Azure file CSI driver currently is deployed with kubeconfig of cluster in which it is running.

We believe we are creating storage accounts for each PVC user creates and then driver has global permissions to create/delete secrets in ANY namespace.

For various reasons - this is obviously non-ideal. Creation of Azure storage accounts for each PVC is also non-ideal.

As part of this Spike, we should evaluate what the Azure file CSI driver is actually doing. Is kubeconfig really necessary?

Is driver creating storage accounts all the time for new PVCs.

Based on outcome of above investigation. - we should update our operator to only run with minimum required permissions while it should still be possible to support creation of azure accounts etc, if necessary.