From 11b4c6741f9fe6157d9d9fb1f7180cb4f9c6b552 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bombo?= <abombo@microsoft.com>
Date: Tue, 1 Oct 2024 15:58:16 -0500
Subject: [PATCH] docs: Add more limitations for AKS-CC storage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Updates our docs to mention a limitation related to securityContext.
I've reproed this locally for local storage, and Azure Disk is most
likely affected too as the transport is the same.

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>
---
 docs/how-to/how-to-enable-storage-in-confidential-pods.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/how-to/how-to-enable-storage-in-confidential-pods.md b/docs/how-to/how-to-enable-storage-in-confidential-pods.md
index c6467ce5a271..54e88d2868da 100644
--- a/docs/how-to/how-to-enable-storage-in-confidential-pods.md
+++ b/docs/how-to/how-to-enable-storage-in-confidential-pods.md
@@ -127,6 +127,8 @@ cc-managed-csi-premium cc.disk.csi.azure.com Delete WaitForFirstConsumer true 35
  * [`volumeMode:
    Block`](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode)
    is not supported.
+ * Specifying `securityContext.runAsUser` or `securityContext.fsGroup`
+   in the pod spec is not supported.
 
 ### Quick testing
 
@@ -388,6 +390,8 @@ cc-local-csi   cc.local.csi.azure.com   Delete          WaitForFirstConsumer   t
  * [`volumeMode:
    Block`](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#volume-mode)
    has not been tested.
+ * Specifying `securityContext.runAsUser` or `securityContext.fsGroup`
+   in the pod spec is not supported.
 
 ### Notes