From e312ee8d7804416427ba850faac5b748f0ec8406 Mon Sep 17 00:00:00 2001 From: Steven Presti Date: Wed, 5 Feb 2025 14:15:14 -0500 Subject: [PATCH] operator-notes: add section for azure blob access fixes:#2011 --- docs/operator-notes.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/operator-notes.md b/docs/operator-notes.md index 94318ed01..d6989e61b 100644 --- a/docs/operator-notes.md +++ b/docs/operator-notes.md @@ -30,6 +30,12 @@ Ignition has built-in support for fetching resources from the Amazon Simple Stor Append `?versionId=` to any of the URL formats to fetch the specified object version. +## Azure Blob access + +Ignition supports fetching resources from Azure Blob Storage. The URL format for Azure Blob Storage is `https://.blob.core.windows.net//`. Ignition will recognize this format and attempt to authenticate using the [default Azure credential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential) to fetch the resource via the [Azure Blob Storage API](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/storage/azblob#section-readme). + +If the Azure storage blob is public, the resource can be fetched anonymously by falling back on HTTPFetch. For private storage blobs, the resource can only be fetched if valid credentials are available, if unable to authenticate the file will not be fetched, resulting in a 404 error. To configure the credentials, ensure the environment has credentials with the necessary permissions to access the storage account and storage blob. One approach is to configure a managed identity with contributor access to the storage account and assign it to the VM during creation. + ## HTTP headers When fetching data from an HTTP URL for config references, CA references and file contents, additional headers can be attached to the request using the `httpHeaders` attribute. This allows downloading data from servers that require authentication or some additional parameters from your request.