@@ -27,11 +27,13 @@ ms.custom: references_regions
27
27
28
28
## Create a storage pool
29
29
30
-
First, create a storage pool, which is a logical grouping of storage for your Kubernetes cluster, by defining it in a YAML manifest file. Follow these steps to create a storage pool for Azure Disks.
30
+
First, create a storage pool, which is a logical grouping of storage for your Kubernetes cluster, by defining it in a YAML manifest file.
31
31
32
32
> [!IMPORTANT]
33
33
> If you want to use your own keys to encrypt your volumes instead of using Microsoft-managed keys, don't create your storage pool using the steps in this section. Instead, go to [Enable server-side encryption with customer-managed keys](#enable-server-side-encryption-with-customer-managed-keys) and follow the steps there.
34
34
35
+
Follow these steps to create a storage pool for Azure Disks.
36
+
35
37
1. Use your favorite text editor to create a YAML manifest file such as `code acstor-storagepool.yaml`.
36
38
37
39
1. Paste in the following code and save the file. The storage pool **name** value can be whatever you want. For **skuName**, specify the level of performance and redundancy. Acceptable values are Premium_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, PremiumV2_LRS, and StandardSSD_ZRS. For **storage**, specify the amount of storage capacity for the pool in Gi or Ti.
@@ -75,9 +77,11 @@ When the storage pool is created, Azure Container Storage will create a storage
75
77
76
78
If you already created a storage pool or you prefer to use the default Microsoft-managed encryption keys, skip this section and proceed to [Display the available storage classes](#display-the-available-storage-classes).
77
79
78
-
All data in an Azure storage account is encrypted at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys (CMK) to encrypt the persistent volumes that you'll create from an Azure Disk storage pool. To do this, you must have an [Azure Key Vault](../../key-vault/general/overview.md) with a key, and you need to define CMK parameters when creating your storage pool. Learn more about [customer-managed keys on Linux](../../virtual-machines/disk-encryption.md#customer-managed-keys).
80
+
All data in an Azure storage account is encrypted at rest. By default, data is encrypted with Microsoft-managed keys. For more control over encryption keys, you can supply customer-managed keys (CMK) to encrypt the persistent volumes that you'll create from an Azure Disk storage pool.
81
+
82
+
To use your own key, you must have an [Azure Key Vault](../../key-vault/general/overview.md) with a key. The Key Vault should have purge protection enabled, and it must use the Azure RBAC permission model. Learn more about [customer-managed keys on Linux](../../virtual-machines/disk-encryption.md#customer-managed-keys).
79
83
80
-
The required CMK encryption parameters are:
84
+
When creating your storage pool, you must define the CMK parameters. The required CMK encryption parameters are:
81
85
82
86
-**keyVersion** specifies the version of the key to use
83
87
-**keyName** is the name of your key
@@ -88,7 +92,7 @@ Follow these steps to create a storage pool using your own encryption key. All p
88
92
89
93
1. Use your favorite text editor to create a YAML manifest file such as `code acstor-storagepool-cmk.yaml`.
90
94
91
-
1. Paste in the following code, supply the required parameters, and save the file. The storage pool **name** value can be whatever you want. For **skuName**, specify the level of performance and redundancy. Acceptable values are Premium_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, PremiumV2_LRS, and StandardSSD_ZRS. For **storage**, specify the amount of storage capacity for the pool in Gi or Ti. Be sure to supply the encryption parameters.
95
+
1. Paste in the following code, supply the required parameters, and save the file. The storage pool **name** value can be whatever you want. For **skuName**, specify the level of performance and redundancy. Acceptable values are Premium_LRS, Standard_LRS, StandardSSD_LRS, UltraSSD_LRS, Premium_ZRS, PremiumV2_LRS, and StandardSSD_ZRS. For **storage**, specify the amount of storage capacity for the pool in Gi or Ti. Be sure to supply the CMK encryption parameters.
0 commit comments