From d2fc2d311fbba11a603ac6013a1910bd0a18265b Mon Sep 17 00:00:00 2001 From: Andy Zhang Date: Sat, 12 Oct 2024 09:57:56 +0800 Subject: [PATCH] Update README.md --- deploy/example/blobfuse-mi/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/example/blobfuse-mi/README.md b/deploy/example/blobfuse-mi/README.md index 92963d9d4..6c57ab784 100644 --- a/deploy/example/blobfuse-mi/README.md +++ b/deploy/example/blobfuse-mi/README.md @@ -4,13 +4,13 @@ This article demonstrates the process of utilizing blobfuse mount with either a > make sure the managed identity used by CSI driver is bound to the agent node pool. ## Before you begin - - Make sure the managed identity has `Storage Blob Data Owner` role to the storage account - > here is an example that uses Azure CLI commands to assign the `Storage Blob Data Owner` role to the managed identity for the storage account. If the storage account is created by the driver(dynamic provisioning), then you need to grant `Storage Blob Data Owner` role to the resource group where the storage account is located + - Make sure the managed identity has `Storage Blob Data Contributor` role to the storage account + > here is an example that uses Azure CLI commands to assign the `Storage Blob Data Contributor` role to the managed identity for the storage account. If the storage account is created by the driver(dynamic provisioning), then you need to grant `Storage Blob Data Contributor` role to the resource group where the storage account is located ```bash mid="$(az identity list -g "$resourcegroup" --query "[?name == 'managedIdentityName'].principalId" -o tsv)" said="$(az storage account list -g "$resourcegroup" --query "[?name == '$storageaccountname'].id" -o tsv)" -az role assignment create --assignee-object-id "$mid" --role "Storage Blob Data Owner" --scope "$said" +az role assignment create --assignee-object-id "$mid" --role "Storage Blob Data Contributor" --scope "$said" ``` - Retrieve the clientID for `AzureStorageIdentityClientID`. If you are using kubelet identity, the identity will be named {aks-cluster-name}-agentpool and located in the node resource group.