doc

cvvz · Dec 14, 2023 · 7bb959f · 7bb959f
1 parent 2dde59d
commit 7bb959f
Showing 1 changed file with 10 additions and 27 deletions.
diff --git a/docs/workload-identity-static-pv-mount.md b/docs/workload-identity-static-pv-mount.md
@@ -5,58 +5,41 @@
 
 ## prerequisite
 
+
 ### 1. Create a cluster with oidc-issuer enabled and get the credential
+
+Following the [documentation](https://learn.microsoft.com/en-us/azure/aks/use-oidc-issuer#create-an-aks-cluster-with-oidc-issuer) to create an AKS cluster with the `--enable-oidc-issuer` parameter and get the AKS credentials. And export following evironment variables:
 ```
 export RESOURCE_GROUP=<your resource group name>
 export CLUSTER_NAME=<your cluster name>
 export REGION=<your region>
+```
 
-az group create --name $RESOURCE_GROUP --location $REGION
-
-az aks create -n $CLUSTER_NAME -g $RESOURCE_GROUP --enable-oidc-issuer
 
-az aks get-credentials -n $CLUSTER_NAME -g $RESOURCE_GROUP --overwrite-existing
-```
+### 2. Create a storage account and fileshare
 
-### 2. Create a storage account and fileshare (or use your own storage account and fileshare)
+Following the [documentation](https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-portal?tabs=azure-cli) to create a storage account and fileshare or use your own storage account and fileshare. And export following evironment variables:
 ```
 export ACCOUNT=<your storage account name>
-
-az storage account create \
-    --resource-group $RESOURCE_GROUP \
-    --name $ACCOUNT \
-    --location $REGION \
-    --kind StorageV2 \
-    --sku Standard_LRS \
-    --enable-large-file-share \
-    --output none
-
 export SHARE=<your fileshare name>
-
-az storage share-rm create \
-    --resource-group $RESOURCE_GROUP \
-    --storage-account $ACCOUNT \
-    --name $SHARE \
-    --quota 1024 \
-    --enabled-protocols SMB \
-    --output none
 ```
 
 ### 3. Create managed identity and role assignment
 ```
 export UAMI=<your managed identity name>
 az identity create --name $UAMI --resource-group $RESOURCE_GROUP
+
 export USER_ASSIGNED_CLIENT_ID="$(az identity show -g $RESOURCE_GROUP --name $UAMI --query 'clientId' -o tsv)"
 export IDENTITY_TENANT=$(az aks show --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --query identity.tenantId -o tsv)
-
 export ACCOUNT_SCOPE=$(az storage account show --name $ACCOUNT --query id -o tsv)
 az role assignment create --role "Storage Account Contributor" --assignee $USER_ASSIGNED_CLIENT_ID --scope $ACCOUNT_SCOPE
 ```
 
-### 4. Create service account 
+### 4. Create service account on AKS
 ```
 export SERVICE_ACCOUNT_NAME=<your sa name>
 export SERVICE_ACCOUNT_NAMESPACE=<your sa namespace>
+
 cat <<EOF | kubectl apply -f -
 apiVersion: v1
 kind: ServiceAccount
@@ -66,7 +49,7 @@ metadata:
 EOF
 ```
 
-### 5. Create the federated identity credential between the managed identity, service account issuer, and subject using the az identity federated-credential create command.
+### 5. Create the federated identity credential between the managed identity, service account issuer, and subject using the `az identity federated-credential create` command.
 ```
 export FEDERATED_IDENTITY_NAME=<your federated identity name>
 export AKS_OIDC_ISSUER="$(az aks show --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --query "oidcIssuerProfile.issuerUrl" -o tsv)"