Update workload-identity-static-pv-mount.md

kubernetes-sigs · Jan 8, 2024 · d28d57b · d28d57b
1 parent 6dc3983
commit d28d57b
Showing 1 changed file with 2 additions and 45 deletions.
diff --git a/docs/workload-identity-static-pv-mount.md b/docs/workload-identity-static-pv-mount.md
@@ -1,10 +1,6 @@
-# Example of static PV mount with workload identity
-
+# workload identity support on static provisioning
  - supported from v1.23.3
-
-## prerequisites
-
-
+## Prerequisites
 ### 1. Create a cluster with oidc-issuer enabled and get the credential
 
 Following the [documentation](https://learn.microsoft.com/en-us/azure/aks/use-oidc-issuer#create-an-aks-cluster-with-oidc-issuer) to create an AKS cluster with the `--enable-oidc-issuer` parameter and get the AKS credentials. And export following environment variables:
@@ -14,9 +10,7 @@ export CLUSTER_NAME=<your cluster name>
 export REGION=<your region>
 ```
 
-
 ### 2. Create a new storage account and container
-
 Following the [documentation](https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-cli) to create a new storage account and container or use your own. And export following environment variables:
 ```
 export STORAGE_RESOURCE_GROUP=<your storage account resource group>
@@ -63,7 +57,6 @@ az identity federated-credential create --name $FEDERATED_IDENTITY_NAME \
 --subject system:serviceaccount:${SERVICE_ACCOUNT_NAMESPACE}:${SERVICE_ACCOUNT_NAME}
 ```
 
-## option#1: static provision with PV
 ```
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
@@ -139,39 +132,3 @@ spec:
             storage: 10Gi
 EOF
 ```
-
-## option#2: Pod with ephemeral inline volume
-```
-cat <<EOF | kubectl apply -f -
-kind: Pod
-apiVersion: v1
-metadata:
-  name: nginx-blobfuse-inline-volume
-spec:
-  serviceAccountName: $SERVICE_ACCOUNT_NAME  #required, Pod does not use this service account has no permission to mount the volume
-  nodeSelector:
-    "kubernetes.io/os": linux
-  containers:
-    - image: mcr.microsoft.com/oss/nginx/nginx:1.19.5
-      name: nginx-blobfuse
-      command:
-        - "/bin/bash"
-        - "-c"
-        - set -euo pipefail; while true; do echo $(date) >> /mnt/blobfuse/outfile; sleep 1; done
-      volumeMounts:
-        - name: persistent-storage
-          mountPath: "/mnt/blobfuse"
-          readOnly: false
-  volumes:
-    - name: persistent-storage
-      csi:
-        driver: blob.csi.azure.com
-        volumeAttributes:
-          storageaccount: $ACCOUNT # required
-          containerName: $CONTAINER  # required
-          clientID: $USER_ASSIGNED_CLIENT_ID # required
-          resourcegroup: $STORAGE_RESOURCE_GROUP # optional, specified when the storage account is not under AKS node resource group(which is prefixed with "MC_")
-          # tenantID: $IDENTITY_TENANT  # optional, only specified when workload identity and AKS cluster are in different tenant
-          # subscriptionid: $SUBSCRIPTION # optional, only specified when workload identity and AKS cluster are in different subscription
-EOF
-```