Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-1769

Test and recommend appropriate kubeconfig configuration for azure file CSI driver

    XMLWordPrintable

Details

    • False
    • None
    • False

    Description

      Azure file CSI driver currently is deployed with kubeconfig of cluster in which it is running.

      We believe we are creating storage accounts for each PVC user creates and then driver has global permissions to create/delete secrets in ANY namespace.

      For various reasons - this is obviously non-ideal. Creation of Azure storage accounts for each PVC is also non-ideal.

      As part of this Spike, we should evaluate what the Azure file CSI driver is actually doing. Is kubeconfig really necessary?

      Is driver creating storage accounts all the time for new PVCs.

      Based on outcome of above investigation. - we should update our operator to only run with minimum required permissions while it should still be possible to support creation of azure accounts etc, if necessary.

      Attachments

        Activity

          People

            Unassigned Unassigned
            hekumar@redhat.com Hemant Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: