Skip to content

BYO storageaccount docs are not entirely correct #2118

New issue
New issue
Open
Open
BYO storageaccount docs are not entirely correct#2118
Assignees
copilot-swe-agent
Labels
lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.
@davidkarlsen

Description

@davidkarlsen
davidkarlsen
opened on Aug 8, 2025

BYO docs point to doing https://raw.githubusercontent.com/kubernetes-sigs/blob-csi-driver/master/deploy/example/storageclass-blob-secret.yaml

but if you have an existing storageaccount - and you have a private-endpoint for it (so you don't want the controller to create service-endpoint settings), then the correct mix is:

parameters:
  protocol: nfs
  storageAccount: theaccountname
  resourceGroup: theresourcegroup
  networkEndpointType: privateEndpoint <-- this has to be set to avoid the controller to attempt to create serviceendpoints
  # not required - use the cloud creds instead:
  #csi.storage.k8s.io/provisioner-secret-name: azure-secret
  #csi.storage.k8s.io/provisioner-secret-namespace: blob-csi-driver
  #csi.storage.k8s.io/node-stage-secret-name: azure-secret
  #csi.storage.k8s.io/node-stage-secret-namespace: blob-csi-driver

I also noticed that the driver will mount using theaccountname.privatelink.blob.core.windows.net - but as long as you use private DNS it should not be necessary to use the privatelink name, as DNS will handle it via CNAMing.

Metadata

Metadata

Assignees

Labels

lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions