doc: add msi auth doc

andyzhangx · andyzhangx · commit 64966a378253 · 2020-08-22T01:19:38.000Z
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
diff --git a/deploy/example/storageclass-blobfuse-msi.yaml b/deploy/example/storageclass-blobfuse-msi.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: blob
+provisioner: blob.csi.azure.com
+parameters:
+  resourceGroup: EXISTING_RESOURCE_GROUP
+  storageAccount: EXISTING_STORAGE_ACCOUNT
+  containerName: EXISTING_CONTAINER_NAME
+  # refer to https://github.com/Azure/azure-storage-fuse#environment-variables
+  AzureStorageIdentityClientID:
+  AzureStorageIdentityObjectID:
+  AzureStorageIdentityResourceID:
+  MSIEndpoint:
+  AzureStorageSPNClientID:
+  AzureStorageSPNTenantID:
+  AzureStorageAADEndpoint:
+volumeBindingMode: Immediate
+mountOptions:
+  - -o allow_other
+  - --file-cache-timeout-in-seconds=120
diff --git a/docs/csi-dev.md b/docs/csi-dev.md
@@ -116,8 +116,10 @@ helm repo index charts --url=https://raw.githubusercontent.com/kubernetes-sigs/b
 ```
 FROM us.gcr.io/k8s-artifacts-prod/build-image/debian-base-amd64:v2.1.0
 RUN apt-get update && clean-install ca-certificates pkg-config libfuse-dev cmake libcurl4-gnutls-dev libgnutls28-dev uuid-dev libgcrypt20-dev wget
-# this is a workaround to install nfs-common and don't quit with error
-RUN apt update && apt install udev util-linux mount nfs-common -y || true
+RUN wget -O /tmp/packages-microsoft-prod.deb https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb && dpkg -i /tmp/packages-microsoft-prod.deb && apt-get update && apt install blobfuse fuse -y && rm -f /tmp/packages-microsoft-prod.deb
+RUN apt remove wget -y
+# this is a workaround to install nfs-common & nfs-kernel-server and don't quit with error
+RUN apt update && apt install nfs-common nfs-kernel-server -y || true
 LABEL maintainers="andyzhangx"
 LABEL description="Azure Blob Storage CSI driver"
 ```
diff --git a/docs/driver-parameters.md b/docs/driver-parameters.md
@@ -2,11 +2,13 @@
  > parameter names are case-insensitive
 
 ### Dynamic Provisioning
-  > get a [blobfuse example](../deploy/example/storageclass-blobfuse.yaml)
+  > [blobfuse example](../deploy/example/storageclass-blobfuse.yaml)
  
-  > get a `mountOptions` [example](../deploy/example/storageclass-blobfuse-mountoptions.yaml)
+  > [blobfuse mountOptions example](../deploy/example/storageclass-blobfuse-mountoptions.yaml)
 
-  > get a [nfs example](../deploy/example/storageclass-blob-nfs.yaml)
+  > [blobfuse Managed Identity and Service Principal Name auth example](../deploy/example/storageclass-blobfuse-msi.yaml)
+
+  > [nfs example](../deploy/example/storageclass-blob-nfs.yaml)
 
 Name | Meaning | Example | Mandatory | Default value
 --- | --- | --- | --- | ---
@@ -24,9 +26,9 @@ tags | [tags](https://docs.microsoft.com/en-us/azure/azure-resource-manager/mana
 Blobfuse driver does not honor `fsGroup` securityContext setting, instead user could use `-o gid=1000` in `mountoptions` to set ownership, check [here](https://github.com/Azure/Azure-storage-fuse#mount-options) for more mountoptions.
 
 ### Static Provisioning(bring your own storage container)
-  > get an [example](../deploy/example/pv-blobfuse-csi.yaml)
-  >
-  > get a key vault [example](../deploy/example/keyvault/pv-blobfuse-csi-keyvault.yaml)
+  > [blobfuse example](../deploy/example/pv-blobfuse-csi.yaml)
+
+  > [blobfuse key vault example](../deploy/example/keyvault/pv-blobfuse-csi-keyvault.yaml)
 
 Name | Meaning | Available Value | Mandatory | Default value
 --- | --- | --- | --- | ---
