Previously I was using the standard way of setting the PV on static azure files, i.e. create storage account and fileshare, create secret using the account name and secret of the storage account, then create the PV as below:
apiVersion: v1
kind: PersistentVolume
metadata:
name: elastic-storage
labels:
usage: elastic-storage
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
mountOptions:
- dir_mode=0777
- file_mode=0777
- uid=1000
- gid=1000
- mfsymlinks
- nobrl
persistentVolumeReclaimPolicy: Retain
azureFile:
secretName: azure-secret
shareName: elasticsearchfile2
readOnly: false
I am now wondering whether I can use service principal instead of the azure secret using storage account name and key to access the azure files.
It's simple to understand. Azure supports the RBAC (role-based access) feature. And it can be used in the storage account. Just like two different users can read the same data in the database because they have enough permission the read. So if the service principal has enough permission for the storage account, then it also can access the storage account.