...
If Authentication and Authorization is set to Microsoft Entra ID authentication with Azure RBAC (AAD is enabled)
No action is required for a dedicated cluster.
For shared cluster, you must have already created namespace and KyvosMI with Azure Kubernetes Service RBAC Admin on the namespace level.
Download kyvos-compute-worker-disk-class.yaml file and execute the kubectl apply –f kyvos-compute-worker-disk-class.yaml command from the user/MI which has Admin privileges on Kubernetes cluster. This is to create storage class. If required, you can update the tags in the file by passing comma-separated values.
...
To configure as a dedicated cluster
Assign Azure Kubernetes Service RBAC Cluster Admin to kyvos MI on Kubernetes .
Assign Virtual Machine Contributor on managed resource group to Kyvos MI.
Storage Blob Data Contributor to Kubernetes Managed Identity on bucket.
To configure as a shared Cluster:
Either namespace should be already created or provide Azure Kubernetes Service RBAC Cluster Admin permission to Kyvos Managed Identity on Kubernetes.
Download kyvos-compute-worker-disk-class.yaml file and execute the kubectl apply –f kyvos-compute-worker-disk-class.yaml command from the user/MI which has Admin privileges on Kubernetes cluster. This is to create storage class. If required, you can update the tags in the file by passing comma-separated values.
If namespace is already created, then Kyvos Managed Identity must have Azure Kubernetes Service RBAC Admin on namespace and Azure Kubernetes Service Cluster User Role on Kubernetes .
Assign Reader on managed resource group to Kyvos Managed Identity.
Storage Blob Data Contributor to Kubernetes Managed Identity on bucket.
...