Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Won't Do
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.13
Component/s: Storage
Labels:
- azure
- bug
- csi
- file

Severity:
Moderate
Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:

Having OpenShift Container Platform 4 deployed on Microsoft Azure, following https://docs.openshift.com/container-platform/4.13/installing/installing_azure/installing-azure-default.html#installing-azure-default, we can see that Azure-File CSI driver creating a new Storage Account when PersistentVolumeClaims are created in waves and the default Storage Account have a Private Endpoint configured (see https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints).

I1212 12:45:34.387476       1 azure_storageaccount.go:292] azure - no matching account found, begin to create a new account fee0f053a2c3545b09a26aa in resource group foosand-s7mtw-rg, location: eastus, accountType: Standard_LRS, accountKind: StorageV2, tags: map[k8s-azure-created-by:azure]
I1212 12:45:34.387493       1 azure_storageaccount.go:317] set AllowBlobPublicAccess(false) for storage account(fee0f053a2c3545b09a26aa)

Above is the effect reported by azure-file-csi-driver-controller but it's not clear why no matching Storage Account can be found as those were not modified except for the Private Endpoint that was added.

Version-Release number of selected component (if applicable):

OpenShift Container Platform 4.13 (but likely other version as well)

How reproducible:

Always

Steps to Reproduce:

1. Install OpenShift Container Platform 4 following https://docs.openshift.com/container-platform/4.13/installing/installing_azure/installing-azure-default.html#installing-azure-default on Microsoft Azure
2. Deploy Private Endpoint for the two Storage Account created by default in Microsoft Azure (see https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints). There is one Storage Account for general Storage objects and one specifically for the OpenShift Container Platform 4 - Image Registry. Both need to have the private endpoint as otherwise the effect is not seen.
3. Deploy https://github.com/sreber84/argo-cd by applying https://github.com/sreber84/argo-cd/blob/main/openshift-gitops/waves.yaml after OpenShift GitOps was deployed on the OpenShift Container Platform 4 - Cluster.
4. Wait for the sync to happen and go check Storage Account on Microsoft Azure level to see whether the PVC have been created.

Actual results:

New Storage Account being created because no matching Storage Account was found.

I1212 12:45:34.387476       1 azure_storageaccount.go:292] azure - no matching account found, begin to create a new account fee0f053a2c3545b09a26aa in resource group foosand-s7mtw-rg, location: eastus, accountType: Standard_LRS, accountKind: StorageV2, tags: map[k8s-azure-created-by:azure]
I1212 12:45:34.387493       1 azure_storageaccount.go:317] set AllowBlobPublicAccess(false) for storage account(fee0f053a2c3545b09a26aa)

Expected results:

No additional Storage Account to be created as we have Storage Account available and they can be used. They simply have a private endpoint configured in addition.

Additional info:

Attachments

Activity

People

Assignee:: Fabio Bertinatto

Reporter:: Simon Reber

QA Contact:: Wei Duan

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023/12/12 1:11 PM

Updated:: 2024/02/22 8:39 AM

Resolved:: 2024/01/29 6:10 PM