Git Product home page Git Product logo

Comments (14)

fejta-bot avatar fejta-bot commented on June 2, 2024

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

from azurefile-csi-driver.

fejta-bot avatar fejta-bot commented on June 2, 2024

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

from azurefile-csi-driver.

fejta-bot avatar fejta-bot commented on June 2, 2024

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

from azurefile-csi-driver.

k8s-ci-robot avatar k8s-ci-robot commented on June 2, 2024

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

from azurefile-csi-driver.

fejta-bot avatar fejta-bot commented on June 2, 2024

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

from azurefile-csi-driver.

k8s-ci-robot avatar k8s-ci-robot commented on June 2, 2024

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

from azurefile-csi-driver.

fejta-bot avatar fejta-bot commented on June 2, 2024

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

from azurefile-csi-driver.

k8s-ci-robot avatar k8s-ci-robot commented on June 2, 2024

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

from azurefile-csi-driver.

fejta-bot avatar fejta-bot commented on June 2, 2024

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

from azurefile-csi-driver.

k8s-ci-robot avatar k8s-ci-robot commented on June 2, 2024

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

from azurefile-csi-driver.

rompom avatar rompom commented on June 2, 2024

Hi @andyzhangx, do you think the support for podidentity will be feasible ?

I have this kind of architecture : 1 "client" per namespace, , 1 file share / namespace, 1 key vault / namespace

For now I'm using the secret store csi driver to glue everything (shortened version) :

  1. Create the kv
  2. Create the file share, store the keys in kv
  3. Map the kv with podidentity to the secret store csi
  4. Access the azure file in aks with the secrets retrieved from the secret store csi

With a podidentity support, it would looks like (shortened version 2) :

  1. Create the file share
  2. Map the file share with the podidentity
  3. Access the file share in aks

from azurefile-csi-driver.

andyzhangx avatar andyzhangx commented on June 2, 2024

@rompom azure file driver could use k8s secret to access file share, it's not necessary depending on pod identity, here is an example: https://github.com/kubernetes-sigs/azurefile-csi-driver/blob/master/deploy/example/storageclass-azurefile-secret.yaml

from azurefile-csi-driver.

rompom avatar rompom commented on June 2, 2024

@andyzhangx sure, but my idea was more or less to not have to use k8s secrets at all if possible, and the pod identity was a pretty good candidate for this :)

from azurefile-csi-driver.

andyzhangx avatar andyzhangx commented on June 2, 2024

Agent node still needs account name & key to mount azure file, I think the question here is whether it’s necessary to store account key as a secret, answer is No.
There is parameter storeAccountKey(“true” by default) defined here , so if you set as false in storage class, it won’t store account key as a k8s secret, and when there is azure file mount on agent node, it would use node identity to get account key and then mount azure file.

As you could see, there are pros and cons for this feature(storeAccountKey: “false”), pros is no account key restore as a k8s secret, while cons is that agent node should have read access to the account.

from azurefile-csi-driver.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.