Skip to content

Commit e6cbfaf

Browse files
committed
updates
1 parent b69100d commit e6cbfaf

File tree

1 file changed

+6
-3
lines changed

1 file changed

+6
-3
lines changed

articles/aks/azure-disk-customer-managed-keys.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,10 @@ az role assignment create --assignee $desIdentity --role Reader --scope $keyVaul
9494

9595
## Create a new AKS cluster and encrypt the OS disk
9696

97-
Create a new resource group and AKS cluster, then use your key to encrypt the OS disk. Customer-managed keys are only supported in kubernetes versions greater than 1.17.
97+
Create a **new resource group** and AKS cluster, then use your key to encrypt the OS disk. Customer-managed keys are only supported in kubernetes versions greater than 1.17.
98+
99+
> [!IMPORTANT]
100+
> Ensure you create a new resoruce group for your AKS cluster
98101
99102
```azurecli-interactive
100103
# Retrieve the DiskEncryptionSet value and set a variable
@@ -140,11 +143,11 @@ someuser@Azure:~$ az account list
140143
]
141144
```
142145

143-
Create a file called **byok-azure-disk.yaml** that contains the following information. Replace myAzureSubscriptionId, myResourceGroup, and myDiskEncrptionSetName with your values, and apply the yaml.
146+
Create a file called **byok-azure-disk.yaml** that contains the following information. Replace myAzureSubscriptionId, myResourceGroup, and myDiskEncrptionSetName with your values, and apply the yaml. Make sure to use the resource group where your DiskEncryptionSet is deployed. If you use the Azure Cloud Shell, this file can be created using vi or nano as if working on a virtual or physical system:
144147

145148
```
146149
kind: StorageClass
147-
apiVersion: storage.k8s.io/v1
150+
apiVersion: storage.k8s.io/v1
148151
metadata:
149152
name: hdd
150153
provisioner: kubernetes.io/azure-disk

0 commit comments

Comments
 (0)