fix

Author: umagnus

deploy/example/mountstorage/README.md

@@ -15,21 +15,15 @@ You can also use a different managed-identity for different persistent volumes (
 
 - Run `az account set --subscription "mysubscription"` to select the right subscription
 
-- Create a storage account container and upload file, e.g.
+- Create a storage account container, e.g.
     ```bash
     resourcegroup="aks-fuseblob-mi"
     storageaccountname="myaksblob"
     az storage account create -g "$resourcegroup" -n "$storageaccountname" --access-tier Hot  --sku Standard_LRS
     az storage container create -n mycontainer --account-name "$storageaccountname" --public-access off
-    az storage blob upload \
-        --account-name myaksblob \
-        --container-name mycontainer \
-        --name test.htm \
-        --file test.htm \
-        --auth-mode key --account-key "$(az storage account keys list --account-name "$storageaccountname" --query '[0].value' -o tsv)"
     ```
 
-## Using kubelet identity
+## option#1: grant kubelet identity access to storage account
 
 1. Give kubelet identity access to storage account
     ```bash
@@ -44,7 +38,7 @@ You can also use a different managed-identity for different persistent volumes (
     az identity list -g "$resourcegroup" --query "[?name == 'aks-fuseblob-mi-agentpool'].clientId" -o tsv
     ```
 
-## Using a dedicated user-assigned managed identity
+## option#2: grant a dedicated user-assigned managed identity access to storage account
 You can use a dedicated user-assigned managed identity to mount the storage.
 
 1. Create user-assigned managed identity and give access to storage account
@@ -150,22 +144,6 @@ You can use a dedicated user-assigned managed identity to mount the storage.
               persistentVolumeClaim: 
                 claimName:  pvc-blob1
     status: {}
-    
-    ---
-    
-    apiVersion: v1
-    kind: Service
-    metadata:
-      name: nginx-app1
-      labels:
-        run: nginx-app1
-    spec:
-      ports:
-      - port: 80
-        protocol: TCP
-      selector:
-        app: nginx-app1
-      type: LoadBalancer
     ```
 
 1. Apply the yaml files
@@ -262,10 +240,3 @@ You can use a dedicated user-assigned managed identity to mount the storage.
     ```
 
 1. Now you can use the persistent volume claim ``pv-blob2`` in another deployment.
-
-# Security consideration
-You should use at least 2 nodepools (a system and a user node pool) and assign the storage identities just to the user nodepool. Identity needs to be assigned where the pvs are mounted.
-You can use tains to protect the user assigned identity to schedule only authorized pods on the nodepool, that requires the pvs.
-
-
-[install-azure-cli]: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli