Skip to content

Commit b69100d

Browse files
committed
tweaks
1 parent ec10c8c commit b69100d

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

articles/aks/azure-disk-customer-managed-keys.md

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -104,16 +104,17 @@ diskEncryptionSetId=$(az resource show -n diskEncryptionSetName -g myResourceGro
104104
az group create -n myResourceGroup -l myAzureRegionName
105105
106106
# Create the AKS cluster
107-
az aks create -n myAKSCluster -g myResourceGroup --node-osdisk-diskencryptionset-id $diskEncryptionSetId --kubernetes-version 1.17.0
107+
az aks create -n myAKSCluster -g myResourceGroup --node-osdisk-diskencryptionset-id $diskEncryptionSetId --kubernetes-version 1.17.0 --generate-ssh-keys
108108
```
109109

110110
When new node pools are added to the cluster created above, the customer-managed key provided during the create is used to encrypt the OS disk.
111111

112112
## Encrypt your AKS cluster data disk
113113

114-
You can also encrypt the AKS data disks with your own keys. Replace myResourceGroup and myDiskEncryptionSetName with your real values, and apply the yaml.
114+
You can also encrypt the AKS data disks with your own keys.
115115

116-
Ensure you have the proper AKS credentials. The Service principal will need to have contributor access to the resource group where the diskencryptionset is present. Otherwise, you will get an error suggesting that the service principal does not have permissions.
116+
> [!IMPORTANT]
117+
> Ensure you have the proper AKS credentials. The Service principal will need to have contributor access to the resource group where the diskencryptionset is deployed. Otherwise, you will get an error suggesting that the service principal does not have permissions.
117118
118119
```azurecli-interactive
119120
# Retrieve your Azure Subscription Id from id property as shown below
@@ -139,7 +140,7 @@ someuser@Azure:~$ az account list
139140
]
140141
```
141142

142-
Create a file called **byok-azure-disk.yaml** that contains the following information. Replace myAzureSubscriptionId, myResourceGroup, and myDiskEncrptionSetName with your values.
143+
Create a file called **byok-azure-disk.yaml** that contains the following information. Replace myAzureSubscriptionId, myResourceGroup, and myDiskEncrptionSetName with your values, and apply the yaml.
143144

144145
```
145146
kind: StorageClass

0 commit comments

Comments
 (0)