When csi-driver cannot connect to the Azure Instance Metadata Service (https://learn.microsoft.com/en-us/azure/virtual-machines/instance-metadata-service?tabs=linux), it trys to fall back to reading the zone information from node labels:

W0930 19:29:13.375430       1 nodeserver.go:339] get zone(worker-xyz) failed with: Get "http://169.254.169.254/metadata/instance?api-version=2021-10-01&format=json": dial tcp 169.254.169.254:80: i/o timeout, fall back to get zone from node labels

However, the fall back process also fails due to missing permissions:

E0930 19:29:13.385358       1 main.go:110] "Registration process failed with error, restarting registration container" err="RegisterPlugin error -- plugin registration failed with err: rpc error: code = Internal desc = getNodeInfoFromLabels on node(worker-xyz) failed with get node(worker-xyz) failed with nodes \"worker-xyz\" is forbidden: User \"system:serviceaccount:openshift-cluster-csi-drivers:azure-disk-csi-driver-node-sa\" cannot get resource \"nodes\" in API group \"\" at the cluster scope"

Looking at

https://github.com/openshift/csi-operator/blob/release-4.16/assets/overlays/azure-disk/generated/standalone/privileged_role.yaml

and

https://github.com/kubernetes-sigs/azuredisk-csi-driver/blob/release-1.29/deploy/v1.29.0/rbac-csi-azuredisk-node.yaml

shows that upstream RBAC permissions are missing downstream.

These RBAC permissions are missing downstream since upstream release 1.29.0 / OCP 4.16.

Always when Azure Instance Metadata Service is not reachable.

    1. Block connections to http://169.254.169.254/metadata/instance
    2. Make sure CSINode information have to be created or updated

CSINode information for Azure Disk driver cannot be added

CSINode information for Azure Disk driver can be added