OSDOCS-13459#Add cross-subscription support for Azure File #92108
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci
bot
added
the
size/L
|
🤖 Fri Apr 11 18:11:52 - Prow CI generated the docs preview: |
lpettyjo
added
branch/enterprise-4.19
peer-review-needed
modules/persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure.adoc
Show resolved
Hide resolved
|
@lpettyjo: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
mburke5678
added
the
peer-review-in-progress
mburke5678
reviewed
Apr 11, 2025
...s/persistent-storage-csi-azure-file-cross-sub-dynamic-pre-provisioning-pv-pvc-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
...s/persistent-storage-csi-azure-file-cross-sub-dynamic-pre-provisioning-pv-pvc-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
...s/persistent-storage-csi-azure-file-cross-sub-dynamic-pre-provisioning-pv-pvc-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
modules/persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
modules/persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
modules/persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
modules/persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
| $ az identity list --query "[?clientId=='${mi_id}'].{Name:name}" --output tsv | ||
| ==== | ||
|
|
||
| . Obtain the Azure identity (service principal or managed identity) permission to access the resource group in another subscription where you want to provision the Azure File share: |
There was a problem hiding this comment.
Do we need (service principal or managed identity) here, as it is in the prereqs?
Suggested change
| . Obtain the Azure identity (service principal or managed identity) permission to access the resource group in another subscription where you want to provision the Azure File share: | |
| . Record the Azure identity by running the following applicable commands. The Azure identity is needed in the next step: |
mburke5678
reviewed
Apr 11, 2025
modules/persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure.adoc
Show resolved
Hide resolved
mburke5678
reviewed
Apr 11, 2025
|
|
||
| .. On the *Role* tab, choose the contributor role to assign, and then click *Next*. You can also create and choose your own role with required permission. | ||
|
|
||
| .. On the *Members* tab, choose an assignee by selecting the type of assignee: “User, group, or service principal” (Or “Managed identity”), click *Select members*, search for and then select the desired service principal or managed identity, and then click *Select* to confirm. |
There was a problem hiding this comment.
Substeps?
Suggested change
| .. On the *Members* tab, choose an assignee by selecting the type of assignee: “User, group, or service principal” (Or “Managed identity”), click *Select members*, search for and then select the desired service principal or managed identity, and then click *Select* to confirm. | |
| .. On the *Members* tab: | |
| ... Choose an assignee by selecting the type of assignee: “User, group, or service principal” (Or “Managed identity”). | |
| ... Click *Select members*. | |
| ... Search for and then select the desired service principal or managed identity. | |
| ... Click *Select* to confirm. |
There was a problem hiding this comment.
Not sure what this means; maybe it is clearer in the UI
“User, group, or service principal” (Or “Managed identity”)
Maybe??
Suggested change
| .. On the *Members* tab, choose an assignee by selecting the type of assignee: “User, group, or service principal” (Or “Managed identity”), click *Select members*, search for and then select the desired service principal or managed identity, and then click *Select* to confirm. | |
| .. On the *Members* tab, choose an assignee by selecting the type of assignee: "User, group, or service principal" or "User, group, or Managed identity", click *Select members*, search for and then select the desired service principal or managed identity, and then click *Select* to confirm. |
There was a problem hiding this comment.
Also, should this be in mark up as UI elements?
Suggested change
| .. On the *Members* tab, choose an assignee by selecting the type of assignee: “User, group, or service principal” (Or “Managed identity”), click *Select members*, search for and then select the desired service principal or managed identity, and then click *Select* to confirm. | |
| .. On the *Members* tab, choose an assignee by selecting the type of assignee: *User, group, or service principal* (Or *Managed identity*), click *Select members*, search for and then select the desired service principal or managed identity, and then click *Select* to confirm. |
mburke5678
reviewed
Apr 11, 2025
| + | ||
| [NOTE] | ||
| ==== | ||
| If you just want to use a specific storage account to provision the Azure File share, you can also obtain the Azure identity (service principal or managed identity) permission to access the storage account only with the similar steps. |
There was a problem hiding this comment.
Per ISG: Do not use just to mean only; use only instead. (Or nothing!).
I guessed on the phrasing at the end. It seemed to read only with the similar steps, rather than the storage account only, which I think is the case.
Suggested change
| If you just want to use a specific storage account to provision the Azure File share, you can also obtain the Azure identity (service principal or managed identity) permission to access the storage account only with the similar steps. | |
| If you want to use a specific storage account to provision the Azure File share, you can also obtain the Azure identity (service principal or managed identity) permission to access only the storage account by using similar steps. |
mburke5678
reviewed
Apr 11, 2025
| If you just want to use a specific storage account to provision the Azure File share, you can also obtain the Azure identity (service principal or managed identity) permission to access the storage account only with the similar steps. | ||
| ==== | ||
|
|
||
| . Create an Azure File storage class using a similar configuration to the following: |
There was a problem hiding this comment.
Suggested change
| . Create an Azure File storage class using a similar configuration to the following: | |
| . Create an Azure File storage class by using a similar configuration to the following: |
mburke5678
reviewed
Apr 11, 2025
Comment on lines
+85
to
+86
| <4> Storage account name, if you want to specify your own | ||
| <5> Name of the SKU type |
There was a problem hiding this comment.
To be consistent?
Suggested change
| <4> Storage account name, if you want to specify your own | |
| <5> Name of the SKU type | |
| <4> The storage account name, if you want to specify your own | |
| <5> The name of the SKU type |
mburke5678
reviewed
Apr 11, 2025
| <4> Storage account name, if you want to specify your own | ||
| <5> Name of the SKU type | ||
|
|
||
| . Create a persistent volume claim (PVC) specifying the Azure File storage class that you created in the previous step using a similar configuration to the following: |
There was a problem hiding this comment.
Maybe a little clearer?
Suggested change
| . Create a persistent volume claim (PVC) specifying the Azure File storage class that you created in the previous step using a similar configuration to the following: | |
| . Create a persistent volume claim (PVC) that specifies the Azure File storage class you created in the previous step by using a similar configuration to the following: |
mburke5678
reviewed
Apr 11, 2025
Comment on lines
+105
to
+106
| <1> `<pvc-name>` is the name of the PVC. | ||
| <2> `<sc-name-cross-sub>` is the name of the storage class that you created in the previous step. |
There was a problem hiding this comment.
Do we need the variables in the call-outs?
Suggested change
| <1> `<pvc-name>` is the name of the PVC. | |
| <2> `<sc-name-cross-sub>` is the name of the storage class that you created in the previous step. | |
| <1> The name of the PVC. | |
| <2> The name of the storage class that you created in the previous step. |
mburke5678
reviewed
Apr 11, 2025
| [id="persistent-storage-csi-azure-file-cross-sub-overview_{context}"] | ||
| = Azure File cross-subscription support | ||
|
|
||
| Cross-subscription support allows you to have an {product-title} cluster in one Azure subscription and mount your Azure file share in another Azure subscription using the Azure File Container Storage Interface (CSI) driver. |
There was a problem hiding this comment.
??
Suggested change
| Cross-subscription support allows you to have an {product-title} cluster in one Azure subscription and mount your Azure file share in another Azure subscription using the Azure File Container Storage Interface (CSI) driver. | |
| Cross-subscription support allows you to have an {product-title} cluster in one Azure subscription and mount your Azure file share in another Azure subscription by using the Azure File Container Storage Interface (CSI) driver. |
mburke5678
reviewed
Apr 11, 2025
Comment on lines
+23
to
+28
| [source,terminal] | ||
| ==== | ||
| $ sp_id=$(oc -n openshift-cluster-csi-drivers get secret azure-file-credentials -o jsonpath='{.data.azure_client_id}' | base64 --decode) | ||
|
|
||
| $ az ad sp show --id ${sp_id} --query displayName --output tsv | ||
| ==== |
There was a problem hiding this comment.
Suggested change
| [source,terminal] | |
| ==== | |
| $ sp_id=$(oc -n openshift-cluster-csi-drivers get secret azure-file-credentials -o jsonpath='{.data.azure_client_id}' | base64 --decode) | |
| $ az ad sp show --id ${sp_id} --query displayName --output tsv | |
| ==== | |
| [source,terminal] | |
| ---- | |
| $ sp_id=$(oc -n openshift-cluster-csi-drivers get secret azure-file-credentials -o jsonpath='{.data.azure_client_id}' | base64 --decode) | |
| $ az ad sp show --id ${sp_id} --query displayName --output tsv | |
| ---- |
mburke5678
reviewed
Apr 11, 2025
Comment on lines
+32
to
+37
| [source,terminal] | ||
| ==== | ||
| $ mi_id=$(oc -n openshift-cluster-csi-drivers get secret azure-file-credentials -o jsonpath='{.data.azure_client_id}' | base64 --decode) | ||
|
|
||
| $ az identity list --query "[?clientId=='${mi_id}'].{Name:name}" --output tsv | ||
| ==== |
There was a problem hiding this comment.
Suggested change
| [source,terminal] | |
| ==== | |
| $ mi_id=$(oc -n openshift-cluster-csi-drivers get secret azure-file-credentials -o jsonpath='{.data.azure_client_id}' | base64 --decode) | |
| $ az identity list --query "[?clientId=='${mi_id}'].{Name:name}" --output tsv | |
| ==== | |
| [source,terminal] | |
| ---- | |
| $ mi_id=$(oc -n openshift-cluster-csi-drivers get secret azure-file-credentials -o jsonpath='{.data.azure_client_id}' | base64 --decode) | |
| $ az identity list --query "[?clientId=='${mi_id}'].{Name:name}" --output tsv | |
| ---- |
mburke5678
reviewed
Apr 11, 2025
Comment on lines
+29
to
+30
| .Example PV YAML file | ||
| [source, terminal] |
There was a problem hiding this comment.
Suggested change
| .Example PV YAML file | |
| [source, terminal] | |
| .Example PV YAML file | |
| [source,yaml] |
mburke5678
reviewed
Apr 11, 2025
| . Create a persistent value claim (PVC) specifying the existing Azure File share referenced in Step 1 using a similar configuration to the following: | ||
| + | ||
| .Example PVC YAML file | ||
| [source, yaml] |
There was a problem hiding this comment.
Not sure the space is needed, or does anything.
Suggested change
| [source, yaml] | |
| [source,yaml] |
|
@lpettyjo A few suggestions. Otherwise LGTM |
mburke5678
added
peer-review-done
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Version(s): 4.19+
Issue: https://issues.redhat.com/browse/OSDOCS-13459
Link to docs preview: https://92108--ocpdocs-pr.netlify.app/openshift-enterprise/latest/storage/container_storage_interface/persistent-storage-csi-azure-file.html#persistent-storage-csi-azure-file-cross-sub-overview_persistent-storage-csi-azure-file
QE review:
Additional information:
PTAL: @gcharot @jsafrane @duanwei33