You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/workload-identity-static-pv-mount.md
+6-3Lines changed: 6 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,13 @@
1
-
# workload identity support on static provisioning (Preview)
1
+
# workload identity support on static provisioning
2
2
- supported from v1.24.0 (from AKS 1.29 with `tokenRequests` field support in `CSIDriver`)
3
3
4
4
### Note
5
-
- This feature is in **Preview**
6
5
- This feature is not supported for NFS mount since NFS mount does not need credentials.
7
-
- This feature would retrieve storage account key using federated identity credentials.
6
+
- This feature would retrieve storage account key using federated identity credentials by default.
7
+
- This feature supports mounting with workload identity token only (**Preview**) by configuring the following:
8
+
> limitation: the workload identity token would expire after 24 hours, make sure the blobfuse volume would be remounted by your application before it expires
9
+
- set `mountWithWorkloadIdentityToken: "true"` in parameters of storage class or persistent volume
10
+
- set `Storage Blob Data Contributor` role on the identity
8
11
9
12
## Prerequisites
10
13
### 1. Create a cluster with oidc-issuer enabled and get the credential
0 commit comments