Skip to content

Commit 25550be

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #259461 from CocoWang-wql/patch-50
Update csi-secrets-store-driver.md
2 parents 5e97321 + 4383fc7 commit 25550be

1 file changed

Lines changed: 7 additions & 1 deletion

File tree

articles/aks/csi-secrets-store-driver.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: Learn how to use the Azure Key Vault provider for Secrets Store CSI
44
author: nickomang
55
ms.author: nickoman
66
ms.topic: how-to
7-
ms.date: 10/19/2023
7+
ms.date: 12/06/2023
88
ms.custom: template-how-to, devx-track-azurecli, devx-track-linux
99
---
1010

@@ -68,6 +68,9 @@ A container using *subPath volume mount* doesn't receive secret updates when it'
6868
}
6969
```
7070
71+
> [!NOTE]
72+
> After you enable this feature, AKS creates a managed `identity named azurekeyvaultsecretsprovider-xxx` in the node resource group and assigns it to the Virtual Machine Scale Sets (VMSS) automatically. You can use this managed identity or your own managed identity to access the key vault. It's not supported to prevent creation of the identity.
73+
7174
## Upgrade an existing AKS cluster with Azure Key Vault provider for Secrets Store CSI Driver support
7275
7376
* Upgrade an existing AKS cluster with Azure Key Vault provider for Secrets Store CSI Driver capability using the [`az aks enable-addons`][az-aks-enable-addons] command and enable the `azure-keyvault-secrets-provider` add-on. The add-on creates a user-assigned managed identity you can use to authenticate to your key vault.
@@ -76,6 +79,9 @@ A container using *subPath volume mount* doesn't receive secret updates when it'
7679
az aks enable-addons --addons azure-keyvault-secrets-provider --name myAKSCluster --resource-group myResourceGroup
7780
```
7881
82+
> [!NOTE]
83+
> After you enable this feature, AKS creates a managed `identity named azurekeyvaultsecretsprovider-xxx` in the node resource group and assigns it to the Virtual Machine Scale Sets (VMSS) automatically. You can use this managed identity or your own managed identity to access the key vault. It's not supported to prevent creation of the identity.
84+
7985
## Verify the Azure Key Vault provider for Secrets Store CSI Driver installation
8086
8187
1. Verify the installation is finished using the `kubectl get pods` command, which lists all pods with the `secrets-store-csi-driver` and `secrets-store-provider-azure` labels in the kube-system namespace.

0 commit comments

Comments
 (0)