Comments (14)
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
from azurefile-csi-driver.
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
from azurefile-csi-driver.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
from azurefile-csi-driver.
@fejta-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen
.
Mark the issue as fresh with/remove-lifecycle rotten
.Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from azurefile-csi-driver.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
from azurefile-csi-driver.
@fejta-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen
.
Mark the issue as fresh with/remove-lifecycle rotten
.Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from azurefile-csi-driver.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
from azurefile-csi-driver.
@fejta-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen
.
Mark the issue as fresh with/remove-lifecycle rotten
.Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from azurefile-csi-driver.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
from azurefile-csi-driver.
@fejta-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen
.
Mark the issue as fresh with/remove-lifecycle rotten
.Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
from azurefile-csi-driver.
Hi @andyzhangx, do you think the support for podidentity will be feasible ?
I have this kind of architecture : 1 "client" per namespace, , 1 file share / namespace, 1 key vault / namespace
For now I'm using the secret store csi driver to glue everything (shortened version) :
- Create the kv
- Create the file share, store the keys in kv
- Map the kv with podidentity to the secret store csi
- Access the azure file in aks with the secrets retrieved from the secret store csi
With a podidentity support, it would looks like (shortened version 2) :
- Create the file share
- Map the file share with the podidentity
- Access the file share in aks
from azurefile-csi-driver.
@rompom azure file driver could use k8s secret to access file share, it's not necessary depending on pod identity, here is an example: https://github.com/kubernetes-sigs/azurefile-csi-driver/blob/master/deploy/example/storageclass-azurefile-secret.yaml
from azurefile-csi-driver.
@andyzhangx sure, but my idea was more or less to not have to use k8s secrets at all if possible, and the pod identity was a pretty good candidate for this :)
from azurefile-csi-driver.
Agent node still needs account name & key to mount azure file, I think the question here is whether it’s necessary to store account key as a secret, answer is No.
There is parameter storeAccountKey
(“true” by default) defined here , so if you set as false
in storage class, it won’t store account key as a k8s secret, and when there is azure file mount on agent node, it would use node identity to get account key and then mount azure file.
As you could see, there are pros and cons for this feature(storeAccountKey: “false”
), pros is no account key restore as a k8s secret, while cons is that agent node should have read access to the account.
from azurefile-csi-driver.
Related Issues (20)
- Inconsistent File Truncation Behavior on Different Nodes with Azure File Premium PVC in Kubernetes HOT 3
- reduce volume cloning time cost
- Allow the use of the dataplane API with network-restricted storage accounts HOT 5
- Mounting static provisioned PV with `nfsvers` in mount options causes mount to fail HOT 10
- VolumeFailedDelete PV remains after PVC delete HOT 12
- matchTags does not generate new storageAccount HOT 2
- PVC cloning does not work with private endpoints enabled on StorageClass HOT 4
- Connection to storage account with storage account keys disabled doesn't work with workload identity (kerberos auth support) HOT 11
- add feature to disable dns zone creation for private endpoints HOT 3
- [Not working] workload identity support on static provisioning on AKS 1.29 HOT 5
- csi-azurefile-controller pod constantly restarts HOT 4
- Azure file mount failed in AKS having storage account in different subscription HOT 3
- New 1.30 patch release with commits after 2/22/2024 HOT 1
- No helm chart for release v1.30.1
- cifs credentials appear in process table HOT 2
- Frequent controller restarts HOT 6
- remove smb-globalmount when azure file is unmounted on windows node
- PVC fails to be provision HOT 9
- Add update strategy in helm chart
- Move helm chart version to strict SemVer 2 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azurefile-csi-driver.