Closed JuneZhao closed 4 years ago
aramase
commented
4 years ago @JuneZhao Are you using VM based AKS cluster? This is supported with VM based AKS cluster too.
The version v0.0.15 refers to the keyvault-flexvolume release - https://github.com/Azure/kubernetes-keyvault-flexvol/blob/master/deployment/kv-flexvol-installer.yaml#L27
JuneZhao
commented
4 years ago @aramase Thank you for the notification, is the process same as VMSS based cluster if we want to use managed identity for key vault?
aramase
commented
4 years ago @JuneZhao That's right. One thing to note though, while assigning identity to the VMSS using az vmss identity assign, the identity will be assigned on the vmss and will be available for all instances in the vmss. In case of VM, you'll need to assign the identity to each VM individually az vm identity assign. This needs to be done to ensure no matter which node the pod lands on, the keyvault-flexvolume on that node can access use the underlying MSI to authenticate.
aramase
commented
4 years ago Closing this issue. Please feel free to reopen if you have any more questions.
Describe the request
I want to know whether VM based AKS cluster was supported if using managed identity or not I dont find similar topic in the doc
In the section of below part, what version does this refer to?
OPTION 4: VMSS System Assigned Managed Identity [New in version >= v0.0.15]
OPTION 3: VMSS User Assigned Managed Identity [New in version >= v0.0.15]