Steps to be Performed by Customer Account

Step 1: Create a User-Assigned Managed Identity

  1. Navigate to the Azure Portal.

  2. Search for Managed Identities and select it.

  3. Click + Create

  4. Choose your Subscription and Resource Group.

  5. Enter a Name (e.g., customer).

  6. Select the Region.

  7. Click Review + Create, then Create.

Step 2: Add Federated Credentials

  1. Open the newly created Managed Identity.

  1. In the left menu, click Federated credentials.

  2. Click + Add credential.

  3. In Federated credential scenario, select Kubernetes accessing Azure resources.

  4. Enter the following details:

    • Cluster Issuer URL: (based on your AKS cluster configuration)

    • Namespace: <namespace>

    • Service Account: <service-account>

  5. Click Add.

Step 3: Assign Role-Based Access Control (RBAC) Permissions

  1. Open the Managed Identity.

  2. In the left menu, click Access control (IAM).

  3. Click + Add role assignment.

  4. Assign the following role(s):

    • Storage Blob Data Reader (read-only access)

  5. Click Next, then select Managed Identity as the principal type.

  6. Search for your identity (e.g., customer) and select it.

  7. Click Review + Assign.

Step 4: Retrieve Identity Information

  1. Open the Managed Identity.

  2. From the Overview page, note down:

    • Client ID

    • Principal ID

  3. These values will be used by e6data in Kubernetes and Azure services for secure authentication.

Step 5: Deploy in Serverless Account

After configuring the Managed Identity and role assignments, you can now deploy a Kubernetes pod in the Serverless Account to access storage in the Customer Account.

Note: All these steps can also be performed via an ARM template.

PreviousConfigure Azure Storage Access for Serverless Compute (Azure)NextFAQ's and Troubleshooting

Last updated